1993-11-16 - Review of “Design and implementation of an RSA cryptosystem using multiple DSP chips”

Header Data

From: an5877@anon.penet.fi (deadbeat)
To: cypherpunks@toad.com
Message Hash: b1193b0e4cf45935eb0ca58876739c7bf11b657df5e99b3f4caab71c3df2aba7
Message ID: <9311162202.AA27158@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1993-11-16 22:04:13 UTC
Raw Date: Tue, 16 Nov 93 14:04:13 PST

Raw message

From: an5877@anon.penet.fi (deadbeat)
Date: Tue, 16 Nov 93 14:04:13 PST
To: cypherpunks@toad.com
Subject: Review of "Design and implementation of an RSA cryptosystem using multiple DSP chips"
Message-ID: <9311162202.AA27158@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Source: Computing Reviews, November 1993, pp. 602-603; 9311-0871

ER, M. H.; WONG, D. J.; SETHU, A. A.; AND NGEOW, K. S. (Nanyang
Technological Univ., Singapore)

Design and implementation of an RSA cryptosystem using multiple DSP

Microprocess. Microsyst. 15, 7 (Sept. 1991), 369-378.

The authors propose implementation of the Rivest-Shamir-Adelman (RSA)
public key cryptosystem using multiple digital signal processing (DSP)
chips. They achieve a speed- up factor of 70 compared with a C software
implementation on a PC.

The use of multiple DSP chips (three in the authors' example) is hard
to justify, in light of other known results.  For example, Dusse and
Kaliski reported a 25-50 millisecond decryption of 512-bit RSA with a
single DSP chip [1].  My C implementation on a SPARC station runs in 2
seconds, about the same factor claimed by the authors.

The design suffers from some other problems as well.  One problem is
the key size (160 bits). This is too small (even 512 bits is not enough
for some applications). Another problem is that in this design the
secret key is chosen first, and the corresponding public key is
calculated accordingly.  In most cases, the other way around is
preferable, since it is advantageous to have short secret keys. A third
problem is that any Carmichael number will pass the proposed primality
test (Carmichael numbers are not primes). Better methods exist.

The paper is intended for electrical engineers with little or no
background in cryptology. The length of the paper is suitable, the
drawings are clear, and the physical form of the material is suitable.
A reference to Dusse and Kaliski [I] is missing. I believe that the
authors did not know about that work, and would have reconsidered the
project if they had.  Overall, this paper is a fair description of a
graduate-level project, but the quality of the design leaves something
to be desired.

					Y. Yacobi, Morristown, NJ


[1] DUSSE, S. R. ND KALISKI, B. S., JR. A cryptographic library for the
Motorola DSP56000. In Advances in Cryptology - Eurocrypt '90, I. B.
Damgard, Ed., Springer, New York, 1991, 230-244.


Brought to you by the Information Liberation Front and

DEADBEAT <na5877@anon.penet.fi>

Version: 2.3

To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.