Re: [Cfrg] FIPS or equivalent approvals
Alyssa Rowan <akr@akr.io> Tue, 29 July 2014 17:59 UTC
Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99E831B29FA for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 10:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cPCpHpkH490a for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 10:59:56 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C04AA1A03DE for <cfrg@irtf.org>; Tue, 29 Jul 2014 10:59:56 -0700 (PDT)
Message-ID: <53D7E119.7040209@akr.io>
Date: Tue, 29 Jul 2014 18:59:53 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: cfrg@irtf.org
References: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com>
In-Reply-To: <CAMm+LwhYWfP30=rdYQoVZ=Ns8dCn2HdjKLLPCP7Yw540eifvOg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/l-hiUvxLLEB_SclsCAElE9SwEAA
Subject: Re: [Cfrg] FIPS or equivalent approvals
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 17:59:59 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 29/07/2014 16:03, Phillip Hallam-Baker wrote: > trustworthy HSMs A mammoth problem, and not one I believe CFRG is really in a position to solve. Given EDGEHILL and BULLRUN and related concerns about the CESG/FIPS validation processes, I feel a HSM/smartcard/token design actually worthy of third-party trust would need: • Open, transparent, public open-source design, from software down as far as practical - right down past the mask to the gate/process level if possible; • To be publicly and independently tested, verified and verifiable; • To be practically immune to all known or reasonably speculated attacks No current vendor or product meets - or even comes close to meeting - those criteria, as far as I am aware. [And if you think one does, or intends to try, please let me know, as it is an area of interest!] Since you'd be looking at a clean-slate design with a completely different (dramatically open, nothing-up-my-sleeves) approach compared to the (closed, black-box, relatively analysis-hostile) status quo of current commercial crypto hardware, I see no good reason to be chained to any particular legacy algorithm at all - let alone (EC)DSA. In fact, I'd be tempted to suggest that one good approach might be to make a (very) special-purpose, cut-down open-source CPU, with verifiable design, well-defended (constant time & power; cacheless? parity? Microcode-free?), and particularly good at the kind of operations often used in crypto, pair it with a well-vetted NDRNG, and then to write verifiable software for that base implementing the actual algorithms. Minimises the trust base; maximises flexibility; possibly could extend service life of the design. But I'm not sure it falls within scope of this group. Links which might be of some interest: • https://cryptech.is/ - directly relevant; an attempt to do this • https://sel4.systems/ - tangentially relevant; now open-source! • http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ - perhaps irrelevant exactly, but I found it interesting research anyway - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT1+EZAAoJEOyEjtkWi2t6qbUQAK7jOqyoIq2tizyZ91raTsBG cC46E7qsg0aR6o+WFmu8ZX9Hsl/A6GcqdyeS04j4wMn3q6fXXd2qKTrESYYO4tCM 22d9JsOReqqfBD6CodzYOZtAtrJXC5962Ae5XK+B6x5i59VLIbs6YHIBoBoHfwLd q6aBHDnUH4SuyyEB14swpbdUFpw9VMcyEjLatdeF1Sfufaca2bPpGjXIdBZGzb3a tyUUM3xKIvXfCrsUaIN3jeeh3vk2fOKzzeMioCntj+OVf8pnuCWbeCrQK13s4smH wrYRWcN2o83fA0MbmhfN3ExnKFA/FlvqNlZ844roYh5OJAOAFJXQsSCDC5+2AOII 7yQCygXv00Zk1bEABHHV6jokcamRyts8EkoSYXfU3mFCTmPgtq674dKxl0O6jWtx V7yydsi6dK/g2H+SWT7gXVKooxkJ5FHh4OaRZsY76sXxVx8rhc9c6tMl9TE5Ko/+ hB2yqCmZfrI4CwaLMsXHqOWq3gwYyqfUKM6UmTB+8/aeO9j37zSFjm4l9CcqJnXl MOlPOO8ID8c3yMW4uOS+iGDOmM0RuMgNJ1LxC2rgZDLptJ4r7LiWaZA4fyEAQ8Zr nM+EzVTtNwxP/Bh5oIRtUISUCznEU+B4nH9DXHJLOQXGd/0cisWDQLrqwnujaXib BvS7ygZXI7XFmW3osnQs =pbJf -----END PGP SIGNATURE-----
- [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Paul Hoffman
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals Robert Moskowitz
- Re: [Cfrg] FIPS or equivalent approvals Alyssa Rowan
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Phillip Hallam-Baker
- Re: [Cfrg] FIPS or equivalent approvals Salz, Rich
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals David Jacobson
- Re: [Cfrg] FIPS or equivalent approvals Randy Bush