From acb6d674f74d636c60f585dda33ee2c12476409b Mon Sep 17 00:00:00 2001
From: jaseg <git@jaseg.de>
Date: Mon, 27 Oct 2025 18:23:28 +0100
Subject: [PATCH] Add HSM datasheet sources

---
 chapter-nice-coils/chapter.tex |  6 +++---
 chapter-smpc/chapter.tex       | 22 ++++++++++++---------
 main.bib                       | 36 ++++++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 12 deletions(-)

diff --git a/chapter-nice-coils/chapter.tex b/chapter-nice-coils/chapter.tex
index 9387fca..63e48a1 100644
--- a/chapter-nice-coils/chapter.tex
+++ b/chapter-nice-coils/chapter.tex
@@ -264,11 +264,11 @@ voltage differential.
 The connecting order of turns was optimized at the assembly level by stacking coils in a particular
 way~\cite{flemingPrinciplesElectricWave1910} and at the component level by winding coils in a particular way to minimize
 the voltage differential between adjacent turns---a technique that is still used to this
-day~\cite{lopeFirstSelfresonantFrequency2021}. The main winding optimization in the first category concerns winding the
+day~\cite{lopeFirstSelfResonant2021}. The main winding optimization in the first category concerns winding the
 turns of a cylindrical multilayer inductor not layer by layer, but instead layering them diagonally, effectively
 connecting adjacent turns in a diagonal zigzag pattern. Then as now, wound inductors applying this technique were not
 feasible to manufacture reliably by machine, but the technique can be closely replicated in PCB inductors as shown in
-\textcite{leePrintedSpiralWinding2011}. The main limiting factors in a PCB implementation are the requirement for a
+\textcite{leePrintedSpiralWinding2011a}. The main limiting factors in a PCB implementation are the requirement for a
 large number of vias inside the inductor's turns limiting the achievable turn count\footnote{In PCBs, as opposed to
 integrated circuits (ICs), vias limit the achievable turn count when they need to be placed in-line inside the turns as
 opposed to on the inside or outside because a PCB's minimum trace/space widths are usually much smaller than the
@@ -366,7 +366,7 @@ two core observations:
 \end{description}
 
 Setting the inversion count to $k=1$ in our proposed scheme yields the conventional two-layer counterwound
-scheme~\cite{lopeFirstSelfresonantFrequency2021,sproHighVoltageInsulationDesign2021,leePrintedSpiralWinding2011}.
+scheme~\cite{lopeFirstSelfResonant2021,sproHighVoltageInsulationDesign2021,leePrintedSpiralWinding2011a}.
 
 \begin{figure}
     \begin{center}
diff --git a/chapter-smpc/chapter.tex b/chapter-smpc/chapter.tex
index 2124528..a9b11f5 100644
--- a/chapter-smpc/chapter.tex
+++ b/chapter-smpc/chapter.tex
@@ -1,7 +1,5 @@
 \chaptertitle{Case Study: Multiparty Computation in Scalable Hardware Security Modules}
 
-\section{Fast MPC and Slow HSMs}
-
 Multiparty Computation (MPC) is a cryptographic construct that allows several networked parties to jointly perform a
 computation in such a way that the inputs to the computation remain private to the parties providing them, and no single
 party must be trusted for the computation to produce the correct result. Conceptually, MPC is similar to a secret
@@ -34,17 +32,23 @@ output\footnote{
     protocol.
 }.
 
+\section{Fast MPC and Slow HSMs}
+
 MPC is a uniquely powerful cryptographic primitive, yet it has still not found widespread practical adoption. This is
 because MPC is extremely resource-intensive to run. MPC protocols exist on a continuum trading off between extreme
 memory and bandwidth requirements on one end and intense computational requirements on the other end. At a first glance,
 MPC and Hardware Security Modules look like they would complement each other well, but HSMs cannot keep up with the
 intense computational requirements posed by MPC.
 
-Commercially available HSMs are quoted to perform between X and Y\todo{Look up number range} individual cryptographic
-operations per second. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to
-X\todo{look up numbers} logic gates or Y\todo{look up numbers} x86-64 instructions, requires
-\emph{millions}\todo{Validate and add citation} of cryptographic operations when performed in MPC. As a result, applying
-conventional HSMs to MPC at any practical scale is infeasible by multiple orders of magnitude.
+Using P-256 curve ECC key generation as a benchmark, commercially available HSMs are quoted to perform between 3500 and
+22000 cryptographic operations per second~\cite{
+    kumarIBMZ16Performance2025,
+    ThalesLunaNetwork2024,
+    Utrust_GP_HSM_Se_Series_Datasheet_ENpdf,
+}. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to 7000 logic
+gates~\cite{wangGlobalScaleSecureMultiparty2017}, requires tens of thousands of cryptographic operations when performed
+in MPC. As a result, applying conventional HSMs to MPC at any practical scale is infeasible by multiple orders of
+magnitude. Literature on MPC commonly uses server hardware as a platform for benchmarks.
 
 HSMs are slow compared to contemporary computers because they are limited in their power dissipation, and power
 dissipation is largely proportional to processing speed. In the limited fields where HSMs have found commercial
@@ -126,7 +130,7 @@ the logical value $0$ and one $w_i^1$ for the value $1$. The mapping from logic
 randomly by the generator, and unknown to the evaluator~\cite{
     yaoHowGenerateExchange1986,
     beaverComplexitySecureProtocols1990,
-    evansPragmaticIntroductionSecure
+    evansPragmaticIntroductionSecure,
 }.
 
 Gates are represented in Yao's GC as truth tables with one row for every combination of input wire values. Each row of
@@ -165,7 +169,7 @@ Practically useful functions such as AES encryption have circuit implementations
 thousands of gates, meaning these costs quickly escalate for practical problem sizes.
 \cite{
     boyarNewCombinationalLogic2010,
-    songhoriTinyGarbleHighlyCompressed2015
+    songhoriTinyGarbleHighlyCompressed2015,
 }
 
 % FIXME This entire connecting section 
diff --git a/main.bib b/main.bib
index 811e152..0657777 100644
--- a/main.bib
+++ b/main.bib
@@ -2442,6 +2442,13 @@
   file = {/home/jaseg/Sync/Research/Zotero/2022_Götte_Scheuermann_Can’t Touch This.pdf}
 }
 
+@online{Goutimacocom84813320240417,
+  title = {Go.Utimaco.Com/l/848133/2024-04-17/3ld3sv/848133/{{1713340754fcnmfM7d}}/u.trust\_{{GP}}\_{{HSM}}\_{{Se}}\_{{Series}}\_{{Datasheet}}\_{{EN}}.Pdf},
+  url = {https://go.utimaco.com/l/848133/2024-04-17/3ld3sv/848133/1713340754fcnmfM7d/u.trust_GP_HSM_Se_Series_Datasheet_EN.pdf},
+  urldate = {2025-10-27},
+  file = {/home/jaseg/Zotero/storage/FZ7VSMEV/u.trust_GP_HSM_Se_Series_Datasheet_EN.html}
+}
+
 @online{greenbergSignalMoreEncrypted2024,
   title = {Signal {{Is More Than Encrypted Messaging}}. {{Under Meredith Whittaker}}, {{It}}’s {{Out}} to {{Prove Surveillance Capitalism Wrong}}},
   author = {Greenberg, Andy},
@@ -3759,6 +3766,17 @@
   file = {/home/jaseg/Sync/Research/Zotero/2012_Kryjak et al_FPGA implementation of camera tamper detection in real-time.pdf}
 }
 
+@misc{kumarIBMZ16Performance2025,
+  title = {{{IBM}} Z16 {{Performance}} of {{Cryptographic Operations}}: {{Cryptographic Hardware}}: {{CPACF}}, {{CEX8S}} with {{Quantum-Safe CRYSTALS}} Algorithms},
+  author = {Kumar, Dinesh},
+  date = {2025-03},
+  url = {https://www.ibm.com/docs/en/cryptocards?topic=4770-performance},
+  urldate = {2025-10-27},
+  langid = {english},
+  organization = {IBM},
+  file = {/home/jaseg/Zotero/storage/NNWPQWCX/Kumar - (Cryptographic Hardware CPACF, CEX8S with Quantum.pdf}
+}
+
 @article{kvk2019,
   title = {Internet of Things Based Monitoring of Large Rotor Vibration with a Microelectromechanical Systems Accelerometer},
   author = {Koene, Ivar and Viitala, Raine and Kuosmanen, Petri},
@@ -6845,6 +6863,15 @@ Archive 2: https://web.archive.org/web/20250510104017/https://de.linkedin.com/pu
   urldate = {2021-07-08}
 }
 
+@misc{ThalesLunaNetwork2024,
+  title = {Thales {{Luna Network HSM Product Brief}}},
+  date = {2024-10},
+  url = {https://cpl.thalesgroup.com/sites/default/files/content/product_briefs/luna-sa-network-attached-hsm-pb.pdf},
+  urldate = {2025-10-27},
+  organization = {Thales},
+  file = {/home/jaseg/Zotero/storage/62IF4C9R/luna-sa-network-attached-hsm-pb.pdf}
+}
+
 @article{tobisch2020,
   title = {Electromagnetic Enclosure {{PUF}} for Tamper Proofing Commodity Hardware and Other Applications},
   author = {Tobisch, Johannes and Zenger, Christian and Paar, Christof},
@@ -6998,6 +7025,15 @@ Archive 2: https://web.archive.org/web/20250510104017/https://de.linkedin.com/pu
   file = {/home/jaseg/Sync/Research/Zotero/2019_Technology_Security Requirements for Cryptographic Modules.pdf}
 }
 
+@misc{Utrust_GP_HSM_Se_Series_Datasheet_ENpdf,
+  title = {U.Trust {{General Purpose HSM Se-Series Datasheet}}},
+  date = {2025-04},
+  url = {https://utimaco.com/resources/downloads/data-sheets/utrust-general-purpose-hsm-se-series-datasheet},
+  urldate = {2025-10-27},
+  organization = {utimaco},
+  file = {/home/jaseg/Zotero/storage/FV32WI5N/u.trust_GP_HSM_Se_Series_Datasheet_EN.pdf}
+}
+
 @inproceedings{uzunCryptographicKeyDerivation2021,
   title = {Cryptographic {{Key Derivation}} from {{Biometric Inferences}} for {{Remote Authentication}}},
   booktitle = {Proceedings of the 2021 {{ACM Asia Conference}} on {{Computer}} and {{Communications Security}}},