ASIC latency performance for 2048-bit RSA squaring

[JustinDrake]

This is a data point which may be of interest to provide context on what performance is possible with an ASIC (as opposed to off-the-shelf hardware such as CPUs/GPUs/FPGAs). The numbers below are based on research Ethereum and Filecoin are conducting for an RSA VDF ASIC based on the TSMC 16nm node.

We know of a circuit based on the SMIC 40nm node that takes 5.1ns per 2048-bit modular squaring. There is roughly a 2x performance gain from going to TSMC's 16nm FinFET node, and maybe another 2x from various further optimisations. (Such optimisations include using a custom latency-optimised 4:2 compressor cell, and those brought forward by an open-participation open-source competition we will run in 2019.)

In conclusion, we're looking at ~1.25ns per 2048-bit modular squaring for our VDF ASIC which is about 10,000 times faster than the Python benchmark.

VDF 10000 iterations, 2048bit RSA modulus                                        115.71 ms

[mariano54]

Excellent, thanks justin. Looking forward to that research and seeing how it can translate to class groups.

[JustinDrake]

The current best circuit that we know of does 2.11ns per 2048-bit modular squaring. That's using the TSMC 28nm HPC+ process. We now expect that the final circuit (on TSMC 16nm) will take less than 1ns per squaring, possibly closer to 0.5ns.