Cryptonite: a programmable crypto processor architecture for high bandwidth applications

Cryptography was and still is one of the most interesting fields in Computer Science-related research. Where its origin lies in military and governmental use, today cryptography is widely used in everyday life. Cryptography secures communication between smart cards and card readers. It scrambles transmissions between DECT telephones and their base stations, it even entered the living rooms through digital Pay TV channels which use cryptographic methods to make sure that only their subscribers can watch their transmissions – and only what they have payed for. Similarly, each DVD player contains cryptographic techniques which were implemented to prevent unauthorized copying and playback. Also for network infrastructures, company intranets, or the global internet with its shared resources, cryptography is essential to secure transmitted data against snooping. This is especially vital to so called virtual private networks (VPNs), where a (virtually) private network is spanned using shared network resources meaning that although a shared medium is used, the spanned network behaves like a private network in terms of data security and connectivity. Even the underlying physical network infrastructure is hidden. One of the biggest problems with modern cryptography is data throughput. Combined video/audio data as on DVDs or broadcasted via Pay TV stations easily needs – depending on the quality – 2 to 10 MBit/s and more which means that networks carrying this data have to be able to provide at least the same bandwidth: A smaller bandwidth would lead to visible and audible artifacts. Such applications require network devices which are not only capable of transporting the incoming data stream but also encrypt or decrypt them without becoming a bottleneck. For this reason, a number of dedicated hardware solutions exist which support one or more crypto algorithms. Naturally, such solutions do not allow to change the supported algorithms. Change of algorithm automatically means change of hardware; similarly, supporting a number of algorithms requires to have several of dedicated architectures each supporting one algorithm. A programmable architecture is a solution to this dilemma. General purpose processors seem to be the ideal candidates for this task, however, these did not supply the needed computation power in the past – and today, where they do, they need too much electric power and produce too much heat. Also, it is not economically sensible to use processors worth several hundred Euro but using only a fraction of their potential. In this thesis a programmable architecture dedicated to typical needs of cryptographic algorithms is presented. Starting with the analysis of several major cryptographic algorithms key parameters and hardware requirements were identified. Based on these, an architecture was designed which not only suits these requirements but also satisfies economic factors like cost of production and power consumption. A number of algorithms were implemented on an architectural simulator and dedicated parts of the architecture were realized using VHDL to measure hardware parameters such as logic use and routability. These numbers were compared against existing solutions; the comparison has proven that a programmable architecture like the one proposed within this work can achieve performance similar to or even better than existing dedicated hardware solutions while still retaining modest hardware requirements.