Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

cryptography hardware acceleration with GPU

Does anybody use Nvidia CUDA based solutions for SSL/AES acceleration in production? I'm interesting in SSL offload and AES encryption/decryption acceleration.

I found few open-source solutions like engine-cuda. Benchmarks are pretty impressive. But I still in doubt if it useful in a real production system.

Possible cons are:

  • third party open source solutions aren't mature enough for production use
  • it's not so effective as on synthetic tests
  • is it easily integrated with scripting languages or I will be forced to fork openssl
like image 210
Sergey Romanovsky Avatar asked Aug 08 '12 03:08

Sergey Romanovsky


People also ask

What is cryptographic hardware acceleration?

Cryptographic hardware acceleration is the use of hardware to perform cryptographic operations faster than they can be performed in software. Hardware accelerators are designed for computationally intensive software code.

What is GPU acceleration good for?

GPU-accelerated computing is the employment of a graphics processing unit (GPU) along with a computer processing unit (CPU) in order to facilitate the playback of the average timeline in realtime at high quality. You can playback GPU accelerated effects and transitions in real time without rendering them.


1 Answers

I don't use CUDA for acceleration, but I don't think AES is the algorithm you should optimize in SSL. AES was designed to be very efficient in software, and newest Intel processors have even specialized instructions to carry out a full round of AES completely in hardware.

Additionally, some recent attacks have also pushed many sites to switch the preferred cipher suite from AES to RC4, and RC4 even faster in software.

In SSL, the most time consuming operation has historically always been the RSA private key decryption(s) that the server must do during the initial handshake and for most cipher suites. That is one of the reasons that led to the availability on the market of so many HW accelerators for e-commerce websites in the late '90s. RSA decryption in software is very slow, and that limits the load each website can sustain, that is, the number of TCP/SSL connections per seconds.

As far as I can tell, there has been some academic research on the topic. GPUs can effectively speed up RSA (or more precisely, modular exponentiation with large integers), but not by a surprisingly large factor. Additionally, latency may also be a problem depending on the graphic card model you have. I cannot find much open source software for executing RSA in GPUs though, let alone any one that integrates into an SSL stack like openssl.

like image 184
SquareRootOfTwentyThree Avatar answered Sep 28 '22 02:09

SquareRootOfTwentyThree