Sandia researchers develop world’s fastest encryptor

The world’s fastest encryption device, developed at Sandia, which encrypts data at more than 6.7 billion bits per second –10 times faster than any other known encryptor — may soon be protecting data being transmitted from supercomputers, workstations, telephones, and video terminals.

Sandia’s research heavily influenced the design of a new encryption product, currently being built by GTE, that will be installed in high-speed DOE and DoD classified computer networks possibly as soon as next year.

"It’s phenomenal," says Lyndon Pierson (4616), the engineer who designed the apparatus. "We have produced a device that has both the security and bandwidth necessary for the protection of all types of digitized information — voice, audio, video, cell phone conversations, radio and television transmissions, banking and credit card information, and general purpose computer data — at speeds previously unimagined."

The Sandia work resulted in an unclassified encryptor chip, called the "SNL Data Encryption Standard (DES) Application Specific Integrated Circuit (ASIC)." It is the fastest known implementation of the DES algorithm, a mathematical transformation commonly used to protect data by cryptographic means.

The device consists of 16 sets of 16,000 transistors on an integrated circuit chip the size of a dime. Data, broken down into single bits of information in 64-bit units, are pipelined through the transistors, where a computationally intense algorithm scrambles the information so that it becomes incomprehensible to anyone who does not have the cryptographic key.

Transistor sets make the difference

Lyndon says it’s the 16 sets of transistors that produce the speed of the new encryption device. "Other encryptors have one set of approximately 16,000 transistors and the data bits are cycled through the transistors 16 times," he says. "In this device the information bits flow through the 16 sets of transistors in clocked cycles where they are encrypted."

Pipelining increases the device’s speed by dividing the algorithm into 16 equally sized blocks where the transistors are located and latching information at the block boundaries. The signals have just enough time to process through each block between clock cycles, thereby maximizing the operational frequency.

Another feature making the DES ASIC unique is that it can process data differently on each clock cycle. For example, the device may encrypt data with one key on one clock cycle, decrypt new data with a different key on the next clock cycle, bypass the algorithm and not be encrypted on the following clock, and then encrypt data with another independent key on the fourth clock cycle.

Having this ability gives the device a high degree of key and function agility not found in any other encryptor/decryptor.

The DES ASIC serves at the transmitting end as an encryptor, which scrambles information, and at the receiver end as a decryptor, which unscrambles it. Large supercomputers, like the ones at Sandia, might have four encryption chips, while a personal computer, which operates at much lower speeds, would have only one. The device has the flexibility to encrypt and decrypt rapidly or slowly depending on the capability of the information source or receiver.

While the device has been tested at encryption speeds of 6.7 billion bits per second, it can actually operate much faster. The 6.7 billion bits per second was the limit of the tester used for verification. Simulations predict that the DES ASIC can operate at 9.28 billion bits per second. And parallel operations of these devices — having more than one chip operating at one time — enables encryption at even higher rates.

Fast encryption a must for big files

Fast encryption and decryption are particularly important when sending or receiving large amounts of secure data through various methods that might include telephone wires, fiber optics, or satellites.

Currently, the fastest commercial encryptor operates at 0.15 billion bits per second, which means long waits for large amounts of data to move from supercomputers to visualization stations, for example. The DES ASIC is the first encryption device fast enough to secure the standard 2.5 Gb/s and 10 Gb/s communication channels now being used to carry the ever-increasing data traffic for Internet commerce. The device will enable the manufacture of encryption systems to satisfy these high-speed communication requirements.

Lyndon says design work of the DES ASIC was done in six to eight months in 1997. Over the next year, a team of seven refined it and put it into the integrated chip form. While Lyndon conceptualized and designed the encryptor, Perry Robertson (1716) designed the circuit board, and Craig Wilcox (1735) designed the integrated circuit. Also working on the project were Ed Witzke, Tom Tarman, Byron Dean (all 4616), and Karl Gass (1716).

NSA commissioned classified version

During the two years since the DES ASIC was conceptualized, the National Security Agency saw merit in the design and commissioned GTE to build a classified version that will be installed in high-speed DOE and DoD classified computer networks in the near future.

"We achieved the primary objective of our work — influence the design of a computer encryptor for classified use," Lyndon says. "We facilitated rapid maturation of a much-needed product to meet DOE requirements."

The techniques used in the design of the DES ASIC can accommodate both the DES algorithm, which has been a federal standard since 1977 for the protection of sensitive yet unclassified data, and new stronger encryption algorithms, such as the "Advanced Encryption Standard" (AES), expected to be adopted as a standard soon. Because of this, Lyndon anticipates that in the next few years, even faster variations of this encryptor chip, performing DES and/or AES, will be found in many commercial applications and will be used, for example, to protect data being transmitted from unclassified supercomputers, Internet connections, cell phones, radio, and television.

"This technology will become increasingly necessary in order to meet the never- ending demand for increased communication speed and data protection in coming years," Lyndon says. "The need for protection of data will dramatically increase as Internet-based trade proliferates."