[Cryptography] NSA and cryptanalysis

Anne & Lynn Wheeler lynn at garlic.com
Mon Sep 2 14:05:19 EDT 2013 

recent post with email discussing PGP-like implementation ... a decade before PGP in financial crypto blog
http://www.garlic.com/~lynn/2013i.html#69
and then a little later realizing there were 3-kinds of crypto (when I was told I could make as many boxes as I wanted ... but could only sell to a certain gov. agency).

In the late 90s, I worked on crypto chip for financial applications ... I would facetiously talk about taking a $500 mil-spec chip and cost reduce by 2-3 orders of magnitude while making it more secure (final objective was well under a dollar). Part of the objective was also to eliminate all the vulnerabilities that payment chips being done primarily in Europe were prone too. Long winded thread in financial crypto blog
http://www.garlic.com/~lynn/subintegrity.html#yescard

About that time, I was also approached by the transit industry to make the payment chip meet transit turnstyle requirements (while not reducing any security) ... this was a contactless chip being able to do crypto operation in 1/10th sec elapsed time and power profile of contactless transit turnstyle operation.

RSA chips at the time were really large implementing 1024-bit arithmatic requiring enormous power and contact operation to get time in a few seconds. It turns out I could have a AADS chip strawman with ECC that was higher integrity *AND* could meet the transit industry turnstyle contactless power & elapsed time profile. some past references to AADS chip strawman
http://www.garlic.com/~lynn/x959.html#aadsstraw

I was also asked to give presentation at Intel trusted computing ... gone 404 but lives on at wayback machine
http://web.archive.org/web/20011109072807/http://www.intel94.com/idf/spr2001/sessiondescription.asp?id=stp+s13

one of the problems in the early part of the century was that I wanted to go for higher than EAL4+ evaluation ... but NIST(somebody) pullled the ECC evaluation criteria ... and since ECC was part of the chip silicon ... w/o the ECC evaluation criteria ... I had to settle for EAL4+.

Possibly part of the issue with AADS chip strawman was I approached it as purely a cost issue ... and the objective was to eliminate all possible costs from the whole infrastructure ... the side effect of course, it also eliminated all related profit.

-- 
virtualization experience starting Jan1968, online at home since Mar1970

More information about the cryptography mailing list