Planning for SUNET funded Cryptech Work
The following documents the first two development steps in Cryptech funded by SUNET. The development is being done by Joachim Strömbergson from Secworks AB.
Step one (Deadline 2014-02-28)
- Acquire a FPGA development platform.
DONE. We have a Terasic DE0 board and a Terasic Cyclone V GX starter kit board.
-
Create a working development and verification flow from RTL design downto FPGA.
-
Verify the functionality of the SHA-256 core in a physical FPGA.
Actions for step one
-
Select FPGA development board to acquire
- Large enough to test sub systems and possibly a complete HSM.
- Good external interfaces for communication with host systems.
- Good external interfaces to entropy sources, memories, GPIO. Arduino Shields would be good.
-
Create a survey on interconnect standards usable for Cryptech
- Availability and market share/usage in third party cores.
- License
- Technical details - Bus, fabric, performance etc.
-
Create base coretest functionality to allow testing of cores in the FPGA on the development board. Read and write access to registers over a known communication channel.
-
Verify the development flow from Verilog RTL downto FPGA.
-
Verifiera SHA-256 core using coretest.
-
Start FPGA tool survey
- What is available as open tools and what is the status.
- What is available as open tools from the vendors.
- Talk to people in the industry to get their views on an open toolchain.
Step two (Deadline 2014-03-31)
-
Produce first draft of design proposal to the Cryptech True Random Number Generator (TRNG)
- Security target, security model and assumptions
- Structure, architecture
- API
- Functionality
- Online test system
- Verification model
- First two entropy sources
-
Complete SHA-1 core. Including functional verification in FPGA.
-
First draft of SHA-256 and SHA-1 core documentation.
Actions for step two
-
Create template for documentation
-
Collect info on known TRNGs and TRNG strategies
-
Collect info on online tests being used.
-
Create proposal for architecture.
-
Write implementation proposal.
-
Specify API.
-
Write security target and security model.
-
Write assumptions and limitations.
-
Write verification model.
-
Finalize SHA-1 core RTl.
-
Build SHA-1 core in FPGA.
-
Verify SHA-1 functionality in FPGA using coretest.
-
Write documentation for SHA-256 core.
-
Write documentation for SHA-1 core.