On Mon, Mar 21, 2005 at 06:34:07PM -0800, Major Variola (ret) wrote: > Tangentially, I should note that there are "modes of encryption" which can be > scaled infinitely with parallel hardware; they use interleaved blocks so each > chip sees every Nth block of the real stream. So high clock rates are not > required to crypt.
Counter mode works this way, and is a fairly common mode in any case. > It seems that hashing can be parallelized that way too, run a hash-chip on > every Nth bit, and hash those partial results. Both ends have to agree on > the N-way division (as with the infinitely scalable crypto) but that's all. Depending on the interconnect it would probably be faster to do it in blocks of 8-64k, doing it a bit at a time would eat your standard PCI bus alive. There are message authentication modes which can scale 'infinitely' (assuming a sufficiently long message), and don't depend on the number of functional units, so for example I could generate a MAC using my regular single core CPU and you could verify it on a machine with N functional units with a cooresponding speedup of N (modulo some fixed per-message overhead) without us having to agree on anything in advance. For example there is the MAC used in Rogoway's OCB. Unfortunately most (all?) of these algorithms have been patented. -Jack