[Cryptography] God Mode backdoors
Bill Frantz
frantz at pwpconsult.com
Sat Aug 18 11:44:25 EDT 2018
On 8/17/18 at 7:24 PM, bear at sonic.net (Ray Dillinger) wrote:
>If you really want to do crypto without backdoors, I think you have very
>few options, and even fewer practical options.
>
>It is easy to construct a backdoor that is infeasible to ever detect...
>
>1) trust the vendors...
>
>2) play the torturous and failure-prone game of trying to game
>probably-insecure hardware into doing probably-secure crypto - there are
>ways to do it where the hardware that the chip designer/saboteur expects
>to see the plaintext, never actually sees the plaintext, so it can be in
>backdoor mode without having the crypto instructions actually betray
>secrets. And you could even obfuscate the XOR by doing it on a
>different processor, like your sound card or hard drive controller. You
>might get people to use this application, but only a very few hardcore
>people. And that would put parts all over and be complicated, so you'd
>probably screw up implementing it.
>
>3) make or procure an electromechanical machine...
>
>4) fab your own relatively primitive circuit board using basic (non-CPU)
>components and circuit traces anybody can check by eyeball. The crypto
>you can build this way is very limited. Probably about the same set of
>nobody would do this.
The big question with any approach is where is the plain-text
secret kept. If it is on an Internet connected computer, game
over, you lose. So let's assume it is on a computer which does
not have the hardware to connect to the Internet -- no WIFI or
Bluetooth and no Ethernet connection. A Raspberry Pi or the like
might do.
We still have a computer with back doors -- one for NSA, one for
GCHQ, one for China, etc. We can improve our confidence in the
containment by housing the computer in a metal box and adding
ferite suppression to all the wires going into and out of the
box. (These wires might connect to a keyboard and a display.) If
we can keep our plain-text inside the box, then we are still
safe. We can even have that computer do the encryption, with a
lot of ifs ands and buts.
If we use trusted hardware to do the encryption, or verify the
encrypted data does not include backdoor information, how do we
built that hardware? I can see three ways:
(1) Build it out of small scale ICs -- hex inverters, and
quad nand gates for example. It seems very hard to put a
backdoor into this kind of system. I have seen a 6502 built this
way. It was about a cubic foot and could run Apple ][ programs.
(2) Build it using a FPGA. There could be backdoors in the
FPGA, but going from a device programmed at the gate level to a
useful backdoor at the CPU level seems like it might be hard.
(3) Run your own fab. Old fab equipment is available at
prices that are affordable by individuals. I read about one guy
who has his own fab in QST. I know another fab owner personally.
She says her yield is currently limited by not having a good
clean room, but she is getting some functioning chips in her garage.
So, just how much performance do we need from the trusted hardware?
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos,
CA 95032
More information about the cryptography
mailing list