[Cryptography] [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say
Bill Cox
waywardgeek at gmail.com
Mon Dec 23 00:33:15 EST 2013
On 12/22/2013 1:36 AM, ianG wrote:
> This is a good point. Using RISC chips would be a substantial defence
> against the attack that has been outlined (leaving aside the obviously
> contentious debate as to whether the risk is serious).
>
> What RISC CPUs are there these days in widespread deployment in
> off-the-shelf general purpose computers?
I audited David Patterson's class (the prof who coined the term RISC) in
the 80's. I was even hired as an undergrad to write test vectors for
the SPUR CPU, and later did some diagnostics for the SPARC HP CPU. I
designed a super-tiny RISC microconroller for a .35u process last
month. I wont bill myself as a RISC expert, but I'm far from ignorant.
AFAIK, every successful high-end CPU today has incorporated the RISC
architecture as it's core processing unit. Intel wraps huge amounts of
circuitry around it, but at the heart, it's RISC. At the same time,
every successful RISC architecture today is now way more complex than
the CISC CPUs they used to compete with. There's really no such thing
as a RISC vs CISC CPU anymore. RISC won in the core, and CISC won in
dealing with complexity, and now they're all hybrids of both.
Anyway, it's a nice thought that RISC CPUs might provide more trust due
to their simplicity, but given the complexity of modern RISC
architectures like ARM, forget it. There's no modern CPU of any
reasonable performance that isn't too complicated to easily audit.
There's a lot of room for back doors that no one would ever find, RISC
or CISC, IMO.
More information about the cryptography
mailing list