[Cryptech Core] funding application - quick comments welcome

[Stephen Farrell]

Hiya,

There's a funding call open that may suit us. [1] It's
for 50k with potential for more later.

I'll be submitting the attached tomorrow (deadline is Feb 1,
and yes, I'm late drafting this;-).

It's meant to be a short & sweet application so not very
detailed. The headings/questions are from their submission
form.

If anyone has comments on this that they can get to me (or
reply-all as you prefer) before 1600 UTC tomorrow (Jan 31),
those'd be much appreciated.

Cheers,
S.

[1] https://nlnet.nl/propose/
-------------- next part --------------

- Name: Stephen Farrell
- email: stephen.farrell at cs.tcd.ie
- Phone: +35318962354
- Organisation: cryptech project
- Country: IE
- Project name: Cryptech
- Website: https://cryptech.is
- Abstract (1200 chars):

Working since 2014 the CrypTech project (https://cryptech.is/) has
developed an open-source hardware cryptographic engine design to
meets the needs of high assurance Internet infrastructure systems
that use cryptography. Our open-source hardware designs are aimed to
be of general use to the broad Internet community, covering needs
such as securing email, web, DNSsec, PKIs, etc. The project has
produced a design and hardware boards that have been used in various
experiments and tests, and a version of which is now being
productised by a not-for-profit US charity (DiamondKey). We are
proud to say that the current design has been the subject of a
positive external security evaluation
(https://cryptech.is/2018/10/external-security-audit-completed/),
though of course some possible improvements were identified in that
process that are being or have been addressed. The Cryptech core
team are now (starting mid-Feb 2019) beginning the process of
designing next generation designs/board, and NGI PET funding can be
a key enabler for this stage of the design process.

- Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions? 

Cryptech has been running since 2014 with a core (but part-time)
team of ~15 [1] including a 4-5 person "business" team who assist
with raising funds, governance and provide input and advice to the
developers. Project decisions are made via consensus of the core
team. The applicant here is Dr. Stephen Farrell, CV at [2], who is a
member of the business team. The Cryptech developers have a broad
range of backgrounds and skills commensurate with the diverse
requirements involved in developing an open-source HSM.

[1] https://cryptech.is/cryptech-team/
[2] https://www.scss.tcd.ie/Stephen.Farrell/me/public-resume.html 

- Requested Amount: 50000 EUR

- Explain what the requested budget will be used for?
  Does the project have other funding sources, both past and present?
  (If you want, you can in addition attach a budget at the bottom of the form) 

The philosophy in Cryptech is that skilled and experienced
developers need to be paid fair rates for the efforts.  We therefore
pay market rates for the wide variety of skills required for
cryptographic hardware and software development.  Cryptech
developers are contracted to work the hours estimated for identified
tasks, where those tasks have been agreed via consensus of the team,
and that will continue to be the process we follow.

The Cryptech team publish an annual report each year (at
https://cryptech.is/) and internally produce monthly financial
reports to ensure we match our efforts to the budget available.

NGI PET funds will be used to support the early design phases of the
next generation Cryptech designs, including paying core team member
hours and face-to-face meeting costs. (Cryptech generally has a
two-day face-to-face meeting roughly each year, with occasional
additional meetings e.g. at IETF meetings.) Our goal is to fund
initial design activities to get to the point where we have an
outline design and plans for the next generation designs/board.
(Which will cost considerably more than EUR 50000.)

- Compare your own project with existing or historical efforts.

Cryptographic hardware security modules (HSMs) are typically
closed-source products that often asim to tie-in customers to a
particular vendor. The Cryptech project is therefore a potentially
significant disruptor for this market, both in terms of producing
equipment at significantly lower cost and in terms of open-ness and
accountability.

There are some other open-source cryptography projects, but those
mainly focus on smaller end-user devices (e.g. USB keys).

- What are significant technical challenges you expect to solve
  during the project, if any?

Speed, cost and security. Getting more than two of those three is
hard.

Initial discussions on a next generation board indicate that a) we
need better performance for RSA signing, b) we may be able to get
that via a somewhat more expensive bill of materials, and c) the
current design is very good on security (according to our external
evaluation) but we could do better in terms of open-source tooling.

- Describe the ecosystem of the project, and how you will engage
  with relevant actors and promote the outcomes?

The Cryptech project has continual interactions with possible users
of the technology, who have also often been project supporters. That
will continue. We will re-engage with many of these potential users
on the new board design and are confident that a number of them will
be willing to experiment with the eventual outputs of this process.
(Note that the new board will not be an output of this activity,
costs will be significantly more than EUR 50000 overall, so we will
continue to fund-raise for Cryptech via all the usual venues.)

DiamondKey (a not-for-profit US charity) are in the process of
productising the current Cryptech design and are expected to adopt
the next generation design we hope will be supported via NGI-PET.
Indeed we have already received market analysis and technical
requirements suggestions from DiamondKey and will be discussing
those at our February 2019 face-to-face meeting in Amsterdam.

- Attachments (up to 3)

Most recent annual report.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 9029 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/core/attachments/20190130/2b5055fa/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20190130/2b5055fa/attachment.sig>