[Cryptech Tech] Key generation and storage

[Peter Gutmann]

Rob Austein <sra at hactrn.net> writes:

>a) In case it wasn't clear, I was assuming that key generation on the ARM was
>   in software, eg, cryptlib, not in some spooky hardware thing on the ARM.

It also depends on what bits you label "key generation", for example are the
bignum primitives (tied together by higher-level code) keygen, or the
combination of bignum primitives + code that calls them keygen?  If the bignum
primitives will be done in the FPGA then at least some portion of the keygen
process will happen there.

In any case doing something like Lim-Lee (for DLP keys) in an FPGA would be a
bit of a nightmare...

>So, again: what's the problem we're trying to solve by moving key generation
>onto the FPGA?

It depends on what the ARM's "PKA" actually consists of.  If it's bignum
primitives then they'll be pretty safe, but if it's "generate a key" then it'd
be easy to trapdoor.  I haven't been able to find much on what they actually
provide (I assume it's all under NDA), does anyone have any more info (without
violating NDAs)?

Peter.