[Cryptography] how reliably do audits spot backdoors?
Benjamin Kreuter
brk7bx at virginia.edu
Thu Dec 26 20:28:34 EST 2013
On Thu, 26 Dec 2013 14:45:31 -0500
James Cloos <cloos at jhcloos.com> wrote:
> >>>>> "BK" == Benjamin Kreuter <brk7bx at virginia.edu> writes:
>
> BK> So the fact that it is possible for the sum of two positive
> BK> integers to be a negative number is idiomatic?
>
> It is called modular arithmetic. So not just idiomatic, but expected.
In fact, it is undefined behavior in C -- because it is an signed
arithmetic overflow. You are thinking of unsigned overflow, which is
defined.
> Is there really anyone who has learned to code who doesn't understand
> that an N-bit register does math modulus 2^N? Or how twos-complement
> math works?
Really, if we are going to be doing modular arithmetic, *we should have
to be explicit about that*. The fact that the auditing process must
include steps like, "What is the size of the register this is stored
in?" or "Is this signed or unsigned overflow?" is a problem. Either
overflows should be trapped and reported as an error, or the default
integer type should be arbitrary precision.
> (There may be some these days unfamiliar with ones-complement, but
> unfamiliarity with unsigned modular arithmetic and twos-complement
> signed modular arithmetic seems to contradict an understanding of
> how current computers work. And understanding how a given chip works
> seems prerequisite to understanding how to code for it.)
I am pretty sure that nobody on this mailing list can claim to
understand all of the behavior of their CPU. Modern CPUs are
complicated and come with numerous undocumented features and
behaviors. There are inconsistencies between Intel and AMD
implementations of the same instructions (unsurprising given just how
many x86 instructions there are), and even between different Intel
CPUs.
The more your code depends on particular CPU implementations or
features, the harder your code is to audit. Even depending on
something as seemingly innocent as register sizes makes auditing more
complex than it should be.
-- Ben
--
Benjamin R Kreuter
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131226/2173f101/attachment-0001.pgp>
More information about the cryptography
mailing list