summaryrefslogtreecommitdiff
path: root/35/35356b31e45cb8b99b29ea14b513b9860f5289
blob: 985f6f351f44ef1efd634fa6bb714222e09810d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
Return-Path: <lkcl@lkcl.net>
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 75C38C013A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 25 Jan 2021 18:30:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id 47F3920402
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 25 Jan 2021 18:30:15 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id YHaeE8G09EMv
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 25 Jan 2021 18:30:12 +0000 (UTC)
X-Greylist: delayed 00:29:13 by SQLgrey-1.7.6
Received: from lkcl.net (lkcl.net [217.147.94.29])
 by silver.osuosl.org (Postfix) with ESMTPS id 0458D203A6
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 25 Jan 2021 18:30:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lkcl.net;
 s=201607131; 
 h=Content-Type:To:Subject:Message-ID:Date:From:MIME-Version;
 bh=U12e3VyM8qOUaFaES9UfTFoeO5SXds9BOFfWzAz7p5c=; 
 b=OB0zd0uu4IBjCgrFFaW9R2g7sHbLy3i3qgPEXAlEAlgvX6KAiPPy/zTqOq8iGniGjcQSoWpADUEjFH0D1Fcfnhlb244XiTYigr2YC0xH6YkV09nq0+81xVnd6KwAq0K9ik76TmUioTDgUMp/yCO2XstBgSyVF0AtD8CWkRRzZSw=;
Received: from mail-lf1-f44.google.com ([209.85.167.44])
 by lkcl.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <lkcl@lkcl.net>) id 1l46Aa-0008W3-LY
 for bitcoin-dev@lists.linuxfoundation.org; Mon, 25 Jan 2021 18:00:56 +0000
Received: by mail-lf1-f44.google.com with SMTP id p21so14017284lfu.11
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 25 Jan 2021 10:00:41 -0800 (PST)
X-Gm-Message-State: AOAM533nZe4ZFILR75Mqb/zZJ3MB3OeeC8lzZrlJREzewR1ykq1GAgPk
 OMWQ02AeDlVPyJJgIk7qz1BkdKRLp9uGfz8GFsw=
X-Google-Smtp-Source: ABdhPJymrQ/vwlfczdZKZ5dtEs6ZkdDBeNIJwR0i87QwLnXffvPO+NVcEy8dZqLUHjV9lJ1NFuAavz3bh7z89T02tTo=
X-Received: by 2002:ac2:43d9:: with SMTP id u25mr753708lfl.513.1611597635716; 
 Mon, 25 Jan 2021 10:00:35 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6520:368c:b029:ba:6185:4a7e with HTTP; Mon, 25 Jan 2021
 10:00:35 -0800 (PST)
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Mon, 25 Jan 2021 18:00:35 +0000
X-Gmail-Original-Message-ID: <CAPweEDx4wH_PG8=wqLgM_+RfTQEUSGfax=SOkgTZhe1FagXF9g@mail.gmail.com>
Message-ID: <CAPweEDx4wH_PG8=wqLgM_+RfTQEUSGfax=SOkgTZhe1FagXF9g@mail.gmail.com>
To: "bitcoin-dev@lists.linuxfoundation.org"
 <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000990b7405b9bd50e5"
X-Mailman-Approved-At: Mon, 25 Jan 2021 23:10:52 +0000
Subject: [bitcoin-dev] Libre/Open blockchain / cryptographic ASICs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 18:30:15 -0000

--000000000000990b7405b9bd50e5
Content-Type: text/plain; charset="UTF-8"

folks, hi, please do cc me as i am subscribed "digest", apologies for the
inconvenience.

i've been speaking on and off with kanzure, asking his advice about a libre
/ transparently-developed ASIC / SoC, for some time, since meeting a very
interesting person at the Barcelona RISC-V Workshop in 2018.

this person pointed out that FIPS-approved algorithms, implemented in
FIPS-approved crypto-chips used in hardware wallets to protect billions to
trillions in cryptocurrency assets world-wide are basically asking for
trouble.  i heard 3rd-hand that the constants used in the original bitcoin
protocol were very deliberately changed from those approved by FIPS and the
NSA for exactly the reasons that drive people to question whether it is a
good idea to trust closed and secretive crypto-chips, no matter how
well-intentioned the company that manufactures them.  the person i met was
there to "sound out" interested parties willing to help with such a
venture, even to the extent of actually buying a Foundry, in order to
guarantee that the crypto-chip they would like to see made had not been
tampered with at any point during manufacturing.

at FOSDEM2019 i was also approached by a team that also wanted to do a
basic "embedded" processor, entirely libre-licensed, only in 350nm or
180nm, with just enough horsepower to do digital signing and so on.  since
then, fascinatingly, NLnet has obtained a new EU Horizon Grant and started
their "Assure" Programme:
https://nlnet.nl/assure/

(our application may be found here):
https://libre-soc.org/nlnet_2021_crypto_router/

in addition, betrusted (headed by Bunnie Huang) is also funded by NLnet and
is along similar lines:
https://betrusted.io/

NLnet is even funding LibreSOC with a 180nm test chip tape-out of the
LibreSOC Core, with help from Sorbonne University and
https://chips4makers.io
https://bugs.libre-soc.org/show_bug.cgi?id=199

and we also have funding to do Formal Correctness Proofs for the low-level
portions of the HDL (similar to c++ and python "assert", but for hardware)
https://bugs.libre-soc.org/show_bug.cgi?id=158

the point being that where even one year ago the idea of an open source
developer creating and paying for an actual ASIC was so ridiculous they
would be laughed at and viewed in a derisive fashion thereafter, reality is
that things are opening up to the point where even Foundry PDKs are now
open source:
https://github.com/google/skywater-pdk

technically it is possible to use Open Hardware to create commercial
(closed) products.  Richard Herveille, most well-known for his early
involvement in Opencores, was the Open Hardware developer responsible for
the HDL behind the first Antminer product by Bitmain, for example.  It used
his RV32 core and i believe he also developed the SHA256 HDL for them.
however that is different in that it was a closed product, not open for
independent public audit and review.

what i am therefore trying to say is that it is a genuinely achievable
goal, now, to create fully transparently-openly-developed ASICs that could
perform crytographic tasks such as mining and hardware wallet key
protection *and have a full audit trail* even to the extent of having
mathematical Formal Correctness Proofs.

my question is - therefore - with all that background in mind - is: is this
something that is of interest?

now, before getting all excited about the possibilities, it's critically
important to provide a reality-check on the costs involved:

* 350nm ASICs: https://chips4makers.io - EUR 1750 for 20 samples
* 180nm ASICs: EUR $600 per mm^2 MPW Shuttle (test ASICs) and EUR 50,000
for production masks
* ... exponential curve going through 130nm, 65nm, 45nm gets to around
$500k...
* 28nm ASICs: USD 100,000 for MPW and USD $1 million for production masks
* 22nm ASICs: double 28nm
* 14nm: double 22nm
* 7nm: quadruple 14nm

you get where that is going.  where higher geometries are now easily within
reach even of a hobbyist ASIC developer, USD 20 million is a bare minimum
to design, develop and bring to manufacture a 7nm Custom ASIC.  full-custom
silicon, as carried out regularly by Intel, is USD 100 million.

this is not to say that it is completely outside the realm of possibility
to do something in these lower geometries: you either simply have to have a
damn good reason, or a hell of a lot of money, or a product that's so
compelling that customers really *really* want it, or you have OEMs lining
up to sign LOIs or put up cash-with-preorder.

[my personal favourite is a focus on power-efficiency: battery-operated
hand-held devices at or below 3.5 watts (thus not requiring thermal pipes
or fans - which tend to break). i have to admit i am a little alarmed at
the world-wide energy consumption of bitcoin: personally i would very much
prefer to be involved in eco-conscious blockchain and crypto-currency
products].

so - as an open question: what would people really like to see happen,
here, what do people feel would be of interest to the wider bitcoin
community, and, crucially, is there a realistic way to bridge (fund) the
gap and actually deliver to the bitcoin user community?

best,

l.

---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68


-- 
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68

--000000000000990b7405b9bd50e5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

folks, hi, please do cc me as i am subscribed &quot;digest&quot;, apologies=
 for the inconvenience.<br><br>i&#39;ve been speaking on and off with kanzu=
re, asking his advice about a libre / transparently-developed ASIC / SoC, f=
or some time, since meeting a very interesting person at the Barcelona RISC=
-V Workshop in 2018.<br><br>this person pointed out that FIPS-approved algo=
rithms, implemented in FIPS-approved crypto-chips used in hardware wallets =
to protect billions to trillions in cryptocurrency assets world-wide are ba=
sically asking for trouble.=C2=A0 i heard 3rd-hand that the constants used =
in the original bitcoin protocol were very deliberately changed from those =
approved by FIPS and the NSA for exactly the reasons that drive people to q=
uestion whether it is a good idea to trust closed and secretive crypto-chip=
s, no matter how well-intentioned the company that manufactures them.=C2=A0=
 the person i met was there to &quot;sound out&quot; interested parties wil=
ling to help with such a venture, even to the extent of actually buying a F=
oundry, in order to guarantee that the crypto-chip they would like to see m=
ade had not been tampered with at any point during manufacturing.<br><br>at=
 FOSDEM2019 i was also approached by a team that also wanted to do a basic =
&quot;embedded&quot; processor, entirely libre-licensed, only in 350nm or 1=
80nm, with just enough horsepower to do digital signing and so on.=C2=A0 si=
nce then, fascinatingly, NLnet has obtained a new EU Horizon Grant and star=
ted their &quot;Assure&quot; Programme:<br><a href=3D"https://nlnet.nl/assu=
re/">https://nlnet.nl/assure/</a><br><br>(our application may be found here=
):<br><a href=3D"https://libre-soc.org/nlnet_2021_crypto_router/">https://l=
ibre-soc.org/nlnet_2021_crypto_router/</a><br><br>in addition, betrusted (h=
eaded by Bunnie Huang) is also funded by NLnet and is along similar lines:<=
br><a href=3D"https://betrusted.io/">https://betrusted.io/</a><br><br>NLnet=
 is even funding LibreSOC with a 180nm test chip tape-out of the LibreSOC C=
ore, with help from Sorbonne University and <a href=3D"https://chips4makers=
.io">https://chips4makers.io</a><br><a href=3D"https://bugs.libre-soc.org/s=
how_bug.cgi?id=3D199">https://bugs.libre-soc.org/show_bug.cgi?id=3D199</a><=
br><br>and we also have funding to do Formal Correctness Proofs for the low=
-level portions of the HDL (similar to c++ and python &quot;assert&quot;, b=
ut for hardware)<br><a href=3D"https://bugs.libre-soc.org/show_bug.cgi?id=
=3D158">https://bugs.libre-soc.org/show_bug.cgi?id=3D158</a><br><br>the poi=
nt being that where even one year ago the idea of an open source developer =
creating and paying for an actual ASIC was so ridiculous they would be laug=
hed at and viewed in a derisive fashion thereafter, reality is that things =
are opening up to the point where even Foundry PDKs are now open source:<br=
><a href=3D"https://github.com/google/skywater-pdk">https://github.com/goog=
le/skywater-pdk</a><br><br>technically it is possible to use Open Hardware =
to create commercial (closed) products.=C2=A0 Richard Herveille, most well-=
known for his early involvement in Opencores, was the Open Hardware develop=
er responsible for the HDL behind the first Antminer product by Bitmain, fo=
r example.=C2=A0 It used his RV32 core and i believe he also developed the =
SHA256 HDL for them.=C2=A0 however that is different in that it was a close=
d product, not open for independent public audit and review.<br><br>what i =
am therefore trying to say is that it is a genuinely achievable goal, now, =
to create fully transparently-openly-developed ASICs that could perform cry=
tographic tasks such as mining and hardware wallet key protection *and have=
 a full audit trail* even to the extent of having mathematical Formal Corre=
ctness Proofs.<br><br>my question is - therefore - with all that background=
 in mind - is: is this something that is of interest?<br><br>now, before ge=
tting all excited about the possibilities, it&#39;s critically important to=
 provide a reality-check on the costs involved:<br><br>* 350nm ASICs: <a hr=
ef=3D"https://chips4makers.io">https://chips4makers.io</a> - EUR 1750 for 2=
0 samples<br>* 180nm ASICs: EUR $600 per mm^2 MPW Shuttle (test ASICs) and =
EUR 50,000 for production masks<br>* ... exponential curve going through 13=
0nm, 65nm, 45nm gets to around $500k...<br>* 28nm ASICs: USD 100,000 for MP=
W and USD $1 million for production masks<br>* 22nm ASICs: double 28nm<br>*=
 14nm: double 22nm<br>* 7nm: quadruple 14nm<br><br>you get where that is go=
ing.=C2=A0 where higher geometries are now easily within reach even of a ho=
bbyist ASIC developer, USD 20 million is a bare minimum to design, develop =
and bring to manufacture a 7nm Custom ASIC.=C2=A0 full-custom silicon, as c=
arried out regularly by Intel, is USD 100 million.<br><br>this is not to sa=
y that it is completely outside the realm of possibility to do something in=
 these lower geometries: you either simply have to have a damn good reason,=
 or a hell of a lot of money, or a product that&#39;s so compelling that cu=
stomers really *really* want it, or you have OEMs lining up to sign LOIs or=
 put up cash-with-preorder.<br><br>[my personal favourite is a focus on pow=
er-efficiency: battery-operated hand-held devices at or below 3.5 watts (th=
us not requiring thermal pipes or fans - which tend to break). i have to ad=
mit i am a little alarmed at the world-wide energy consumption of bitcoin: =
personally i would very much prefer to be involved in eco-conscious blockch=
ain and crypto-currency products].<br><br>so - as an open question: what wo=
uld people really like to see happen, here, what do people feel would be of=
 interest to the wider bitcoin community, and, crucially, is there a realis=
tic way to bridge (fund) the gap and actually deliver to the bitcoin user c=
ommunity?<br><br>best,<br><br>l.<br><br>---<br>crowd-funded eco-conscious h=
ardware: <a href=3D"https://www.crowdsupply.com/eoma68">https://www.crowdsu=
pply.com/eoma68</a><br><br><br>-- <br>---<br>crowd-funded eco-conscious har=
dware: <a href=3D"https://www.crowdsupply.com/eoma68" target=3D"_blank">htt=
ps://www.crowdsupply.com/eoma68</a><br><br>

--000000000000990b7405b9bd50e5--