Tamperproof devices and backdoors

[Enzo Michelangeli]

On another mailing list, someone posted an interesting question: how to
ascertain that a tamperproof device (e.g., a smartcard) contains no hidden
backdoors? By definition, anything open to inspection is not tamperproof. Of
course, one can ask the manufacturer to disclose the design, but there is no
way of verifying that the actual device really implements the design that
was disclosed, because the act of inspecting its innards could remove the
backdoor, and also the code thet implement the removal itself.

Any idea, besides relying on the manufacturer's reputation?

Enzo

[In the general case, Goedel, Turing and Rice come to our "rescue" by
telling us it is impossible. As you know, Rice's theorem (an easy
extention of Goedel and Turing) tells us any non-trivial property of
the recursively enumerable sets is undecidable.

Now, in practice, you would think things are better, but I refer
everyone to Ken Thompson's ACM Turing Award lecture "Reflections on
Trusting Trust"...

On the Other Other Hand, I vaguely remember a neat paper by Matt Blaze
some years ago that shows that certain classes of back doors, like
"good" back doors in conventional crypto systems, are equivalent in
difficulty to building a public key system. Anyone remember the name
of the paper and the exact content?

		--Perry, stepping way out of the usual moderator role.]

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com