Does "crypto offloading" require the use of ASICs? Can the concept be applied elsewhere?

Question

I'm studying for the CCSP exam and the training material is a little vague on the term "crypto offloading".

The term was mentioned in passing while describing TLS:

TLS is a protocol designed to ensure privacy when communicating between applications. This can occur between two servers such as two SMTP servers passing mail, or between a client and a web server as in the case of an application that passes confidential or protected information of some type. In years gone by, this type of encryption put a burden on both the server and the client, but today's advanced application-specific integrated circuits (ASICs) solve that problem. These chips are designed specifically to handle cryptographic functions and are therefore much faster and efficient than having the main CPU in the machine handle the encryption. This is known as crypto offloading, but the term is not included in your test materials.

That got me to thinking though: Is the ONLY way to perform crypto offloading through the use of ASIC chips? Can the concept be abstracted to a host level where powerful/dedicated systems are handling the crypto operations? For example, would using hardware security modules (HSMs) be considered a form of "crypto offloading"? Or at the end of the day, does it all come back to the use of ASIC chips?

Hopefully my question makes sense. :-)

Answer 1

Simply put, not, crypto offloading does not require ASICs. To expand:

Crypto-offloading simply means removing the computational burden of encryption operations from a general purpose system, and performing them on a dedicated system instead. The example from your training materials is dealing with TLS, and removing the responsibility for encrypting the connect from mail or web servers, and leaving it to a purpose built SSL terminator instead. The actual underlying hardware (ASICs, in their example) is not important to the higher level concept.

In addition to SSL terminators (or load-balancers with TLS offloading capabilities) some other examples of encryption offloading are layer-2 network encryption appliances, VPN concentrators, or the example you proposed, HSMs, which can indeed serve to off-load crypto operations from an application or service.

Inside the SSL terminator, VPN concentrator, or HSM, you could be performing the crypto operations with ASICs, with FPGAs (as @cHao mentioned in a comment) or even with standard general purpose CPUs. 20 years ago, ASICs were a very common option due to the performance increase they could provide over the general purpose CPUs of the day. Today, not so much. You still will find devices with ASICs, but nothing really needs them any more. Even Seretas's 100Gb/s line rate link encrpytor uses much less expensive and more flexible FPGAs instead. General purpose CPUs are so much more powerful these days that not only can they handle reasonably heavy encryption as well, but many applications don't feel the need to off-load crypto at all any more...With today's CPUs (most of which even have specific AES instructions for encryption), the demands crypto places on them simply aren't enough to justify off-loading any longer.