LOGIN   :::   RECOVER PASS   :::   GET ACCOUNT    
Browse
  • Projects
  • Code (CVS)
  • Forums
  • News
  • Articles
  • Polls
    •  
    OpenCores
  • FAQ
  • CVS HowTo
  • Mission
  • Media
  • Tools
  • Sponsors
  • Mirrors
  • Logos
  • Contact us

    •  
    Tools
  • Search
      
  • Download Cores (CVSGet)
    •  
    More
  • Wishbone
  • Perlilog
  • EDA tools
  • OpenTech CD
    •  
    Navigation: All forums > Cores > Message List > Message Post

    Message

    Reply | Reply all
    Date Prev | Date Next | Thread Prev | Thread Next Date Index | Thread Index

    From: thilo<jeremias@o...>
    Date: Sat Jan 14 07:25:26 CET 2006
    Subject: [oc] Cryptographic hardware
    Top
    Wesley J. Landaker wrote:

    >On Friday 23 December 2005 08:16, Nicolas Boulay wrote:
    >
    >
    >>Describe a way to study a black box that is supposed to make a good AES
    >>
    >>
    I'm curious what is not good?
    The only irrational bit there is the key generator, and that needs to
    come from a random source. So you would either need
    a good random generator, or an unpredictable pseudo random generator
    (nowadays called deterministic bit generator). If the key is generated
    (and confined) inside the black box, how would you be able to verify
    the output?

    >>(for example) encryption but how to be sure that :
    >>1) the encryption is a good quality (key generation ?)
    >>
    >>
    -- make the key-generation extern to the black box.

    >>2) There is no "undocumented" feature
    >>
    >>Maybe it's impossible to do it. But maybe a kind of design could expose
    >>those internal in a certain manner that permit external observer to
    >>garantie what the hardware does.
    >>
    >>
    >
    >I think this is by definition an impossible task if it's really a "black
    >box". Given a "black box" takes inputs I and gives outputs O, given over
    >time t:
    >
    >1. There are an infinite number of (I,t) pairs.
    >
    >
    Wrong, i.e. a 256 bit aes (key-size) has exactly 2^256 different inputs
    and each input maps (by definition) to exactly one output
    I assume we are talking ecb mode.

    >2. Every possible sequence of inputs (I,ti) must be tested and compared
    >
    >
    Maybe, but in reality if the box passes the nist test-vectors, and if
    it's design is verified by an independant authority (e.g. nist)
    it can be trusted (gets expensive).

    >against all possible outputs (O,to) where to >= ti.
    >3. It would take infinite time/space to test this.
    >QED
    >
    >
    >For example, what about black box that you suspect stores that last 1024
    >encryption keys used and spits them out instead of the normal expected
    >encrypted data when a certain sequence of data is input? How can you prove
    >that this is NOT the case? Only by testing every possible input sequence,
    >or by breaking open the black box and checking some other way.
    >
    >If you're even slightly worried about it, it's better to not even think
    >about using a black box. =)
    >
    >
    >
    >
    >
    Is that now theoretical or do we want to be pragmatic?

    thilo

    >------------------------------------------------------------------------
    >
    >_______________________________________________
    >http://www.opencores.org/mailman/listinfo/cores
    >

    ReferenceAuthor
    [oc] Cryptographic hardwareWesley J Landaker

    Follow upAuthor
    [oc] Cryptographic hardwareWesley J Landaker

     
    Copyright (c) 1999 OPENCORES.ORG. All rights reserved.