Subscribe to RSS Add to Technorati Faves Digg This Page Send to Stumble Upon Bookmark on Delicious

New Intel instructions + algorithms = https://everywhere

posted by Michael Kounavis on April 20, 2009

At Fall IDF 2008, Intel presented solutions toward realizing a vision that can accelerate secure Internet transactions by orders of magnitude. Our vision was of a world where the internet is entirely secure and attackers have no place to hide. A major step toward realizing this vision of world-wide security is making sure that all the traffic exchanged between servers and clients is encrypted. This is very difficult technical challenge since networking speeds are excessively high (10-100 Gbps), whereas cryptographic algorithms consume millions of processor cycles to execute. Since IDF, we have also worked on designing new cryptographic algorithms that can potentially offer new security/performance tradeoffs and be essential components of future computing platforms and networks. In this blog we summarize our past as well as recent accomplishments.

https://everywhere! Encrypting the Internet white paper View .pdf

First, the latest Intel® Core™ micro-architecture (Nehalem) re-introduces the feature of Simultaneous Multi-threading Technology, SMT into the CPU. SMT is ideal for hiding the cycles of compute-intensive public key encryption software under the stall times of network application memory lookups. Following Nehalem, Westmere adds new instructions for potentially speeding up symmetric encryption by a factor of 3-4X. These instructions not only provide better performance but also protect applications against an importance type of threats known as side channel attacks. Third, Intel® has developed superior Integer arithmetic software that can speed key exchange and establishment procedures by a factor of 2X.

Last, we have developed a new cryptographic hash function called Vortex that can be implemented using our new processor instructions. Vortex is one of the fastest collision resistant hashes known to us when implemented on Intel processors. A main strength of the Vortex design is that this hash function can achieve a potential performance of much less than 7 cycles per byte using the AES round and carry-less multiply instructions announced for future Intel processors. The Vortex family produces message digests of 224, 256, 384 and 512 bits. The main idea behind Vortex is to use well known algorithms with very fast diffusion in a small number of steps. These algorithms also balance the cryptographic strength that comes from iterating block cipher rounds with S-box substitution and diffusion against the need to have a lightweight implementation with as small a number of rounds as possible.

Comments (0)
del.icio.us StumbleUpon Digg It
tagged: , , ,

Post Your Comment





Comment Policy: We welcome your comments, however all comments are moderated. Offensive, off-topic or fraudulent comments will be deleted and not displayed. By submitting a comment to an Intel Blog, you agree to our legal information and privacy policy terms, including having your name displayed with your comment and that you are 13 years old or older. Your name and personal information will not be used for any other purpose, and your e-mail address will not be published.

Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, and do not necessarily reflect the views of Intel. All Intel names and trademarks are the property of Intel Corporation or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.