In computing, a cryptographic accelerator is a
co-processor
A coprocessor is a computer processor used to supplement the functions of the primary processor (the CPU). Operations performed by the coprocessor may be floating-point arithmetic, graphics, signal processing, string processing, cryptography
...
designed specifically to perform computationally intensive cryptographic operations, doing so far more efficiently than the general-purpose
CPU. Because many servers' system load consists mostly of cryptographic operations, this can greatly increase performance.
Intel's
AES-NI
An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...
is by far the most common cryptographic accelerator in commodity hardware.
VIA PadLock VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the ...
is another recent example.
Operating system support
Several operating systems provide some support for cryptographic hardware. The
BSD family of systems has the
OpenBSD Cryptographic Framework
The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2 ...
(OCF),
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
systems have the
Crypto API,
Solaris OS has the Solaris Cryptographic Framework (SCF) and
Microsoft Windows has the
Microsoft CryptoAPI
The Microsoft Windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows ...
.
Some cryptographic accelerators offer new
machine instructions and can therefore be used directly by programs. Libraries such as
OpenSSL and
LibreSSL
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD ...
support some such cryptographic accelerators.
Almost all
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems use
OpenSSL or the fork
LibreSSL
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD ...
as their cryptography library. These libraries use cryptographic accelerators such as
AES-NI
An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...
if available.
See also
*
SSL acceleration
TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator.
Typically this ...
*
Hardware-based Encryption
{{Hardware acceleration
Hardware acceleration
Computer optimization
Coprocessors
Cryptographic hardware