[Hardware] Suggestions for FPGA RC5-72 core work verification?

Dan Oetting dan_oetting at qwest.net
Wed Nov 29 02:10:55 EST 2006 

On Nov 28, 2006, at 9:54 AM, John L. Bass wrote:

> Dan made a rather lengthy suggestion on how to verify correct clients
> on processor based platforms, part of which is valid here. The biggest
> difference is that for most FPGA cores, adding an additional stage at
> the end to generate a CRC or Hash of the solution space is reasonable,
> trival and affects performance little, if at all (other than requiring
> a few dozen LUTs).
>
> I'd like to suggest that a simple running XOR of the the generated  
> test
> cipher text and/or last SBox is probably enough, either as 32 bits
> or 64 bits. This would make the "residual" independent of counter
> order, and be reasonably inexpensive to also implement on processor
> based clients, to verify an FPGA core's correctness. This residual  
> would
> be returned to the key server and logged.
>
> Dan probably has better ideas, as will others, so this is probably a
> good time to air them.

I pointed out before that the XOR is good enough since the core is  
doing plenty of hashing on it's own.

Another form of verification I came up with several years ago  
involves picking a second target cypher text that is known to exist  
within the work block and having the core return the key that  
generates the closest match with the real target which contains all  
the common bits with the second target. The software that generates  
and verifies the results only needs to process 2 or 3 keys for each  
block the hardware processes so it shouldn't be hard for it to keep  
up. The original intent of this verification was for the key servers  
to generate the test target and for the stats processor to do the  
verification on the result blocks.

A different approach is to return all the keys that generate a match  
with the low 32 bits of the cypher text. On average there would be  
one partial result for each block of 2^32 keys. The advantage is that  
by using the partial match as the token for a stat unit there is no  
efficient way to cheat since each result can be easily verified. The  
disadvantage is that partial matches can come in bursts so the core  
would need to buffer the partial matches and handle the buffer  
overflow if the client doesn't unload the buffer in time.

--- Dan O.

More information about the Hardware mailing list