diff options
author | Luke Kenneth Casson Leighton <lkcl@lkcl.net> | 2021-02-13 17:19:01 +0000 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2021-02-13 17:19:37 +0000 |
commit | 4e1ede1f02c3193833b87bbc4125e746fac7660f (patch) | |
tree | 30d61e0885889331f0c5c76fc3f1f30906997836 /82 | |
parent | d5f4b3c1f8e60987d569a92c87a73b0be61e2c96 (diff) | |
download | pi-bitcoindev-4e1ede1f02c3193833b87bbc4125e746fac7660f.tar.gz pi-bitcoindev-4e1ede1f02c3193833b87bbc4125e746fac7660f.zip |
Re: [bitcoin-dev] Libre/Open blockchain / cryptographic ASICs
Diffstat (limited to '82')
-rw-r--r-- | 82/68717c9192a383948d4319763e2f4dc0cce149 | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/82/68717c9192a383948d4319763e2f4dc0cce149 b/82/68717c9192a383948d4319763e2f4dc0cce149 new file mode 100644 index 000000000..50a75b7a5 --- /dev/null +++ b/82/68717c9192a383948d4319763e2f4dc0cce149 @@ -0,0 +1,116 @@ +Return-Path: <lkcl@lkcl.net> +Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) + by lists.linuxfoundation.org (Postfix) with ESMTP id 71887C013A + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 13 Feb 2021 17:19:37 +0000 (UTC) +Received: from localhost (localhost [127.0.0.1]) + by fraxinus.osuosl.org (Postfix) with ESMTP id 6AF3E85A84 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 13 Feb 2021 17:19:37 +0000 (UTC) +X-Virus-Scanned: amavisd-new at osuosl.org +Received: from fraxinus.osuosl.org ([127.0.0.1]) + by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id r_Z8XR9MvX7t + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 13 Feb 2021 17:19:36 +0000 (UTC) +X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 +Received: from lkcl.net (lkcl.net [217.147.94.29]) + by fraxinus.osuosl.org (Postfix) with ESMTPS id 7EBB985A00 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 13 Feb 2021 17:19:36 +0000 (UTC) +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lkcl.net; + s=201607131; + h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version; + bh=tNxI/eGlPnc5BvRplLFtNVjA2WPqFr+0JG7Bv+0BEcQ=; + b=FfJwtf3LrnUj6J4DItoOXHnzTVN2I5nlfmsIqdFO3i3or4ZaKAz4RH0qGFzoa+5jcOXz4jAUYEpaLSr+fU+QlUzxgL9Kr8/f4BchGE0cTfSFS0Jlib+YKCUkm4NWrxxokHJAy4s3K7TFhSX3FqUYWEY5OpPAn82gaFU8H5C86Mo=; +Received: from mail-lf1-f53.google.com ([209.85.167.53]) + by lkcl.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) + (Exim 4.84_2) (envelope-from <lkcl@lkcl.net>) id 1lAyZx-0003Kx-RP + for bitcoin-dev@lists.linuxfoundation.org; Sat, 13 Feb 2021 17:19:33 +0000 +Received: by mail-lf1-f53.google.com with SMTP id v24so4094852lfr.7 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 13 Feb 2021 09:19:18 -0800 (PST) +X-Gm-Message-State: AOAM530eMi6bGiwy/qRePLnxlKUAMslKuqnT/txNcW2o9sXA3svbtl7Y + e4A7qS857db4nI5XcT+R2jk6X9QwEH7YHNfD4B0= +X-Google-Smtp-Source: ABdhPJzV2B/F2pFs5tUiamiln6RFuga77txnUF7v+lJxQt4/tSFnoK4UjhD5ngOsg/Tn8VhA+Ept/hjRnf1IF6vUrj0= +X-Received: by 2002:a19:6748:: with SMTP id e8mr4427126lfj.224.1613236752713; + Sat, 13 Feb 2021 09:19:12 -0800 (PST) +MIME-Version: 1.0 +References: <CAPweEDx4wH_PG8=wqLgM_+RfTQEUSGfax=SOkgTZhe1FagXF9g@mail.gmail.com> + <oCNGbVElAQCJ1bEmwLXLzIVec0ZoOA2Ar3vkOc1a0GW12h78bhMi_W4n3pCdDt7hJyPFoMRb0U1T5Wx5uQl4oo6zeQtjKs0MdAXGtvLw1SQ=@protonmail.com> + <CAPweEDy7Xf3nD1mfyX5MmtsGX=1sd5=gsLosZ=bYavJ0BZyy3g@mail.gmail.com> + <puUth0RIvY16I3ghjUiTkIPJQEKETPLZrm2QiiELW8AheIGIin29u5RkztTXIeYIK0xg2UIbsx6m-TpkJU2BvmVyYYr_BYbCdIQSk2t7TkU=@protonmail.com> +In-Reply-To: <puUth0RIvY16I3ghjUiTkIPJQEKETPLZrm2QiiELW8AheIGIin29u5RkztTXIeYIK0xg2UIbsx6m-TpkJU2BvmVyYYr_BYbCdIQSk2t7TkU=@protonmail.com> +From: Luke Kenneth Casson Leighton <lkcl@lkcl.net> +Date: Sat, 13 Feb 2021 17:19:01 +0000 +X-Gmail-Original-Message-ID: <CAPweEDz0AsvcbYnS2o3KL6snvUV67JpFawruq0gpcWwcTc4npQ@mail.gmail.com> +Message-ID: <CAPweEDz0AsvcbYnS2o3KL6snvUV67JpFawruq0gpcWwcTc4npQ@mail.gmail.com> +To: ZmnSCPxj <ZmnSCPxj@protonmail.com>, + Libre-Soc General Development <libre-soc-dev@lists.libre-soc.org> +Content-Type: text/plain; charset="UTF-8" +X-Mailman-Approved-At: Sat, 13 Feb 2021 18:07:49 +0000 +Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Subject: Re: [bitcoin-dev] Libre/Open blockchain / cryptographic ASICs +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.15 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Sat, 13 Feb 2021 17:19:37 -0000 + +(cc'ing over to libre-soc-dev) +https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-February/018392.html + +On Thu, Feb 11, 2021 at 8:21 AM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote: + +> > i was stunned to learn that in a 28nm ASIC, 50% of it is repeater-buffers! +> +> Well, that surprises me as well. +> [...] +> So I suppose at some point something like that would occur and I should not actually be surprised. +> (Maybe I am more surprised that it reached that level at that technology size, I would have thought 33% at 7nm.) + +it's about line-drive strength: lower geometries are even *less* able +to line-drive long distances. + +> Another point to ponder is test modes. +> In mass production you **need** test modes. + +> (Sure, an attacker can try targeted ESD at the `TESTMODE` flip-flop repeatedly, but this risks also flipping other scan flip-flops that contain the data that is being extracted, so this might be sufficient protection in practice.) + +if however the ASIC can be flipped into TESTMODE and yet it carries on +otherwise working, an algorithm can be re-run and the exposed data +will be clean. + +> If you are really going to open-source the hardware design then the layout +> is also open and attackers can probably target specific chip area for ESD +> pulse to try a flip-flop upset, so you need to be extra careful. + +this is extremely valuable advice. in the followup [1] you describe a +gating method: this we have already deployed on a couple of places in +case the Libre Cell Library (also being developed at the same time by +Staf Verhaegen of Chips4Makers) causes errors: we do not want, for +example, an error in a Cell Library to cause a permanent HI which +locks us from being able to perform testing of other areas of the +ASIC. + +the idea of being able to actually randomly flip bits inside an ASIC +from outside is both hilarious and entirely news to me, yet it sounds +to be exactly the kind of thing that would allow an attacker to +compromise a hardware wallet. potentially destructively, mind, but +compromise all the same. + +beyond even what the trezor team discovered [2] it makes it even more +important that wallet ASICs be Libre/Open. + +l. + +[1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-February/018412.html +[2] https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3 + |