## Cryptographic Accelerators on the UltraSPARC T2 with the Solaris Cryptographic Framework

### BibTeX

@MISC{Christopher_cryptographicaccelerators,

author = {Cody James Christopher and Supervisor Peter Strazdins},

title = {Cryptographic Accelerators on the UltraSPARC T2 with the Solaris Cryptographic Framework},

year = {}

}

### OpenURL

### Abstract

As the both the requirement and demand for secure systems increases, so to will the ubiquitousness of cryptography. The most secure cryptographic schemes often involve complicated algorithms and are by no means cheap to implement on standard hardware, and it is this that has led to the development of cryptographic hardware accelerators. Optimizing software to take advantage of these hardware devices is a problem akin to that of effective parallelization and this project aims to determine how these accelerators perform and under what conditions their use is cost-effective. Through the development of code designed to exercise the particular accelerators existing on the Solaris UltraSPARC T2 via the Solaris Cryptographic Framework (SCF) the system’s performance under a variety of different conditions was assessed. A suggestion for the possible design of a benchmark exclusively for hardware accelerated cryptography is also given. The results indicate that substantial performance gains can be had with

### Citations

35 |
Introduction of Cryptography
- Buchmann
- 2001
(Show Context)
Citation Context ...efinitions presented are well known and associated properties will be without proof; should proof be required, one should need only look in any introductory text on number theory or cryptography (see =-=[4]-=- and [6]). Definition 2.1. An integer p is a prime number iff ∀i ∈ N \ {1, p}, i̸ | p. Where x|y means that x divides into y evenly (without remainder). The importance of prime numbers is established ... |

30 | Primes is in p
- Agrawal, Kayal, et al.
(Show Context)
Citation Context ... is small it is still significant with respect to the implementation of cryptographic algorithms relying on primes. As an aside, there does exist a primality test known as the AKS test (Agrawal et al.=-=[3]-=-) released in 2002, which is simultaneously general, unconditional, deterministic and runs in polynomial time (prior to this algorithms only satisfied three of these four properties). The consequence ... |

5 | System Administration Guide: Security Services, http://docs.sun.com/app - Microsystems, Inc |

3 |
Number Theory: An Introduction via the Distribution of Primes. Birkhäuser
- Fine, Rosenberger
- 2006
(Show Context)
Citation Context ...ns presented are well known and associated properties will be without proof; should proof be required, one should need only look in any introductory text on number theory or cryptography (see [4] and =-=[6]-=-). Definition 2.1. An integer p is a prime number iff ∀i ∈ N \ {1, p}, i̸ | p. Where x|y means that x divides into y evenly (without remainder). The importance of prime numbers is established by way o... |

2 | The solaris cryptographic framework - Sangster, Bubb, et al. - 2001 |

1 | The DES encryption algorithm. http://www.iusmentis.com/technology/encryption/des/#HowDESworks, Accessed - Engelfreit |

1 | Transparent multi-core cryptographic support on niagara cmt processors
- Hughes, Morton, et al.
- 2009
(Show Context)
Citation Context ...ansion cards of some kind or another. 11.1 Previous Work There is very little literature in this area barring the technical documents and various blogs from Sun employees. The paper by Hughes et al.(=-=[7]-=-) presents some statistics on the system, regarding throughput for a range of algorithm and how to determine the break-even point (with an AES example). This paper lacks a crucial point of verifying t... |

1 | RSA laboratories – What is a hash function? http://www.rsa.com/rsalabs/node.asp?id=2176, Accessed - Labs |

1 | primality and pseudoprimes - Primes |

1 |
Taking advantage of wire speed cryptography. Sun BluePrints, 2009. 28 Network Associates, Inc. An introduction to cryptography
- Nagappan, Prucha
(Show Context)
Citation Context ...ticate the identity of the sender and validate the integrity of the transmitted data. A large part of what Sun was trying to achieve here is ‘wire speed cryptography’ (R. Nagappan and C. Prucha – see =-=[11]-=-), that is, cryptography processing at the peak speed of the physical layer bitrate. If wire speed can be achieved, then the throughput on the wire is at the peak, and whatever service is being delive... |

1 | Transparent multi-core cryptographic support on niagara cmt processors – presentation - Schuba |

1 | Lawrence spracklen’s blog. http://blogs.sun.com/sprack/ , Accessed - Spracklen |

1 | Sun’s 3rd generation on-chip UltraSPARC security accelerator - Spracklen |

1 |
UltraSPARC cryptographic accelerators - UltraSPARC cryptographic accelerators. http://wikis.sun.com/display/CryptoPerf/UltraSPARC+cryptographic+accelerators, Accessed
- Spracklen
(Show Context)
Citation Context ...gorithms, when a service decides to ‘go secure’, it will more than likely incur a performance hit of at least 2 fold in the majority of instances, but even hits of up to 10 fold are not uncommon (see =-=[17]-=-). Ideally, the cost of going secure needs to be minimized to the extent where it is negligible compared to the alternative. Unfortunately, off-chip accelerators have failed to deliver on this and do ... |

1 | Security APIs, SPIs, and frameworks for the solaris OS. http://developers.sun.com/solaris/articles/security apis/security apis.html, Accessed: 24/10/2010 - Stearns - 2005 |

1 | Cryptography acceleration on UltraSPARC t2 systems. http://blogs.sun.com/ningsun/entry/cryptography acceleration on ultrasparc t2, Accessed - Sun |

1 |
Using the cyptographic accelerators
- Sun, Lin
- 2007
(Show Context)
Citation Context ... couple of different methods available by which one could go about writing application code that would utilize the framework, assuming the cores are correctly configured (N. Sun and C.Lin, 2007 – see =-=[20]-=- for configuration instructions). The most straightforward way would be to use the PKCS#11 API, a method for which some simple examples are available (see the Solaris Security for Developers Guide [21... |

1 |
SIP API for solaris reference guide
- Microsystems
- 2006
(Show Context)
Citation Context ...20] for configuration instructions). The most straightforward way would be to use the PKCS#11 API, a method for which some simple examples are available (see the Solaris Security for Developers Guide =-=[21]-=-) or by using OpenSSL with forced usage of the PKCS#11 provider. 3.3 Multicore and Multithreading The distribution of cryptographic work to each of the cores is somewhat complicated. The framework als... |

1 | AKS primality test from wolfram MathWorld. http://mathworld.wolfram.com/AKSPrimalityTest.html, Accessed: 30/10/2010 - Weisstein |

1 |
Pseudoprime – from wolfram MathWorld. http://mathworld.wolfram.com/Pseudoprime.html, Accessed
- Weisstein
(Show Context)
Citation Context ... is relevant is pseudoprimality. Pseudoprimes are numbers which are actually composite (i.e. not prime) but are known to pass primality tests that of which most composite numbers would fail outright (=-=[24]-=-). These numbers have a somewhat special place in cryptography, due to the amount of time it takes to verify that a number is indeed a prime, but more on that in the details of the individual algorith... |