-----BEGIN PGP SIGNED MESSAGE-----
At 9:18 PM 12/19/1996, Ben Byer wrote:
At the last meeting references were made to processors which only execute encrypted code. Decryption occurs on chip.
If each chip has a unique public/secret key pair, and executes authenticated code only, there are some interesting implications.
Let's see... What about this scenario:
Alice gets a contraband copy of PGP 4.0 off the Internet. Since the public-key algorithm is publicized so that people can encrypt software to a chip, PGP 4.0 has the ability to encode/decode/generate keys for the chip. Alice generates a public key/private key pair 0x12345678, in software. Alice goes to www.microsoft.com and orders Office '99 online, and tells Microsoft "Hi, my name is Alice, my credit card number is 31426436136778 and my PGPentium's public key is 0x12345678."
Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for which she has the private key to. Alice decrypts Office '99, and reencrypts it with public key of her PGPentium, as well as the keys f all her friends.
The software vendor would be wise to check that the public key was legal. It would be a simple matter for the manufacturer to publicize all public keys that had been installed on chips.
The manufacturer is going to publish a list of ALL of the public keys? We're talking one key per chip, right? Isn't that an AWFUL lot of keys, like, in the millions range? Also... with a few million possible keys like this, all you need to do is to either guess or factor just one of them.
Does the authentication defeat this?
I'm sort of waving my hands around when I say "authentication".
One approach is for the manufacturer to authenticate software submitted by approved vendors. The vendors are then tasked with encrypting it for the correct processor.
I'm not sure the "approved" bit would go over too well... one idea would be to license the compiler writers, who would build the encryption into compilers. It's still not horribly great, but better.
Our computers would only run software from Microsoft? Scary.
There are all sorts of nifty deals that could be made. Microsoft could commission a special run of the processors which only run Microsoft approved software. Machines using these processors could be given away or sold at a steep discount.
Right; the only reason I could see people using this would be for economical reasons.
You could also timestamp the software so that it only runs for a given length of time. This will encourage people to upgrade regularly. ;-) The processors could also support metering.
Right; once the user loses control of what he's running, then you can pretty much do anything you want as far as metering goes. ObGAK question: Would this be exportable? I mean, you could be encrypting god knows WHAT into those .exe's... Key escrow? How would they get the key?!? I can see the headlines, "Key Escrow Database Leaked to Pirate Firm"... :) - -- Ben Byer root@bushing.plastic.crosslink.net I am not a bushing -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMroTE7D5/Q37XXHFAQG6sgL8DnusDI/jqV3sn9U5ru2hhJPFxP1dZVpZ ohmJYteQdraD5/YfmvYNHFfslULB47Spx6ZTpT+xw512iMWJfyW5sN6NtejL6+CM 2BoX0SaRGxZrfVeRFAZAXMVx3/ak1LDk =HZOI -----END PGP SIGNATURE-----