> Aloha! > > On 2012-06-19 11:30 , coderman wrote: >> On Tue, Jun 19, 2012 at 12:48 AM, Marsh Ray <[email protected]> >> wrote: >>> So something is causing AES-NI to take 300 clocks/block to run this >>> DRBG. >>> Again, more than 3x slower than the benchmarks I see for the hardware >>> primitive. My interpretation is that either RdRand is blocking due to >>> "entropy depletion", there's some internal data pipe bottleneck, or >>> maybe >>> some of both. >> >> it is also seeding from the physical noise sources, running sanity >> checks of some type, and then handing over to DRBG. so there is >> clearly more involved than just a call to AES-NI. 3x as expensive >> doesn't sound unreasonable if the seeding and validation overhead is >> significant. > > I might be missing something. But is it clear that Bull Mountain is > actually using AES-NI? I assumed that one would like to use a separate > HW-engine. Reading from the CRI paper seems (to me) to suggest that this > is actually the case: > It is not using AES-NI. It is a self contained unit on chip with a built in HW AES encrypt block cipher.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
