[Cryptography] God Mode backdoors

Bill Frantz frantz at pwpconsult.com
Sat Aug 18 11:44:25 EDT 2018 

On 8/17/18 at 7:24 PM, bear at sonic.net (Ray Dillinger) wrote:

>If you really want to do crypto without backdoors, I think you have very
>few options, and even fewer practical options.
>
>It is easy to construct a backdoor that is infeasible to ever detect...
>
>1) trust the vendors...
>
>2) play the torturous and failure-prone game of trying to game
>probably-insecure hardware into doing probably-secure crypto - there are
>ways to do it where the hardware that the chip designer/saboteur expects
>to see the plaintext, never actually sees the plaintext, so it can be in
>backdoor mode without having the crypto instructions actually betray
>secrets.  And you could even obfuscate the XOR by doing it on a
>different processor, like your sound card or hard drive controller.  You
>might get people to use this application, but only a very few hardcore
>people.  And that would put parts all over and be complicated, so you'd
>probably screw up implementing it.
>
>3) make or procure an electromechanical machine...
>
>4) fab your own relatively primitive circuit board using basic (non-CPU)
>components and circuit traces anybody can check by eyeball.  The crypto
>you can build this way is very limited.  Probably about the same set of
>nobody would do this.

The big question with any approach is where is the plain-text 
secret kept. If it is on an Internet connected computer, game 
over, you lose. So let's assume it is on a computer which does 
not have the hardware to connect to the Internet -- no WIFI or 
Bluetooth and no Ethernet connection. A Raspberry Pi or the like 
might do.

We still have a computer with back doors -- one for NSA, one for 
GCHQ, one for China, etc. We can improve our confidence in the 
containment by housing the computer in a metal box and adding 
ferite suppression to all the wires going into and out of the 
box. (These wires might connect to a keyboard and a display.) If 
we can keep our plain-text inside the box, then we are still 
safe. We can even have that computer do the encryption, with a 
lot of ifs ands and buts.

If we use trusted hardware to do the encryption, or verify the 
encrypted data does not include backdoor information, how do we 
built that hardware? I can see three ways:

   (1) Build it out of small scale ICs -- hex inverters, and 
quad nand gates for example. It seems very hard to put a 
backdoor into this kind of system. I have seen a 6502 built this 
way. It was about a cubic foot and could run Apple ][ programs.

   (2) Build it using a FPGA. There could be backdoors in the 
FPGA, but going from a device programmed at the gate level to a 
useful backdoor at the CPU level seems like it might be hard.

   (3) Run your own fab. Old fab equipment is available at 
prices that are affordable by individuals. I read about one guy 
who has his own fab in QST. I know another fab owner personally. 
She says her yield is currently limited by not having a good 
clean room, but she is getting some functioning chips in her garage.

So, just how much performance do we need from the trusted hardware?

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, 
CA 95032

More information about the cryptography mailing list