An Open Crypto Chip

The Layer Cake Architecture Picture











Use Cases

RPKI/DNSSEC Signing

Transport VPNs

Routers and TCP/AO

Email

Federations, Identity Systems, SSO etc

Password Stretching & HMAC:ing

PGP and SSH Keys on a Stick

High Quality Entropy Randomness

A Communications Terminal Doing One Thing Well, Like Jabber w/o X11

HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages)

Password management

Basic Functions of Crypto Chip

Key Generation

Key Storage

Key Wrap

Key Unwrap

Hash

Sign

M of N Sign

Verify Signature

Encrypt

Decrypt

KDFs, e.g. Password Stretching (a la PBKDF2)

Random (RO + noisy diode?)

Key wrapping

We need to support key wrapping. Some pointers:

Things we Should Try To Do, Even if we Can't Do Them Perfectly

Tamper Protection (wipe on signal, suggest detectors, suggest potting features)

Side Channel Attack Reduction

Rough Cut at v0.01 Proof of Concept Feature Set

As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a proposed version 0.01 product as a proof of concept and a demonstration of the project tools, team, and architecture





Ongoing Decisions and Research

Security Target Description

Performance Target(s)

Tool-Chain Investigation

Prototype Design

Testing / Assurance Methods for all Components

Verilog/RTL assurance, with open source and with proprietary

Prototyping Platform(s)

Documentation, Decision History, & Transparency







Ongoing Development

v0.1 Major Sub-Projects

Security Goals and Documentation

Agreement

Specification

Development Platform

The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: ​ http://www.kosagi.com/w/index.php?title=Novena_Main_Page

TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: ​ http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830

Here is a writeup on how to setup and run coretest_hashes on the C5G board.

TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: ​ http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593

Component Libraries

Research

Select

On-chip Interconnect Standards to use.

Methods and Validation

Overall Strategy

Following the Tool-Chain

Detailed Specification

Feature Set

QA & Documentation

Green/Yellow Software Support

Spec / ABI

Development

Documentationa and Testing

Assured Linux Platform

DDC Compiler

System Build

Minimal Component Set

v0.1 Project Timeline

February 2014

Specification of v0.1 Goals and Feature Set

Security Goals & Documentation Outline

July 2014

SHA & AES

September 2014

TRNG

Assured Linux Platform - Initial Report

November 2014

Security Goals & Documentation Overall and v0.1

RSA Signing on Bunnie Board

Assured Linux Platform - Compiler

March 2015

v0.1 Protoype

Future Development

The v0.1 version of CrypTech? is not the last version nor the only possible version. The project for example consider possible ASIC Implementations.