[Cryptography] HSM's

Natanael natanael.l at gmail.com
Sun Jan 19 03:22:55 EST 2014 

Den 19 jan 2014 06:43 skrev "Jerry Leichter" <leichter at lrw.com>:
>
> On Jan 18, 2014, at 1:07 PM, Bill Frantz wrote:
> >> Open question:  What do people think of the production of big important
> >> keys using the old compliance method of "must use a HSM" now ?
> >
> > I have always looked at HSMs as black boxes built by people I don't
trust. If I built it I would feel different, but you should be
uncomfortable using my HSM. Getting mutually suspicious people to trust the
same HSM is an interesting social/technical problem.
> I'd look at this differently:  Is there a construction that preserves the
good properties of HSM's (potential for a very small attack surface)
without the bad ones (you either have to trust a sealed box that someone
else built, or be willing to create it yourself from scratch)?  If you look
at this as analogous to network routing - where there is great utility in
using the large number of "black box" routers out there to communicate,
even if you don't trust any of them - then something akin to the
construction of a mix suggests itself.  That is, could you define a
standard interface to an HSM with the property that it's "securely
composable":  You can combine a bunch of HSM's and get something with the
same interface, but such that as long as at least one of the HSM's lives up
to its security properties, the whole ensemble does?  Can you, under some
assumption like "each box may be separately cheating, but they don't
cooperate" get something even stronger?
>
> It seems to me that such a thing should be possible, but it would take
some work to actually formalize (a) the relevant security properties; (b)
the HSM interface; and only then (c) the proof that what you have is,
indeed, securely composable.
>                                                         -- Jerry

Wouldn't that simply be a matter of using algorithms like Secure Multiparty
Computation among a number of devices that has a shares of a key split
among them using something like Shamir's Secure Sharing Scheme?

- Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140119/55f798d5/attachment.html>

More information about the cryptography mailing list