on FPGAs vs ASICs
Tyler, Riad, etc: FPGAs are used in telecom because the volumes do not support an ASIC run. Riad doesn't seem to appreciate this. He does understand that an ASIC is more efficient because its gates are used only for 1 computation, rather than most (FPGA) gates being used for reconfigurability ---useful if you can't afford an ASIC run (a million bucks a mask...) or if algorithms get tweaked (eg you release before the Spec comes out, or you are shooting for time-to-market). Clockwise an FPGA wastes time in extra wire routing although since an FPGA may be made in state of the art processes, and your ASIC may not, its a complex tradeoff. (Albeit some circuit topologies work very well on FPGAs) So for the Cypherpunk wanting hardware (vs cluster) acceleration, FPGAs are the way to go. For TLAs, you prototype in FPGAs of course, and then make some chips in your private fab. (Same for Broadcom, etc.) For someone making 10,000 routers, you use FPGAs. DESCrack was solving a problem for which the x86 is not very efficient at computing --all the sub-byte bit-diddling-- and hardware is very efficient (by design in DES, after all).
Re: on FPGAs vs ASICs
FPGAs probably make more sense for routers, because you want the ability to change the firmware more often, and a router has a bunch of other parts as well, and realistically, cypher-cracking is not an economically viable activity for most people, so the cost-benefit tradeoffs are a bit twisted. The router world seems to use a good mixture. At a startup we were purchasing nice off-the-shelf MPLS ASICs, which did MPLS route setup and forwarding (and some enforcement) while the 'software'/control plane (eg, OSPF, RSVP-TE, etc...) was largely in FPGAs of our own brew. At that time (ca, 2000/2001) some vendors were starting to push net processors, which were somewhere in between, and at the time just weren't quite fast enough for ASIC-busting applications and not quite flexible enough for FPGA-ish applications. Now, however, I'd bet net processors are very effective for metro-edge applications. What I suspect is that there's already some crypto net processors out there, though they may be classified, or the commercial equivalent (ie, I assume there are 'classified' catalogs from companies like General Dynamics that normal clients never see). They can periodically upgrade the code when they discover that some new form of stego (for instance) has become in-vogue at Al Qaeda. These won't be Variola Suitcase-type applications, though, but perhaps for special situations where they know the few locations in Cobble Hill Brooklyn they want to monitor and decrypt. -TD
FW: on FPGAs vs ASICs
From Major Variola (ret) Tyler, Riad, etc: FPGAs are used in telecom because the volumes do not support an ASIC run. Riad doesn't seem to appreciate this. He does understand that an ASIC is more efficient because its gates are used only for 1 computation, rather than most (FPGA) gates being used for reconfigurability ---useful if you can't afford an ASIC run (a million bucks a mask...) or if algorithms get tweaked (eg you release before the Spec comes out, or you are shooting for time-to-market). Clockwise an FPGA wastes time in extra wire routing although since an FPGA may be made in state of the art processes, and your ASIC may not, its a complex tradeoff. (Albeit some circuit topologies work very well on FPGAs) So for the Cypherpunk wanting hardware (vs cluster) acceleration, FPGAs are the way to go. For TLAs, you prototype in FPGAs of course, and then make some chips in your private fab. (Same for Broadcom, etc.) For someone making 10,000 routers, you use FPGAs. DESCrack was solving a problem for which the x86 is not very efficient at computing --all the sub-byte bit-diddling-- and hardware is very efficient (by design in DES, after all). Indeed, during the initial DESCrack effort, I spent some time investigating FPGAs. I came to the conclusion that it was definitely possible to build a Weiner-style pipeline machine (ie, one key tested per clock cycle), but it would be more costly than I could afford. One of the interesting twists of FPGAs is that you can optimize the circuit to the actual data being processed. For example, in DES keysearch you could hardwire into the circuit some of the subkey bits (which were determined by, say, high order key bits you rarely changed), thus simplifying the circuit. When those bits changed, you re-wrote the circuilt. Peter Trei