CrypTech Open Source Cryptography Project
2019 ARIN Community Grant Program Recipient Report
Overview
The CrypTech Project has developed an open-source hardware cryptographic engine design to meet the needs of high assurance Internet infrastructure systems that use cryptography. Our open-source hardware designs are aimed to be of general use to the broad Internet community, covering needs such as securing email, web, Domain Name System Security Extensions (DNSSEC), Public Key Infrastructure (PKI), etc. The ARIN Community Grant enabled us to complete work on the latest release and design work on our next board revision.
All of our hardware designs are published publicly as open source under Berkeley Software Distribution (BSD) licensing. All of our software is published similarly. Those are available on the project wiki. The main applications are for DNSSEC and RPKI. These have been validated with all the standard open signing applications.
Project Results
We achieved a 10x improvement in public-key RSA signing speed with the refactoring of the RSA software. We have moved our open source hardware designs to KiCad and have updated the designs with a new FPGA (Field Programmable Gate Arrays)-based Master Key Memory.
This summer, the Cryptech Project announced that version 4 of our firmware and software package that runs on the Alpha board is now available.
Highlights from this release include:
- New high speed ModExpNG core with CRT and RSA blinding factor support
- Clock FPGA synchronously from FMC bus with multipliers, to eliminate clock domain crossing bottlenecks
- New AES-keywrap core with direct connection to master key memory
- AES performance improvements
- SHA-2 timing fixes to support higher clock rates
- Redesign EC cores, adding support for ECDH (P-256 & P-384) and Ed25519
- Support for hash-based signatures
- Various I/O speedups on FMC bus
- Various fixes to Verilog synthesis placement and routing issues
- Faster prime generation algorithm (RSA key generation)
- API hardening and code cleanup in various Verilog and C modules
- Profiling and timing code to see where the HSM is spending its time
Benefits to the Internet industry in the ARIN region
RSA signing remains the main use case (80 sigs/sec RSA-2048) since we have published our open source hardware and software. We have shipped devices through CrowdSupply to a number of users, and the open source design has been picked up by a few people in North America through what we have learned from these sales. We have completed the next phase of hardware design and hope to validate it through prototypes this fall. The technology could be usable by anyone doing RSA signing operations.
All of the design and code we generate are available to everyone (as open source) on our wiki. CrypTech thanks the ARIN community for its support!
Any views, positions, statements, or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness, or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions, or errors contained in a guest blog post.
Recent blogs categorized under: Grant Program
GET THE LATEST!
Sign up to receive the latest news about ARIN and the most pressing issues facing the Internet community.
SIGN ME UP →Blog Categories
Public Policy • Training • Updates • RPKI • ARIN Bits • Fellowship Program • Elections • IPv6 • Business Case for IPv6 • Caribbean • Grant Program • IPv4 • Security • Data Accuracy • Internet Governance • Tips • Customer Feedback • Outreach • IRR
