At 11:16 PM 12/19/1996, Ben Byer wrote:
The manufacturer is going to publish a list of ALL of the public keys? We're talking one key per chip, right? Isn't that an AWFUL lot of keys, like, in the millions range?
Let's say each key is 2048 bits and there are 10 million processors. That's only 2.38 gigabytes, or under $1000. Easy enough to put on the Web or on a set of CD-ROMs.
Also... with a few million possible keys like this, all you need to do is to either guess or factor just one of them.
Yes, my working assumption is that factoring is very hard.
Does the authentication defeat this?
I'm sort of waving my hands around when I say "authentication".
One approach is for the manufacturer to authenticate software submitted by approved vendors. The vendors are then tasked with encrypting it for the correct processor.
I'm not sure the "approved" bit would go over too well... one idea would be to license the compiler writers, who would build the encryption into compilers. It's still not horribly great, but better.
You have to have the "approved" message so that you don't get viruses and to thwart piracy in case anybody did manage to get the secret key out of the chip. How well it goes over depends entirely on how much you pay for the software.
Our computers would only run software from Microsoft? Scary.
There are all sorts of nifty deals that could be made. Microsoft could commission a special run of the processors which only run Microsoft approved software. Machines using these processors could be given away or sold at a steep discount.
Right; the only reason I could see people using this would be for economical reasons.
And one would expect piracy-proof software to be very inexpensive. Most people who pay for software have little sympathy for those who don't.
You could also timestamp the software so that it only runs for a given length of time. This will encourage people to upgrade regularly. ;-) The processors could also support metering.
Right; once the user loses control of what he's running, then you can pretty much do anything you want as far as metering goes.
Right you are - see below.
ObGAK question: Would this be exportable? I mean, you could be encrypting god knows WHAT into those .exe's... Key escrow? How would they get the key?!? I can see the headlines, "Key Escrow Database Leaked to Pirate Firm"... :)
While I am certainly not a lawyer, and even the lawyers can't tell you what is legal to export, I would guess that Big Brother would be delighted with the manufacturers of this processor. It can't be used to encrypt communications, only to decrypt software. What is more, you could control the physical processors so that exportable processors accept a different authentication key. Then, the manufacturer of the processor can take care not to authenticate any privacy enhancing programs for the export version of the processor. Free speech and constitutional issues evaporate because the processors are physical devices and not expressions of ideas. Even "better", not very many organizations in the world can afford the fab lines to manufacture a state of the art processor. So, if the G-7 countries are brought onto the reservation, it would be feasible to forbid all free processors. Peter Hendrickson ph@netcom.com P.S. Did you hear? For Christmas Big Brother is raising the chocolate ration from 30g to 20g!!!