USB Cryptoprocessors?

Does anyone know if USB cryptoprocessors are a thing, and if they are, would they work with OpenWRT? I've been trying to look for such a device, but I'm struggling to find anything. I've found a few HSMs (Hardware Security Modules), but I'm not sure if they would support hardware decryption/encryption, or whether it would even be fast enough.

Basically, I was hoping I might be able to get a USB cryptoprocessor to help take the load off the CPU in my router.

what kind of crypto?

If it supported any of these, I might be interested:

  • CHACHA20-POLY1305
  • AES-256-GCM
  • AES-256-CBC
  • AES-192-GCM
  • AES-192-CBC
  • AES-128-GCM
  • AES-128-CBC

For AES you need CPU with built-in AES accelerating instructions. This mean some ARM chips or x86.

For ChaCha20-Poly1305 - at this moment there isn't accelerators because this is lightweight but strong encryption. Actually ChaCha20 is encryption, Poly1305 is hashing.

To clarify, AES is hard to do fast in software. Too much galois field math.

Thanks. I already switched to CHACHA20-POLY1305, which seemed to help; however I didn't actually try benchmarking. I checked which crypto standards were supported by my chipset, and it does not do anything above AES1. I thought perhaps there might be cryptoprocessor devices you could just plug in, but I'm getting the feeling they either don't exist or are extremely niche.

Since even cheap Celeron processors and many ARM cores have AES-NI these days I just don't think the kind of offloading you're discussing has a real demand. For like $200 you get a Celeron based mini PC and you're off to the races.

In fact the most likely way to implement such a thing would be to put an ARM core with AES support in a USB device. By the time you're doing that it's going to be a big fraction of the price of a good ARM router.

1 Like

It would just be convenient if I could stick in a USB device in the back of my router, that would handle popular crypto algorithms. I just thought maybe such a device might exist. I am not surprised such a thing is considered niche, or simply non-existent.

Your computer's main CPU will always be faster than any USB device you could add, not only because of the (in comparison) tiny bandwidth USB can offer.

And? What does that have to do with my question? I was asking about something that would offload the cryptography processing, taking some strain off my router's CPU. And how do you know the CPU would be faster? Based on what? Faster in what sense? I'm talking about a device that would probably have a custom logic chip that handled a particular cryptography algorithm. How can you be so sure a custom chip would be slower? What's your source?

I was just asking if such a device exists, from people's lack of knowledge of such a device, it sounds like it probably doesn't exists. That's all I needed to know.

Also, USB3 supports up to 5 Gbit/s according to Wikipedia. My router at the moment only supports up to 20 Mbit/s with a VPN. What gave you the idea that my current bandwidth was more than USB3.0? Even USB2.0 might be faster than my connection, according to Wikipedia: Even though it would only be a small improvement, it would still take load off my main CPU, letting it do other things, so if the price was right it would still be worthwhile.


I think the point was that for a regular desktop computer such a USB device would be pointless. Without regular computers being part of the market it'd be a really super niche market, and also a market exclusively extending very low powered old devices.

Anyway, the solution is to upgrade to a router with a crypto core built-in, such as one of the ARM based devices that includes the crypto instructions (for example RPi4 does NOT)

Yes, I realise buying a faster router would help me get better speeds. That wasn't my question.

I was wondering if I could add something to my existing router to make it faster. Obviously, I realise buying a fancier more expensive router would allow me to do faster decrypting. That wasn't my question!

I've muted the notifications and I'll assume that such a device simply doesn't exist. I don't want to read any more replies stating the obvious, like, buy a faster router, or making wild assumptions about CPUs being faster than custom chips (with specific decryption algorithms). That's not helpful.

This router I'm talking about is brand new on the market. It's mid-range. I don't need to be reminded that the product is niche. I wouldn't be here asking it it existed if it wasn't.

Don't know if it still valid, but if only single device update shall be considered, then maybe this would be a solution:

The potential issue is, that this EVA kit is EOL. Silicon on the other hand not... The SW drivers are here:

The other possibility, build on your own around this this extension board:

The issue here would be the USB to I2C / SPI interface...

Or you could buy a RockChip based NanoPi R4S which includes AES Crypto instructions for $79 and be done with it.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.