Basic hardware using FPGAs to form a brute-force cracking machine was designed. The basic idea has not changed fundamentaly from that proposed by Diffie and Hellman in 1977 [DH77]: design a chip to test keys as quickly as possible, and use as many as possible of them in parallel. Very little inter-chip communication is necessary, besides initial set-up.
Wiener describes a detailed board layout for the DES-cracking chip he designed [Wie94], using a 8-bit data bus for chip interconnect. His chip requires 27 I/O pins for the interface. We feel that a parallel bus is over-kill for this application; we propose a simple daisy-chained serial bus instead, requiring only 5 pins, not including clocks. This should allow the printed-circuit board layout of the FPGA array to be extremely simple. The chip I/O interface is defined by the behavioral VHDL in driver.vhdl, found in appendix B.2.
The interface is based on a 65-bit shift register, which holds the current 64-bit key under test and a one bit search status flag. To save logic, we follow Wiener in advancing the key using a linear feedback shift register, instead of a 64-bit ripple-carry adder. The generating polynomial for the 64-bit LFSR is x64 + x4 + x3 + x1 + 1. This is a maximal-length LFSR, meaning that it will step through all of the 264 - 1 possible states [Sch94]. The LFSR will not step through the all-zero key; this must be tested separately.
In addition, an internal driver-to-cryptographic engine interface has been defined; the behavioral VHDL describing it is in crypt_pack.vhdl. Details vary slightly for pipelined and non-pipelined versions, but both types have two 32-bit key-inputs, and a single bit result output in common.
A design cycle using a single adder as the ``crypto engine'' component reveals that the driver-stage uses about 20% of the available CLBs (mostly for the 65-bit shift-register), and can be clocked at over 18MHz. Obviously, the introduction of a ``real'' cryptographic component will limit us to far below this maximum possible speed.