Hardware Acceleration for non-SSL based signing and encryption.

Question

I am working on a project that does a large amount of hashing, signing, and both asymmetric and symmetric encryption. Since these steps have a significant effect on our performance and available load, I was wondering if there is a hardware based solution to offloading the work.

I have done some surfing to find out, and the only items I can find are dedicated to SSL based communications. I need a more generic solution that will allow me to speed up signing and encryption regardless of where it occurs.

Is it possible to adapt these SSL based solutions (maybe it's just marketing and it would be easy to re-use elsewhere)? Is there a good generic co-processor that can help out?

I need this on a Windows Server 2008 based box, but I would be interested in solutions on any platform.

Answer 1

I'm not sure how helpful this will be, however I have seen a few papers dealing with using Graphics Hardware to accelerate encryption

Heres a quick google search

Good Luck.

Answer 2

Several companies make cryptography-specific hardware. For example, I recently coded support in an application for a nCipher hardware device which processed AES on the card (and supported many other encryption algorithms). They are not cheap, but they do support a variety of algorithms and modes of operation.

Answer 3

If the algorithms you're working on are standard encryption algorithms like 3DES and AES, there is definitely hardware available. Hifn is the most well known, but Broadcom also has a line of chips from their BlueSteel acquisition a number of years ago. nCipher also has a line of encryption products, though when last I looked at them (years ago) they were much more focussed on their secure key management hardware than the acceleration of block algorithms.

Even cards designed for SSL may be useful to you, though you'll need to get access to the low level details. The biggest win for SSL hardware is an exponentiator and wide multipler unit, both of which are generally accessible independently in the hardware I know of. If you're using asymmetric encryption algorithms, these two units would likely be useful to you as well.

You should also check whether a more efficient software implementation is available. For example, Dan Bernstein and Peter Schwabe published a paper in September 2008 regarding optimization of AES for modern CPUs. The software implementation has been placed in the public domain (i.e. disavow all copyright, use it however you like).

Finally, future AMD (and probably Intel) CPUs will include SSE5, which adds instructions specifically useful for AES. If you can hold out until then, your next server upgrade may provide all the hardware support you need.

Answer 4

The most popular hardware crypto engine is VIA Padlock, included in C3, C7 and later processors. These are low-performance, low-power; but (supposedly) easily outperform a Core2 on crypto algorithms.

Linux kernel 2.6.16 and later include support for RNG, MD5, SHA1/256, SSL, GPG and other standard things. I'm not sure about ssh.

You mention non-SSL, so you might not benefit from existing code, but Via's site has the documentation needed to use it from userspace.

Answer 5

On windows you want to find a device that has an API that supports MSCAPI, CAPING or PKCS#11, The first and last are all very common, MSCAPI however does not support hardware AES/3DES.

nCipher (now Thales) Do several boxes or PCI/PCIe cards that support the above (and support openssl) and also support other platforms inlcuding Linux and Solaris, Safenet do similar hardware too with similar platform support.

If I were starting out I would pick PKCS#11, you then get a good choice of languages to write in including C or java.

If you want to write in C#/.Net then you can use MSCAPI from .Net or you can PInvoke into the PKCS#11 DLL for your hardware.