Repository to explore the physical limits of trusted hardware in the classical and quantum settings.
- NO proof of manufacturing according to a known open source chip design specification
- NO proof of non-leakage of secret bits -- how can we know that the secret bits encoded into the chip were not leaked at any point in time during manufacturing
- NO proof of hidden-forever secret bits -- above and beyond trusting or not trusting the chip manufacturers, and the manufacturing processes, one problem remains: Can we truly hide secret bits of information into physical matter?
See #2, for more details. Also, of relevance: #1, #7, #8, CHIP_ATTACKS.md, and PUFs.md.
The current leading intuition of the feeble mind of this repo's author is that trusted hardware (which can withstand physical attacks) is impossible in the classical setting, meaning that an adversary who can physically access the chip will be capable to break its security because of physics, regardless of whether the chip is perfectly designed, architected, manufactured, or of whether the manufacturer is honest etc. The claim or intuition is that as per our understanding of the laws of physics, an attacker will be able to read the secret information that has been encoded into the chip and therefore will break the security of the chip. If that claim or intuition holds, then what does that mean for trusted hardware? Is it a pipe dream? Can the quantum setting make a difference? Naively thinking, what if we "throw" the secret information into a black hole? Would that help? Could a chip be designed such that it uses nano black holes to store secret keys? How would key derivation work if the root keys are in a black hole? ETC.
It may be helpful to first define what is meant by trusted hardware and more importantly what is the problem that trusted hardware aims to solve. In order to do so, we'll use the paper Intel SGX Explained by Victor Costan and Srinivas Devadas, as it is an invaluable resource in explaining the various components of Intel SGX, which is arguably the most well-known and popular trusted hardware at the moment of this writing.
Victor Costan and Srinivas Devadas set the stage like so:
Secure remote computation (Figure 1) is the problem of executing software on a remote computer owned and maintained by an untrusted party, with some integrity and confidentiality guarantees. In the general setting, secure remote computation is an unsolved problem. Fully Homomorphic Encryption [61] solves the problem for a limited family of computations, but has an impractical performance overhead [140].
Intel’s Software Guard Extensions (SGX) is the latest iteration in a long line of trusted computing (Figure 2) designs, which aim to solve the secure remote computation problem by leveraging trusted hardware in the remote computer. The trusted hardware establishes a secure container, and the remote computation service user uploads the desired computation and data into the secure container. The trusted hardware protects the data’s confidentiality and integrity while the computation is being performed on it.
Black-Hole Radiation Decoding is Quantum Cryptography by Zvika Brakerski -- (Thanks to @tyurek for sharing)
- Black-Hole Radiation Decoding as a Cryptographic Assumption by Zvika Brakerski at the Minimal Complexity Assumptions for Cryptography workshop at the Simons Institute for the Theory of Computing -- (Thanks to Alex Obadia for sharing.)
- Quantum Commitments and Black Hole Radiation Decoding by Fermi Ma at the Quantum Summer Cluster Workshop at the Simons Institute for the Theory of Computing
- Intel SGX Explained by Victor Costan and Srinivas Devadas
- The Laws of Physics and Cryptographic Security by Terry Rudolph
- Is the security of quantum cryptography guaranteed by the laws of physics? by Daniel J. Bernstein
- Black-Hole Radiation Decoding is Quantum Cryptography by Zvika Brakerski (Thanks to @tyurek for sharing)
- On black holes, holography, the Quantum Extended Church-Turing Thesis, fully homomorphic encryption, and brain uploading by Scott Aaronson
- Hayden–Preskill thought experiment
- Here’s one way to get out of a black hole! by John Preskill
- Using Memory Errors to Attack a Virtual Machine by Sudhakar Govindavajhala and Andrew W. Appel (thanks to @intoverflow for sharing)
- A2: Analog Malicious Hardware by Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, Dennis Sylvester (thanks to @intoverflow for sharing)
- https://quantumfrontiers.com/author/preskill/
- Search for microscopic black hole signatures at the large hadron collider
- Micro black hole
- Extra dimensions, gravitons, and tiny black holes
- Mini Black Holes Easier To Make Than Thought
- Information encoded on the surface of a black hole
- A spiderweb of wormholes could solve a fundamental paradox first proposed by Stephen Hawking
- Black hole information paradox
- Black Hole Encryption
- Hayden-Preskill thought experiment (fun video)
- Hairy BTZ black hole and its analogue model in graphene (arxiv)
- Black Hole complexity, unscrambling, and stabilizer thermal machines
- Scrambling in the Black Hole Portrait
- Black Hole Based Quantum Computing in Labs and in the Sky
- Universality of Black Hole Quantum Computing
- Production and evaporation of micro black holes as a link between mirror universes
- Information in Black Hole Radiation
- Holographic measurement and quantum teleportation in the SYK thermofield double
- Matrix-Model Simulations Using Quantum Computing, Deep Learning, and Lattice Monte Carlo
See PUFs.md. Also on HackMD at https://hackmd.io/8JDYHl-qQdGGucCV2B7hzA.
- Nature Electronics: https://www.nature.com/articles/s41928-020-0372-5?proof=t
- Wikipedia: https://en.wikipedia.org/wiki/Physical_unclonable_function
- On the Physical Security of Physically Unclonable Functions
- A Fourier Analysis Based Attack against Physically Unclonable Functions
- Feasibility and Infeasibility of Secure Computation with Malicious PUFs
Please do! File issues & pull requests as you wish!. Don't hold back!
Loosely will attempt to follow the ZeroMQ RFC 42/C4: Collective Code Construction Contract.
But don't worry about it! Just write your mind in the form of issues and pull requests!
As I started to learn about Intel SGX, I eventually became very much concerned about chip attacks. Eventually, a small set of slides Can we Hide Atoms? was put together to convey the concerns at the IC3 Summer Camp 2021, in the context of a Rump Session. The intuition has been that trusted hardware (e.g. Intel SGX), as of now, would require us to be capable to hide atoms, (or subatomic particles, such as electrons), from an attacker who has physical access to the chip.
In other words a secret key, is information, and information is encoded in matter. Hence, the leading question is: "Can we hide information encoded in matter from an observer, who has access to the matter?" Intuitivaly, it seems like this is not possible, at least in the classical setting, although PUFs appear to offer a solution. The quantum setting is probably very much different, as the very act of observing may destroy or change what is attempted to be observed.
As for black holes ... At the IC3 Summer Camp 2022, meanwhile having lunch with colleagues, the idea of throwing the secret bits in a black hole felt reassuring as a way to hide the bits. Far from solving the chip attack problem seemingly inherent to TEEs, it did seem to give some hope that perhaps, after all, TEEs were not doomed to be just some pipe dream in which I was wasting precious time. A few months later, @tyurek shared Black-Hole Radiation Decoding is Quantum Cryptography by Zvika Brakerski which, at the very least, in my imagination, gave me some hope that perhaps some kind of future TEEs could leverage high-energy physics objects to implement cryptographic schemes, such that breaking the TEE would require breaking physics.