Crypto to defend chip IP: snake oil or good idea?
Anne & Lynn Wheeler
lynn at garlic.com
Fri Jul 28 20:46:54 EDT 2006
Thor Lancelot Simon wrote:
> The simple, cost-effective solution, then, would seem to be to generate
> "static serial numbers" like cipher keys -- with sufficient randomness
> and length that their sequence cannot be predicted. I still do not see
> the advantage (except to Certicom, who would doubtless like to charge a
> bunch of money for their "20-40k gate crypto code") of using asymmetric
> cryptography in this application.
which effectively gets you the same as the secure hash scenario for the
static account number scenario ... example immediately following the
million static serial numbers in the same post:
http://www.garlic.com/~lynn/aadsm25.htm#4
which is countermeasure to attackers taking advantage of regular pattern.
however, if the static serial number is ever used for any purpose ... it
then has to be exposed ... since it is static ... it then is subject to
skimming, evesdropping, etc ... and then used in replay attacks,
i.e. previous post
http://www.garlic.com/~lynn/aadsm25.htm#4
the only equivalent of static serial number to private key is if it is
never exposed ... which effectively implies that it is never used,
i.e. previous post
http://www.garlic.com/~lynn/aadsm25.htm#4
for years the standard security response has been that the best security
is to lock it away and never use it and/or provide access.
if it is ever used for any purpose ... then it can be exposed all over
the place ... in manner similar to static account numbers (even with the
static secure hash) described in the same posting as the million account
number scenario, i.e. previous post
http://www.garlic.com/~lynn/aadsm25.htm#4
so is the issue really with asymmetric key cryptography technology done
in custom circuit design ... or is the issue with certicom??
btw, the 40k circuit core design that i referred to done in late 99 and
early 2000 had no certicom content ... even the ecc was done w/o any
certicom content.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list