[Cryptography] Photon beam splitters for "true" random number generation ?

John Denker jsd at av8n.com
Tue Dec 29 07:54:03 EST 2015

On 12/28/2015 11:30 PM, Jerry Leichter wrote:
> I wonder about the [flash memory] physics here.  Can a block go bad
> in such a way that it can be read but can't be erased?  (The
> practical significance of such a failure mode - assuming it's
> unlikely - is likely of little importance; I'm just "wondering out
> loud".)

1) Yes, such a failure is verrry unlikely.  It's getting into tin-foil
hat territory.  It would cost the adversary a billion dollars per bit,
on average, to get information this way.

2) It's more unlikely than that, if bits can be read but not erased,
 since it is trivial for the controller chip to notice the problem 
 and alert the user, whereupon he immediately takes the memory chip 
 to the belt sander.  More specifically, a successful attack would
  a) failure to write (i.e. preconditioning, which suffices for obliteration)
  b) failure to erase (which also suffices for obliteration)
  c) failure to read, in such a way that neither (a) nor (b) gets noticed.

I'm not saying correlated failures are impossible (hint: United 232)
but there are ways of reducing them to a very low level (fault tree 

This decreases the window of vulnerability by additional orders
of magnitude.  This gives the hat an extra layer of tin foil.

> Of course, *if* such a failure is possible, the next question is 
> whether it can be "encouraged" by an attacker.

3) It is uneconomical for the attacker to "tailor" the flash-chip
physics.  That's because there are incomparably easier ways of
compromising the overall device, e.g. "tailoring" the controller
chip, which they have already been doing, e.g. Stuxnet.

There are things we can do to make the controller chip more secure
than it is today, but even so, it will remain a bigger target than
the memory array.  So this gives the hat a third layer of tin foil.

More information about the cryptography mailing list