As we all know, the foundational iterated function in our Proof-of-Time (PoT) construction is the Advanced Encryption Standard (AES). This choice is far from arbitrary. It is grounded in a detailed technical and economic analysis conducted by Supranational LLC for us in 2022, which rigorously examined the performance characteristics of AES when executed in a sequential and time-bound context.
Understanding the latency bounds of AES—across CPUs, ASICs, and other hardware platforms—is critical to designing a secure and tamper-resistant PoT mechanism. The Subspace protocol relies on AES not just for its cryptographic pedigree but also for its predictable execution time, which can be reliably constrained and verified.
To assist readers in digesting the extensive technical report produced by Supranational LLC, we provide below an Executive Summary that distills the key performance metrics, hardware implications, and security considerations relevant to our PoT design. This summary is intended as a high-level overview before delving into the full technical depth of the original report.
Key Findings
- CPU Performance: The fastest available AES implementation on commodity hardware utilizes x86 AES-NI instructions, achieving approximately 600 picoseconds (ps) per AES round on 5 GHz processors. Under extreme overclocking (up to 8 GHz), this latency could theoretically be reduced to 375 ps. However, hardware evolution trends suggest that only marginal gains—up to 4-5x over current performance—are realistically achievable due to architectural tradeoffs and physical limitations.
- ASIC Feasibility and Design: A custom-built AES ASIC has significant latency advantages due to its specialized design constraints. Synthesized on older process nodes, prototype designs have demonstrated 4 GHz performance, yielding a ~2.5–3x improvement over CPUs. The theoretical lower bound for ASIC latency, based on critical path XOR logic analysis, is estimated at 125–135 ps—comparable to the best-case CPU scenario at 8 GHz.
- ASIC Cost and Scaling:
- Low-volume (MPW): An AES PoT ASIC can be prototyped for ~$5.25 million with 2–3x performance gains over CPUs.
- High-volume (Full Mask): With a budget of $8–26 million, aggressive ASIC design could yield 3–4x performance at scale (~50,000+ units).
- Alternative Platforms: GPUs, FPGAs, and off-the-shelf cryptographic accelerators are dismissed as viable alternatives due to their unsuitability for tightly timed, sequential workloads and inferior latency profiles compared to CPUs and ASICs.
Conclusion
AES remains a suitable and strategically robust choice for PoT in Subspace. It offers:
- Predictable, bounded performance improvements over time
- Hardware-tailored latency constraints that are hard to parallelize or accelerate beyond a modest factor (4–5x worst case)
- A practical path to ASIC development for further securing the time-based assumptions of the protocol
The full report will be attached in our next post. Enjoy reading!