RPOW - Reusable Proofs of Work

Hal Finney hal at finney.org
Tue Aug 17 09:21:56 PDT 2004


A couple of quick responses to the questions on RPOW, as I am at
Crypto this week.

Taral asked about the attestation.  It is based on a root key
published in Appendix C of IBM's "IBM 4758 PCI Cryptographic
Coprocessor Custom Software Interface Reference", available from
http://www.ibm.com/security/cryptocards/html/library.shtml.
It is also published on IBM's web page at
http://www.ibm.com/security/cryptocards/html/faqcopvalidity.shtml
This tells you that the attestation refers to a valid IBM 4758.

Further, the attestation contains within it both a hash of the RPOW
program, and a set of keys generated by that program.  Using the methods
described on the rpow.net web site, it is possible to take the RPOW source
code and generate a hash which matches that reported in the attestation.
This tells you that you have access to the actual source code running
on the RPOW server.  By studying the source you can confirm that the
program never exposes its private keys or allows them to leave the
board.  This tells you that if you send a message encrypted to the RPOW
communications key and get a meaningful response (messages are protected
with HMAC), you are talking to the program described in the attestation.

Lynn Wheeler mentions the IBM 4758 break by Mike Bond and Richard Clayton
described at http://www.cl.cam.ac.uk/~rnc1/descrack/.  This was not
actually a break of the 4758 but an exploit of a cryptographic weakness
in the application running on the board, which was IBM's CCA support
software.  RPOW does not use CCA and is not vulnerable to that attack,
and IBM has since fixed the CCA.

Of course it is possible that RPOW may have vulnerabilities and errors
of its own, being my own work and far from perfect.  I welcome review
and comment on the RPOW source code which is open source and available
from rpow.net.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list