Prev: AES round structure paper
Next: Method and Logic
From: Non scrivetemi on 29 Jan 2010 14:18
http://www.ddj.com/222600319

Cracking 56-bit DES takes less than three days.

I doubt it spells trouble for AES-128 or AES-256. Anyone disagree?

From: Thomas Pornin on 29 Jan 2010 18:31
According to robertwessel2(a)yahoo.com <robertwessel2(a)yahoo.com>:
> *all* software implementations of DES are slow.

Note that for attack purposes, where you are not using many blocks with
a single key, but a regular sequence of keys with the same block, then
you can use data orthogonalization, aka "bitslice". This makes all those
bit permutations "free" (they become a mere compile-time routing
problem). Software DES crackers have used it, with impressive speedups
(something like 5 to 10 times faster). So while software implementations
of DES for "normal use" are slow, software implementations of DES key
search are substantially faster.

Still, I concur that DES is very FPGA-friendly, and DES attacks even
more since you do not have to worry about I/O.


> For a more conventional application (say a climate model), the FPGAs
> would be at vastly less of an advantage.

For that kind of work you want a lot of concurrently running nodes,
each with some capabilities for floating point operations. In the 80's
it would have screamed "transputers" but now this rather means "GPU".


--Thomas Pornin
From: Paul Rubin on 29 Jan 2010 19:14
Thomas Pornin <pornin(a)bolet.org> writes:
>> For a more conventional application (say a climate model), the FPGAs
>> would be at vastly less of an advantage.
>
> For that kind of work you want a lot of concurrently running nodes,
> each with some capabilities for floating point operations. In the 80's
> it would have screamed "transputers" but now this rather means "GPU".

The Virtex 6 fpga's in that DES cracking box each have dozens or
hundreds of DSP slices that can synthesize floating point operations.
From: robertwessel2 on 29 Jan 2010 19:31
On Jan 29, 5:31 pm, Thomas Pornin <por...(a)bolet.org> wrote:
> According to robertwess...(a)yahoo.com <robertwess...(a)yahoo.com>:
>
> > *all* software implementations of DES are slow.
>
> Note that for attack purposes, where you are not using many blocks with
> a single key, but a regular sequence of keys with the same block, then
> you can use data orthogonalization, aka "bitslice". This makes all those
> bit permutations "free" (they become a mere compile-time routing
> problem). Software DES crackers have used it, with impressive speedups
> (something like 5 to 10 times faster). So while software implementations
> of DES for "normal use" are slow, software implementations of DES key
> search are substantially faster.


In fact by a factor of five or thereabouts. But that's just improving
from abysmal to horrible...'
From: robertwessel2 on 29 Jan 2010 19:37
On Jan 29, 6:14 pm, Paul Rubin <no.em...(a)nospam.invalid> wrote:
> Thomas Pornin <por...(a)bolet.org> writes:
> >> For a more conventional application (say a climate model), the FPGAs
> >> would be at vastly less of an advantage.
>
> > For that kind of work you want a lot of concurrently running nodes,
> > each with some capabilities for floating point operations. In the 80's
> > it would have screamed "transputers" but now this rather means "GPU".
>
> The Virtex 6 fpga's in that DES cracking box each have dozens or
> hundreds of DSP slices that can synthesize floating point operations.


True, but they have drastically less of an advantage over the FPUs in
a GPU than for DES work.
 | 
Pages: 1
Prev: AES round structure paper
Next: Method and Logic