Title: Joachim Strömbergson Date: 2016-12-15 22:54

Joachim Strömbergson


Current activities

  • Developing coretest - a core testing framework for FPGAs.
  • Implementation of UART
  • Verification of SHA-256
  • Verification of SHA-1
  • Implementation of AES-128
  • Design proposal for TRNG
  • Design proposal for Curve25519 accelerator

Work Notes

Presentations from meeting 2014-03-10 (updated and extended):

  • [browser:/doc/presentations/Cryptech_HW_status_2014-03-10.pdf "Cryptech HW status 2014-03-10"]
  • [browser:/doc/presentations/Cryptech_TRNG_Ideas_2014-03-17.pdf "Cryptech TRNG Ideas 2014-03-17"]

Open EDA Tools

  • http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing


We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work:

  • http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519
  • http://cryptojedi.org/crypto/index.shtml - The code to the implementation
  • http://nacl.cr.yp.to/ - The main NaCl library by DJB.
  • http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB.

Pre meeting notes

Stockholm 2013-12-05 - 2012-12-06

Preparation notes for the OpenHSM meeting 2013-12-05 -- 2013-12-06. The notes contains topics, questions and ideas I want to bring up, check and discuss on the meeting.


  • How to build trust in the project?
    • Total openess and transparency
    • Traceability of decisions
    • Focus on simple third party validation
    • Partitioning of security functions

Project goal

  • Low cost vs high performance

  • Scalability

    • Functionality
    • Performance
    • Security
  • Target system

    • Performance

    • Self contained, external

      • USB,
      • Ethernet
    • Integrated

      • PCIe
      • Mem module
      • SD card
  • Target users

    • Single user
    • Enterprise
  • Roadmap and development plan

    • Prototyp - första målplattform
    • Establish first Use cases
  • Deliveries

    • Proof of concept, prototype
    • Self assembly and/or finished product
    • Source code for SW, HW
    • PCB
    • Enclosures
    • Development environment
    • Test, validation environment
    • Tool development

    • Time plan

      • Start when
      • Proto when
      • v 1.0 when

Project management

  • Status financing

  • Ownership

  • Oveerseeing board

    • IETF, ISOC,... ?
  • Advisory board

    • Reviewers, external experts
      • FPGA key extract dude
      • DJB
  • Team

    • Addtiona competency needed?
  • Project security

    • Communication
    • ...

Development general

  • License(s)

    • GPLv2, v3
    • BSD
  • Methodology

    • Agile
    • Minimal functionality in PoC
    • Clear increments
  • Repository

    • Github


  • Target technologies

    • FPGA (+ internal, external CPUs)
    • ASIC
    • Pure CPU based
  • Target PoC board

    • Select one early
  • Toolchains and languages

    • SW
    • HW
      • Verilog 2001, 2005, SystemVerilog
      • Icarus, gplcver
      • Vendor specific
      • Validation of bitstream
        • Edge of trust, dowm the Rabbit hole
  • Security support in design

    • JTAG
    • BIST for functionality
    • BIST for security

      • KATS
    • On-line self check

      • RNG
        • Pathological problems
          • Stuck at fixed values
          • variance
          • bias
  • Reuse of existing design, code?

    • Cores - OpenCores
      • OpenRISC
      • AES, SHA, RSA
    • SoftHSM - DNSSEC PKCS#11
    • Nettle
    • ...
  • On chip 32-bit or 64 bit CPU core

    • OpenRISC
      • LGPL
      • http://openrisc.net/
      • http://opencores.org/or1k/Main_Page
      • https://en.wikipedia.org/wiki/OpenRISC
  • RNG

    • More than one entropy source
      • Just external sources
        • User/vendor/implemented supplied
      • One external, one internal
        • YubiHSM entropy source: https://www.yubico.com/products/yubihsm/
        • Haveged: http://www.issihosts.com/haveged/
        • DakaRand: http://dankaminsky.com/2012/08/15/dakarand/
        • Jytter a userspace RNG: http://www.chronox.de/
        • CPU Jitter RNG: http://www.chronox.de/
      • CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc.
        • NIST SP 800-90. CTR_DRBG
        • Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG
          • Schneier, Ferguson. No estimator needed.
        • OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3
      • Raw read access in test mode to collected entropy pre whitening
      • Write access in test mode to CSPRNG
      • No key generation etc allowed during test mode.

Technical requirements

  • Functional requirements

    • TLS 1.x
    • Need roadmap for functions
      • AES, SHA-256, DH, RSA first iteration
    • Why GOST?
    • Why MD5?
    • Curves supported?
      • Curve25519
      • NIST, IEEE, RFC 4xxx
  • HW/SW partitioning

    • Modularity
  • API

    • DMA, buffering, formats
    • PKCS#11
    • Observability and control
  • Security requirements

    • Common Criteria - EAL
    • FIPS 140-2 level 3-4
  • Performance

    • Operations/s
    • Packets per second
    • Latency


  • Methodology

    • Unit tests, KATs
  • Documentation

    • What to document
    • How
  • Reviews

    • Plan for them
    • Who to ask
  • Tools

    • Valgrind, Purify, linters


  • Meetings

    • Discussions, MoMs
    • Decisiona - motivation

    • Design

    • Test and validation