(possible duplicate message) What technology is available to create a 2048-bit RSA key pair so that: 1 - the randomness comes from quantum noise 2 - no one knows the secret part, 3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care). 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface 5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4. 6 - The operation budget is around $1m (maintenance not included). 7 - attacker's budget is around $100m 8 - the key must never be destroyed, so backup is essential. In other words, convincing translation of a crypto problem into physical security problem. It looks like the key gets created on the same box(es) on which it is stored, which all interested parties inspected to any desireable level. Once everyone is comfortable the button gets pressed to create/distribute the key, and then you put goons with AKs around the boxes and pray that no one fucked with the microprocessor ... this may mean buying the components at random.
On Tuesday, October 29, 2002, at 04:34 PM, Anonymous via the Cypherpunks Tonga Remailer wrote:
(possible duplicate message)
What technology is available to create a 2048-bit RSA key pair so that:
1 - the randomness comes from quantum noise
Clicks from a Geiger Counter, Johnson noise, etc. are quantum-based events. Feed them into a file to be used for PGP, and voila.
2 - no one knows the secret part,
Set up a script to copy the private part of the PGP key onto a diskette or whatever. Erase the private key from the computer. Or move the entire computer into the box in #3.
3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care).
Lock the above diskette in the box. Or the computer in the box.
4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface
I don't know about this. Others can say whether today's CPUs can do key signings in 0.1 mS.
5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4.
Less doable. Fakery is easy. Even if they personally witnessed the above procedures, all sorts of subliminal channels or other sleight of hand tricks could be done.
6 - The operation budget is around $1m (maintenance not included).
7 - attacker's budget is around $100m
8 - the key must never be destroyed, so backup is essential.
Backup in the same box? Easy for someone to sabotage or destroy. Or steal.
In other words, convincing translation of a crypto problem into physical security problem.
It looks like the key gets created on the same box(es) on which it is stored, which all interested parties inspected to any desireable level. Once everyone is comfortable the button gets pressed to create/distribute the key, and then you put goons with AKs around the boxes and pray that no one fucked with the microprocessor ... this may mean buying the components at random.
Good luck. --Tim May -- Timothy C. May tcmay@got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns Recent interests: category theory, toposes, algebraic topology
On Wed, Oct 30, 2002 at 01:34:12AM +0100, Anonymous via the Cypherpunks Tonga Remailer wrote: | (possible duplicate message) | | What technology is available to create a 2048-bit RSA key pair so that: | | 1 - the randomness comes from quantum noise | | 2 - no one knows the secret part, | | 3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care). | | 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface | | 5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4. | | 6 - The operation budget is around $1m (maintenance not included). | | 7 - attacker's budget is around $100m | | 8 - the key must never be destroyed, so backup is essential. | | In other words, convincing translation of a crypto problem into physical security problem. | | | It looks like the key gets created on the same box(es) on which it | is stored, which all interested parties inspected to any desireable | level. Once everyone is comfortable the button gets pressed to | create/distribute the key, and then you put goons with AKs around the | boxes and pray that no one fucked with the microprocessor ... this may | mean buying the components at random. Look at NCipher, and host in the Bunker. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Tuesday 29 October 2002 19:34, Anonymous via the Cypherpunks Tonga Remailer wrote:
What technology is available to create a 2048-bit RSA key pair so that:
2 - no one knows the secret part,
3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care).
8 - the key must never be destroyed, so backup is essential.
2 and 8 seem to be contradictory. Unless you just back up on the box, as Tim mentioned. That's not much of a backup. If you're treating this box as an unrepairable black box, you'd just throw it away and use a new one if it broke. That would technically meet these requirements, but it would require sending out the public keys occasionally and it would make it possible for Fred to fraudulently sign a message and claim it came from one of the replacement boxes. If there were a single, eternal signing box he wouldn't be able to get away with that. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
participants (5)
-
Adam Shostack -
Anonymous via the Cypherpunks Tonga Remailer -
Mike Rosing -
Steve Furlong -
Tim May