1. Home
  2. Field-Programmable Gate Arrays
  3. AES Bitstream Encryption in Virtex-4. How safe it is?
  4. Page 2

AES Bitstream Encryption in Virtex-4. How safe it is?

They *are* that smart.

When the influenced the design of DES way back when, they *both* strengthened and weakened it.

They weakened it by reducing the key length to 56 bits. It is generally believed that they did this because they could afford to build hardware that would brute-force search a 56-bit key space.

The strengthened it by making design changes, the nature of which was not obvious at the time. Many years later, cryptographers (re)discovered linear and differential cryptanalysis methods, and found that the NSA's changes to the design of DES made it essentially immune to those lines of attack. The NSA had developed those attacks, but had not published them, for obvious reasons.

In other words, the NSA wanted the strength of DES to be only 56 bits, but also not to have weaknesses reducing the effective key size signficantly below 56 bits.

When the NSA is involved in the development of any cryptosystem made available for public use, it would be foolish to assume that they haven't made sure that it is neither too insecure nor too secure.

Eric

Reply to
Eric Smith
Loading thread data ...

The reason the Xilinx parts get approval for single chip Type 1 COMSEC applications has to do primarily with software tools changes insuring adequate red/black separation.using the column based architecture found in Virtex-4 LX, SX and FX.

formatting link

FIPS 41 is entitled "Computer Security Guidelines for Implementing the Privacy Act of 1974" and was withdrawn in 1998.; I think you mean FIPS140-2 (-3 pending) "Security Requirements for Cryptographic Modules", wherein you can use the placement tools and column architecture for functional separation (compartmentalization). The FIPS 140 criteria derive from the NSAs CCEP program.

One could wonder if the market is sufficiently large or attractive enough for Altera to make the effort.

Reply to
diogratia

There were interesting stories about Intel and a scanning electron beam prober during the Clipper Chip days (uses anti-fuse). Something about seeing the charge around a via and telling whether or not the fuse was conducting or high impedance. Presumably this would be easier to automate. There was a lot of speculation about tamper proof chip cases. Also something about the technology getting classified.

Reply to
diogratia
3 X 56 bits < 256 bits.

Note that we have AES256, and the "other" competitor only had AES128.

AES128 was not approved (for the crypto modernization program).

I am sure that tells you something.

Austin

Reply to
austin

You would not try to brute force a 128 bit AES system. Making the brute force attack 2^128 times harder by doubling the key size, doesn't change all that much since you wouldn't be using that approach anyway.

(Yes, I do know that only the 256 bit key version is approved for top secret work in the USA. All our products support the 256 bit key size for that reason.)

BTW, I think bitstream encryption is an excellect idea for protecting the intellectual property that the bitstream represents. I'm just not sure I'd rely on it as an essential part of a security system, where the threat model includes attacks by well funded military organisations.

Austin, is there an appnote showing how bitstream encryption can be used to make an HSM? I'd be intersted in knowing how it's done.

Disclaimer: none of our products rely on bitstream encryption (from any FPGA vendor) to protect our customers' secrets.

Regards, Allan

Reply to
Allan Herriman

Alan,

HSM?

Austin

Reply to
austin

Allan,

I presume HSM = Host Security Module?

If so, that is an application, and we do not supply any examples, nor any IP.

Austin

Reply to
austin

google suggests High School Musical. Hmmm.

Perhaps this would be better:

formatting link

It's only when you start designing products like that, that the distinction between 128 and 256 bit AES becomes important. (IMO)

Regards, Allan

Reply to
Allan Herriman

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.