Comment by MayeulC

5 years ago

This looks very nice, and actually pretty rugged. A few thoughts:

* Would it increase the complexity a lot to provide a linux-capable SoC as an additional chip? (OK, this could be a daughter board)

* "iCE40UP5K SG48, 98% utilized" <- isn't it a bit restrictive to start with such a low room for growth?

8 comments

MayeulC

Reply
bunnie  5 years ago

The iCE40UP5K is not the main processor. It's the embedded controller. Think of it as a power management coprocessor that takes care of things like managing the battery while the main CPU is asleep. It is packed to the gills, but the iCE40UP5K is low enough power to remain on and not drain the battery for several days.

The main CPU is a Spartan7 XC7S50, which has plenty of space for things like crypto accelerator cores beyond the primary RISC-V CPU.

  • analognoise  5 years ago

    What kind of crypto accelerator would be most interesting to people?

    • nullc  5 years ago

      What I think would be most interesting is whatever primitives are needed to build fancy cryptosystems which are resistant to EMI/DPA sidechannels.

      Plain TLS stuff as the sibling comment suggests is entirely uninteresting to me-- a boring software implementation is more than fast enough even on a 100MHz device to accomplish whatever that 100MHz device is going to accomplish. (I assume bunnie's Betrusted soc will be faster than 100MHz too).

      But what you can't do from general software is get something which is extremely robust against EMI and power sidechannels.

      Similarly, while plain ECDH/etc. will be more than fast enough even in software for 99% of applications you'd want to run on a small device like this, various zero knoweldge proofs and other fancy constructions may still be painfully slow (as they're often noticably slow on desktops).

      Unfortunately the ed25519 curve is probably not really the best choice there for a primitive to optimize due to the cofactor being an extraordinary nuisance for other applications outside of plain signatures and key agreement. ... but group choices for ZKPs are by-far not a settled question.

      2 replies →