Re: [Cfrg] [TLS] 3DES diediedie

["Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>]

But who says that you'd want to run AES on PIC?‎ The whole point is that there are smaller cheaper ciphers usable on PIC.

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Joachim Strömbergson
Sent: Tuesday, September 6, 2016 02:36
To: Hilarie Orman
Cc: cfrg@irtf.org; tls@ietf.org
Subject: Re: [Cfrg] [TLS] 3DES diediedie

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Hilarie Orman wrote:
>> On 31 August 2016 at 20:48, Hilarie Orman
>> <hilarie@purplestreak.com> wrote:
> 
>>>> From: Brian Sniffen <bsniffen@akamai.com>
> 
>> The question is not "how much hardware?" but "price?" - with ARMs 
>> including h/w AES coming in at $2 for a single unit, its hard to
>> explain why you\d want to use a less powerful CPU...
> 
> 
> Power.
> 
> Hilarie

Did you look at the ARM Cortex M0+ Gecko Zero I pointed to? I'd
recommend that you compare its power consumption to a PIC.

The PIC is manufactured using larger geometries that consumes more
power/gate/MHz. The Gecko Zero has more power modes allowing it to
enable/disable different functions very fast, and is able to scale its
own internal clock frequency very flexibly. The Gecko Zero (and other
M0+ devices) can also do more/cycle so that total power up time is
shortened, saving power.

Specifically (since we talked about it before), the AES core in the
Gecko Zero takes about 50 cycles to process one block (and the CPU core
can be powered down at the same time). Googling for cycles to perform
AES on PIC I found:

Encryption
PIC16F877 : 3834 cycles
PIC16F84 : 7157 cycles

https://edipermadi.wordpress.com/2008/02/09/an-aes-implementation-on-pic16f877/

So on the PIC you need to have the CPU core powered up and running about
80 times longer (in terms of cycles) than the Gecko needs to run its AES
core.

And even if you don't have an AES core, the ARM can do AES in fewer
cycles. This one shows 2270 cycles for AES-128

http://www.cryptovia.com/ARM_Thumb_AES.html


Selecting 8/16 bit MCUs like AVR, PIC, 8051 in 2016 for power reasons
without looking at modern 32-bit MCUs based on ARM or MIPS is a mistake
imho.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim@secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJXzmPpAAoJEF3cfFQkIuyNW74P/3CuHjDaD+OnU4RHVemzDgKZ
rRvDa/3ekLVDDKUQUP5UhPLolg8tn7L1pPWwT8MU+aY2T7TUyRmwG8dukQlTdk1G
7jZi7xE5efEY6vOHDH2s50nL166vRQAC2dBpSFqJQ4SXXM23qkViCW1JI64jvLmg
KVryfU0LWSKZc0QB3Yta0g4nLwkBWIUywpxWOiGT0y54P6I6YjLKavnxvToOOnxw
wdO6WDSNx8fBCOwf4Sb8cVmX77dYN+JywRgOUWfT9uweUWuQZQe3MujLRbNd8uNY
+9qlwb7uG9I/OLypmu/7hHpwb5U/kbP04u6kbedG1h+TT/QxwU+vOwz9nRytvHDL
kOj3VYZnmWQFgcr/fvmXMiUL3s9qQWubIH151JLylDQF1dC+QhvIPlHfGlKQXKWv
8+ZfDtLAAHIagDqdMNO7bX7I2NujqO5P7XmLgw0p6GMwgV2hrdX8Jw6t5sp/xEqc
9pv+hMJIYT3QzWm9XZbjPpkoSEmt4yHciZkQuzaZyShLf3M76mEC/HnpYCHdp6JQ
5YcKwfBTX6WpFQ/PPhEu9NcTVHu2z0WxIPsv4O3+FUdXWtBPzHto8D6k8m3hpwOw
d/GwX0HMUIaldA2l1o+0ZWKmO4Ov81EDM3bCOeUzSjp4ZE33S3TkXgGG35MIX29T
7js19Jx4tVKQYimJbJRO
=N7Q6
-----END PGP SIGNATURE-----

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg