World's Fastest Data Encryption Device Handles Almost 7 Billion Bits/Sec
The world's fastest encryption device, recently developed at the U.S. Department of Energy's Sandia National Laboratories (SNL; Albuquerque, NM; 505-845-8212), should soon protect data transmitted from supercomputers, workstations, telephones, and video terminals. It encrypts data at more than 6.7 billion bits per sec, 10 times faster than any other known encryptor. Simulations predict that it can operate at 9.28 billion bits per sec.
How It Works
Processing Speeds
Applications
How It Works (Back to Top)
The SNL device is an unclassified encryptor chip called the SNL Data Encryption Standard (DES) Application Specific Integrated Circuit (ASIC). The ASIC is the fastest known implementation of the DES algorithm, a mathematical transformation commonly used to protect data by cryptographic means.
The device consists of 16 sets of 16,000 transistors that are placed on an integrated circuit chip the size of small coin. Data, broken down into single bits of information and grouped in 64-bit units, are pipelined through the transistors. There, a computationally intense algorithm scrambles the information so that it becomes incomprehensible to anyone who does not have the cryptographic key.
The encryption devices' 16 sets of transistors are responsible for its high processing speeds, according to Lyndon Pierson, the SNL engineer who designed the apparatus "Other encryptors have one set of approximately 16,000 transistors and the data bits are cycled through the transistors 16 times," he says. "In this device, the information bits flow through the 16 sets of transistors in clocked cycles where they are encrypted."
Pipelining increases the device's speed by dividing the algorithm into 16 equally sized blocks (to correspond with the transistors) and latching information at the block boundaries. The signals have just enough time to process through each block between clock cycles, thereby maximizing the operational frequency.
The DES ASIC processes data differently on each clock cycle than any other encryption device. For example, the device may encrypt data with one key on one clock cycle, decrypt new data with a different key on the next clock cycle, bypass the algorithm and not be encrypted on the following clock, and then encrypt data with another independent key on the fourth clock cycle. Having this ability gives the device a high degree of key and function agility not found in any other encryptor/decryptor.
The device serves at the transmitting end as an encryptor that scrambles information, and at the receiver end as a decryptor which unscrambles it. When applied, large supercomputers like the ones at SNL might have four encryption chips, while a personal computer which operates at much lower speeds might have only one. The device has the flexibility to encrypt and decrypt rapidly or slowly depending on the capability of the information source or receiver.
Processing Speeds (Back to Top)
While the device has been tested at encryption speeds of 6.7 billion bits per sec, it can actually operate much faster. The 6.7 billion bits per sec speed was the limit of the tester used for verification. Simulations predict that the DES ASIC can operate at 9.28 billion bits per sec. Operating the devices in parallel should enable encryption at even higher rates.
Fast encryption and decryption are particularly important when sending or receiving large amounts of secure data through various methods including telephone wires, fiber optics, or satellites.
Currently, the fastest commercial encryptor operates at 0.15 billion bits per sec, which means long waits for large amounts of data. The DES ASIC is the first encryption device fast enough to secure the standard 2.5 Gb/sec and 10 Gb/sec communication channels now being used to carry the ever increasing data traffic for Internet commerce. The device will help to manufacture encryption systems that satisfy these high-speed communication requirements.
Pierson says design work of the DES ASIC was done in six to eight months in 1997. Over the next year, a team of seven refined it and put it into the integrated chip form. The integrated circuit was then designed, fabricated, and tested in SNL's Microelectronics Development Laboratory.
During the two years since the DES ASIC was conceptualized, the National Security Agency saw merit in the design and commissioned GTE to build a classified version that will be installed in high-speed classified computer networks in the Departments of Energy and Defense.
Applications (Back to Top)
The techniques used in the design of the DES ASIC can accommodate the DES algorithm, which has been a federal standard since 1977 for protecting sensitive yet unclassified data. It can also accommodate new, stronger encryption algorithms such as the "Advanced Encryption Standard" (AES), expected to be adopted as a standard soon.
"The device has both the security and bandwidth necessary for the protection of all types of digitized information—voice, audio, video, cell phone conversations, radio and television transmissions, banking and credit card information, and general purpose computer data—at speeds previously unimagined," Pierson says.
Pierson anticipates that faster variations of the encryptor chip performing DES and/or AES will be found in these, and many other, commercial applications within the next few years.
"This technology will become increasingly necessary in order to meet the never-ending demand for increased communication speed and data protection in coming years," Pierson says. "The need for protection of data will dramatically increase as Internet-based trade proliferates."
SNL is a multiprogram laboratory operated by Sandia Corp., a Lockheed Martin Co., for the U.S. Department of Energy. With main facilities in Albuquerque, NM, and Livermore, CA, Sandia has major R&D responsibilities in national security, energy and environmental technologies, and economic competitiveness.
For more information, call Lyndon Pierson at 505-845-8212 or e-mail lgpiers@sandia.gov.