Rough Cut at v0.01 Proof of Concept Feature Set

This is a proposed version 0.01 product as a proof of concept. The intent is not to have a very useful product, but rather to gain confidence in our architecture, tools, and team. The result is intended to be the basis for further development into a more useful second stage, in the sense of agile development. It very intentionally is not a waterfall design,

The interface between the Green and Yellow layers is seen as an important design inflection.

Some code will be in C in the Green (auxiliary core) because we can get it open source out of the can. for v.2 (or whatever) we would move it down to the FPGA in Verilog.

FPGA Overview

HW_sketch_v0001.png

Sketch of TRNG Chain

HW_RNG.png

Off-FPGA

  • Persistent Storage
    • For Keys and Time
    • Or the battery for tamper wipe is big enough to hold the FPGA up
    • Or the Green processor has enough non-volatile store
  • Entropy Source
  • Realtime Clock
  • Tamper Mechanism

Layers

1
2
3
<h1 style="text-align: left; color: blue">
  Blue / FPGA
</h1>
  • TRNG
  • BigNumber, Modular, & Exponentiation (expose to green for RSA)
  • SHA-256
  • AES-128
  • EC for ECDH. Curve3617 would be nice, but whatever we can get open source to start
  • OpenRISC Core or ARM to support Green (maybe FreeScale from Bunnie)
1
2
3
<h1 style="text-align: left; color: green">
  Green / On-Chip Core
</h1>
  • RSA 2048 & 4096 (move to blue later) [ 1024 for Tor? ]
  • MACs: HMAC, 1305, uMAC
  • DH (move to blue later)
  • Device Activation, Move Authorization, Wiping
1
2
3
<h1 style="text-align: left; color: yellow">
  Yellow / Off-Chip Support
</h1>
  • Interface to Red
    • PKCS#8
    • PKCS#11
    • PGP Support
  • X.509 and PGP
  • PKCS#11 for POLA resistance
  • No PKCS#10 because it will take a year
  • Backup may be just dump/restore of the whole FPGA/CoreState
1
2
3
<h1 style="text-align: left; color: red">
  Red / Applications
</h1>
  • X.509 CA
  • DNSSEC
  • PGP (asymmetric key sign/verify + symmetric message encryption/decryption)
  • Tor consensus(?)

Issues in v0.01

  • License of tool chain to build
  • License for borrowed components (open cores, open fpga)
  • License for result
    • What we build ourselves - BSD
    • What components we ship - life is compromise
  • Toolchains, Verilog, C, ...
  • FPGAs and ASICs use a Verilog-based toolchain. There are no mature open Verilog compilers so the DDC approach will not work. Net-list optimization is also an issue. We're looking into this, but it's going to be really hard. Research for v2.
  • Protoyping platform
  • RTC, external connectivity to et some sort of assured time
  • Repository - too many git junkies. Keep main repo on our server for the security boundary. Can mirror on GitHub to be socially cool.
  • Emacs or vi (no Rob, not TECO) :)