[Cryptech Tech] Key generation and storage

[Jakob Schlyter]

Joachim and I had good discussion on key generate and storage this morning, and we'd like to share and discuss our findings.


1. Key Generation

Question: Are keys generated by ARM or FPGA?

- Key generation in FPGA requires minor CPU core.
- Key generation in ARM can use cryptlib.

Recommendation: In order to contain and protect the key generation process, perform all key generation in the FPGA.


2. Key Store

Assumption: All keys must stored within the HSM security boundry.

Fact: The FPGA RAM has probably about 6 Mbit memory, so unless we have a very limited set of keys not all keys can be kept in the FPGA at all times.

Question: Key stored directly attached to FGPA (EEPROM/battery-backed-RAM/Flash) or in flash attached to ARM?

- Pro-FPGA: FGPA responsible for key export control (i.e., what keys are allowed to leave the HSM wrapped). Encrypted key cannot leave the FPGA unless permitted. This can be implemented with keys in ARM if ISMK (internal storage master key) store also contains key protection information (although the key wrapped by ISMK will leave the FPGA, it can only be decrypted by the FPGA as the ISMK is not extractable).
- Pro-FPGA: keys directly available to the FPGA, no need to move from/to ARM.
- Con-FPGA: Generally more difficult to implement. If flash is used for storage, wear leveling may be required and needs FPGA implementation.
- Pro-ARM: Virtual unlimited number of keys (limited by flash memory only).

Consideration: If keys are stored in ARM, how is the FPGA working set managed and what size is required? But, this must be implemented anyway in the FPGA if directly attached key store used due to memory constraints of the FPGA.


Recommendation: Key store in ARM flash, with export control integrated in ISMK store.



	jakob & joachim