[117897] in Cypherpunks
Re: chips, trust, etc.
daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 14 13:05:48 1999
Date: Tue, 14 Sep 1999 18:40:29 +0200 (CEST)
Message-Id: <199909141640.SAA09329@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Reply-To: Anonymous <nobody@replay.com>
> >Designs don't work this way. Fabs don't change designs. Even designers who
> >need green cards don't get to change designs.
>
> While I certainly agree, I wonder if someone at the Fab could change the
> recipe in some way that would introduce a subtle bias in a random number
> generator. A little extra dopant is all it takes.
At least in the case of Intel, the RNGs are tested for bias both after fab
and in the end-user system. One thing to realize about IC manufacturers
is that they know that the process is imperfect. Any given batch of
chips will not have 100% yield. They rely very heavily on testing and
characterization to determine which chips are working properly.
Actually the RNG chip was something of a problem for them, because
normal testing procedure involves a set of input vectors with known
outputs. The whole point of an RNG is to be unpredictable and so this
methodology does not work. That is why they run the FIPS tests to check
the statistical quality of the RNG output on each chip.
A subtle bias is exactly the kind of thing that these tests would detect.
To fool them but still leave an exploitable regularity would require a
considerable redesign. As was pointed out, this is simply not the kind
of change that a rogue engineer or fab technician can introduce.