Tropic Square
video: https://www.youtube.com/watch?v=g43vvXUw16Y
Tropic Square is a company we setup a few years ago and setup with slush and stick and SatoshiLabs. We want to build transparent and secure chip solutions.
The reason has been said many times today, that basically there is a problem in the market of chips that you can't buy a transparent chip so you have to trust the vendor and you have little to no visibility to implementation. So we believe that a fully transparent and auditable chip is necessary, and we have been waiting for a long time for someone to bring this to market and then we decided to start this story and see if we could get others to join and see if we could benefit from this.
SatoshiLabs have open-source hardware wallets. Don't trust, verify. I think this resonates with you in this forum. The current paradigm though for secure chips is restrictive NDAs, you can't even talk if you found an issue in the chip and tell your customers about the vulnerability. There's lots of issues there. Basically you can't help yourself, and you can't do these reviews or be part of certification processes or it's very difficult.
We believe that the existing setup is not on a trajectory to change that, so we believe newcomers have to challenge the status quo. There are applications and other needs that would benefit from such hardware.
Tropic Square... a TRully OPen IC. TROPIC. It's a vision and long-term thing; it's not really practical right now because of the nature of the existing semiconductor environment, but you have to start somewhere. So at the beginning of the journey, we want to open as much as we can and see what else can we open as we go.
Kerckhoff's principle is that the system has to be secure even if it is in enemy's hands, and the only thing you need to keep secret is the key. This is not really implemented in hardware; I think open-source software is on the good path to this kind of goal but on the hardware there's a lot of work to be done.
Security in obscurity is the existing status quo where you rely on the secrecy of the implementation and all these processes which basically has a side-effect of keeping weak designs in production, like certification requirements and long lead times. Or there's a timestamp in the past, and there's little incentive for chip makers to change that and go through the certification process again. This limits the need to innovate, and keep old designs in the market. Another aspect is the lack of transparency, you might say okay there's a bunch of vendors so you might have a different implementation but it's not necessarily true because they license the IP cores that are used in other vendors' chips anyway. You might think you have a different heterogenous chip but you have no way to know they didn't license existing IP components.
For us the goal is to differentiate using transparency. Tropic01 is the project name. It's a secure element kind of device. Basically it's flash memory with some serial interface which you can connect to existing MCUs, which is the typical use case for hardware wallets and other applications. The reason for this is that we had to start somewhere. At the same time, we want to focus on the most important part which is the secure part and if the secure part isn't secure then it doens't make sense to make a SoC. So that's why we're focusing on this, and to be able to do that in a reasonable amount of time we decided we would first open only a certain part of the design of the chip. In the closed part of the chip, we will reuse the existing security IPs like pathways, memories, OTPs, eFuse, PUF, flash. In our design, we will focus on the algorithm implementation, sidechannel resiliance and these kinds of features.
We started in March 2020. We were working on a feasibility study to find out if there's a way to produce a chip using the existing ecosystem. .... Last year we got funding and we started development, today we're just taped out the first prototype. We hope to get to silicon later this year, and then we will get feedback on what we have done so far.
So far the work we've been doing was on the chip design and getting the implementation ready. But in parallel we're working on the incubation of the idea and validating the idea of transparency and auditability in silicon markets. There's a EU project called EU HORIZON-CL3-2021 ORSHIN which is not publicly available yet... but the point is that there are other companies and other big names in the industry which are interested in getting the open-source hardware and looking for ways for how to compensate for losing the obscurity and how to compensate what you are basically missing if you have to open up the implementation. Probably a long-term project.
We also started a partnership with Czech Universities, but we're open to collaboration with other teams that have a similar way of looking at these problems.
Looking into the future, the Tropic01 secure element is a part of the initial idea which was way bigger than just a SE. The idea was to have a secure SoC hardware wallet as a single chip solution. When the Tropic01 is ready, we will go back to evaluating a secure SoC project.
We are building expertise in embedded security and chip design itself. By being part of SatoshiLabs, they have given us access to cryptographers and Tropic chip is designed as a generic device that will support various markets. This is the intersection of the markets we see- the Internet of Things (IoT), secure hardware for digital assets, and the semiconductor industry. At the same time, Tropic01 is not Trezor specific or bitcoin specific. It's just a root of trust. You can build applications on top of it with a traditional microcontroller.