Community discussions

MUM Europe 2020
 
cbabcock
just joined
Topic Author
Posts: 13
Joined: Sun Jun 21, 2015 10:27 pm

Feature request: AES-NI instruction set for x86 RouterOS

Mon Dec 21, 2015 6:05 pm

Hi,

I would like to request AES-NI support for AES hardware acceleration instruction set for x86 devices. I've tested on Cisco CSR and it's awesome. Thanks.

Chris
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Thu Mar 24, 2016 11:40 pm

but dat "accelerations" severely compromise security.
its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips
but at that cost ...
think about that: there is no "free cheese/beer" in real world and "improvements" that let CPU do things 10x faster(we're talking bout 95W-178W CPU's there)than fully-saturated CPU's can do (over 1.5k transistors budget or less) isn't really convincing. even ASIC offoading(there was plentiful of such "accelerators") to less bang or FPGA things.
if thats not "mission-critical"(which interfere with whole purpose of using it in 90% cases)then okay.
 
barkas
Member Candidate
Member Candidate
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

AW: Re: Feature request: AES-NI instruction set for x86 RouterOS

Fri Mar 25, 2016 1:35 am

but dat "accelerations" severely compromise security.
its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips
but at that cost ...
think about that: there is no "free cheese/beer" in real world and "improvements" that let CPU do things 10x faster(we're talking bout 95W-178W CPU's there)than fully-saturated CPU's can do (over 1.5k transistors budget or less) isn't really convincing. even ASIC offoading(there was plentiful of such "accelerators") to less bang or FPGA things.
if thats not "mission-critical"(which interfere with whole purpose of using it in 90% cases)then okay.
/tinfoil hat
 
SystemErrorMessage
Member
Member
Posts: 378
Joined: Sat Dec 22, 2012 9:04 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Sat Apr 02, 2016 3:00 am

What the AES-NI set do is provide assembly instructions for AES encryption instead of having a bunch more instructions to do things. So if you want to encrypt a byte of data all you do is provide the AES instruction with data rather than a whole bunch of instructions representing the AES math in x86 assembly form. You save cycles so i dont see how it is less secure.

In a multi threaded or vector CPU these extra instructions can run while the CPU is executing other instructions.

Essentially AES-NI is an additional ASIC or bunch of transistors as a unit added to the CPU. Look at the AMD bulldozer architecture, it splits up these additional x86 units from the CPU so each 2 CPU shares 1 unit of these extra things.

Your assumption that there isnt some sacrifice is misplaced, AES-NI adds cost to the CPU requiring more transistors, it needs additional registers, it is basically a hardware representation of some math which the unit is designed for doing it with far less cycles so instead of having to list all the steps in software and run the steps one at a time it runs the whole math faster because the steps have been designed into the CPU so it doesnt have to keep going through instructions.

Same with hardware float, theres multiple ways to do float and some hardware floats will do it accurately while some want speed and smaller size/power so they do float but less accurate. Think GPUs, they are basically hardware float processors and if you compare a GPU to CPU GPU graphics is much better than CPU graphics, much faster and looks better.
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Tue Apr 12, 2016 12:34 am

no. its not. despite NSA PR about.
its not works this way and ASIC can't do that. not That "size" of logic behind AES-NI in x86 chips ;) (would be 1/3 of whole CPU ~ or around :)
its achieved by purposely compromising/crippling math behind cipher in several "hot spots of code", tremendously boosting throughput, yes, but at dreadfush/terrific price, measured in lives, sometimes.

/tinfoil hat
tinfoli hat linux - one of funniest and most interesting linux distros i ever used, among qubes and other stuff(ITSec-wize and "in general")https://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
but beware sneaky reptiloids and let the be tinfoli hat with you, my friend !! *waves lightsaber*
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature request: AES-NI instruction set for x86 RouterOS

Tue Apr 12, 2016 3:01 pm

but dat "accelerations" severely compromise security.
its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips
but at that cost ...
Can you be more specific, please? What cost? Why exactly using AES-NI instructions is less secure than doing the same math using "traditional" instruction set exclusively? Please explain.
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Wed Apr 13, 2016 3:31 pm

but dat "accelerations" severely compromise security.
its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips
but at that cost ...
Can you be more specific, please? What cost? Why exactly using AES-NI instructions is less secure than doing the same math using "traditional" instruction set exclusively? Please explain.
depend what kind of business you company do.
then you can calculate/estimate impact/cost of flawed "security" i guess.
there is no free cheese over fence or silver bullets. just wolves in sheep clothes(among feds and their "friends" in telco and science).
for specific details about AES-NI impact on crypto implementations - you can check relevant message boards, news feeds and podcasts. if you short on time - start from last one. personally i prefer lectures done by Chaos Con folks/guests, but several other interesting events had speakers that share same conclusions and concern among that biz.
if you not really motivated to really had answers or asked "out of couriousity", or just think you time is cost more(to waste it atleast googling on-topic), then i think you should find someone else to help/teach.
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature request: AES-NI instruction set for x86 RouterOS

Wed Apr 13, 2016 3:51 pm

for specific details about AES-NI impact on crypto implementations - you can check relevant message boards, news feeds and podcasts. if you short on time - start from last one. personally i prefer lectures done by Chaos Con folks/guests, but several other interesting events had speakers that share same conclusions and concern among that biz.
if you not really motivated to really had answers or asked "out of couriousity", or just think you time is cost more(to waste it atleast googling on-topic), then i think you should find someone else to help/teach.
So, you don't have any real arguments to prove your point of view.

I suggest you think about the following. AES is a deterministic algorithm. That is for any particular block of cleartext on input there's only ONE correct block of ciphertext on output possible while encrypting. Similarly, for any particular block of ciphertext on input there's only ONE correct block of cleartext on output possible while decrypting. It does not really matter if some particular implementation uses AES-NI or does everything using traditional instruction set, for any given block of data on input they should give you correct result on output, and there's always exactly ONE correct result possible.
 
User avatar
DanielJB
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon May 27, 2013 3:05 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Fri Apr 15, 2016 10:45 am

It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes.
 
vortex
Forum Veteran
Forum Veteran
Posts: 714
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Fri Apr 15, 2016 9:55 pm

Maybe he is worried about something like what happened with Juniper?
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Thu Apr 28, 2016 6:13 pm

It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes.
performance-wise properly implemented AES-NI - had Bigger boost than 15%.from 120% to 400%, up to ~180% average.
on Atom its almost 1/3-1/2(depend "generation" of) lower than "mainstream" CPU's, both because AES-NI implementation and tiny/weak CPU but still hard to not notice.
sadly both intel(eariler in beta) and AMD(in last versions of releasd of SDK/tools)withderw anything non-rinjael/AES in support. originally there was things like (partially-implemented, but still "Faster than without AES-NI")TwoFish, Serpent and incomplete CAST and BlowFish and other things alike(including DES and 3DES. no GOST and Stribog/Grasshopper)
since AMD FX and Cabini - AMD had better support of AES-NI, but in Broadwell and Skylake that gap was somewhat reduced between vendors.
so far most AES-Ni implementations rely on asm fine-tuning and Through profiling, making it Very platform-specific thing in each arch, which add another potential exploitation thus and speculations about.
but so far there wasn't any "free beer" in chiper so AES-NI "works" only when something Essential sacrificed ptimistically engineering and coding stuff. i cannot deny Real improvements in that and Potential of offoding/boosting it, but its remain Very computation-intentsive even with help of ASIC offloaders(FPGA-alike, GPU-alike, FPU-alike and SIMD-merger - much slower despite bigger flexibiity. and bigger "silicon-wise"(but that depends on strategy).
for particular details - its may be reasonably to study Particular Fab/company elements library and SDK to estimate numbers for decision making SoC/chips.
on MIPS, ARM, PPC - benefits smaller than x86 not cause stronger silicon limitations, but on "generally-weaker" chips tided to AES-NI, cause "non-offloaded"(and which cannot be(efficiently)offloaded)portion of - still remain bottleneck in crypto. so old tiny 32-bit chips suffer more than 64-bit with fat l1, l2 catche, wide FPU/SIMD and other offloaders/accelerators.
 
tarikin
newbie
Posts: 33
Joined: Sat Sep 24, 2016 11:55 pm
Location: Russia, Moscow

Re: Feature request: AES-NI instruction set for x86 RouterOS

Sun Sep 25, 2016 12:59 am

Are there any updates for this topic? Did Mikrotik implement AES-NI support in latest x64 chr releases?
How to check it out on running VM?
MTCNA MTCRE MTCTCE MTCWE MTCUME MTCSE MTCIPv6E
Mikrotik Consultant status since September 2016
 
Nnyan
just joined
Posts: 1
Joined: Fri Feb 24, 2017 8:40 pm

Re: Feature request: AES-NI instruction set for x86 RouterOS

Fri Feb 24, 2017 8:44 pm

Doesn't look like there is any interest in adding this feature, too bad b/c it's the only significant reason that Mikrotik gets knocked out of consideration. If you need this feature the performance improvements are very significant.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature request: AES-NI instruction set for x86 RouterOS

Mon Apr 03, 2017 5:12 pm

 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1746
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Feature request: AES-NI instruction set for x86 RouterOS

Mon Apr 03, 2017 5:58 pm


awesome !!!

good news to improve crypto performance !!!

cheap 65us pentium g4560 comes with AES-NI enabled and in flavors of 35watt and 51watt, 2 cores 4 threads cpu, very good option to build a powerfull and cheap CHR ROUTEROS box
 
bbs2web
Member Candidate
Member Candidate
Posts: 201
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: Feature request: AES-NI instruction set for x86 RouterOS

Thu Aug 09, 2018 11:49 pm

We have x86 and CHR virtual instances with CPU where hardware offloading does not enable.

Is there a guide smewhere?

Who is online

Users browsing this forum: MSN [Bot] and 120 guests