Skip to content
/ qtee Public

Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.

License

Notifications You must be signed in to change notification settings

sbellem/qtee

Repository files navigation

qtee: Searching for Security through Physics

Repository to explore the physical limits of trusted hardware in the classical and quantum settings.

Current challenges facing trusted hardware (TEEs):

  1. NO proof of manufacturing according to a known open source chip design specification
  2. NO proof of non-leakage of secret bits -- how can we know that the secret bits encoded into the chip were not leaked at any point in time during manufacturing
  3. NO proof of hidden-forever secret bits -- above and beyond trusting or not trusting the chip manufacturers, and the manufacturing processes, one problem remains: Can we truly hide secret bits of information into physical matter?

See #2, for more details. Also, of relevance: #1, #7, #8, CHIP_ATTACKS.md, and PUFs.md.

Intuition

The current leading intuition of the feeble mind of this repo's author is that trusted hardware (which can withstand physical attacks) is impossible in the classical setting, meaning that an adversary who can physically access the chip will be capable to break its security because of physics, regardless of whether the chip is perfectly designed, architected, manufactured, or of whether the manufacturer is honest etc. The claim or intuition is that as per our understanding of the laws of physics, an attacker will be able to read the secret information that has been encoded into the chip and therefore will break the security of the chip. If that claim or intuition holds, then what does that mean for trusted hardware? Is it a pipe dream? Can the quantum setting make a difference? Naively thinking, what if we "throw" the secret information into a black hole? Would that help? Could a chip be designed such that it uses nano black holes to store secret keys? How would key derivation work if the root keys are in a black hole? ETC.

What's the Problem?

It may be helpful to first define what is meant by trusted hardware and more importantly what is the problem that trusted hardware aims to solve. In order to do so, we'll use the paper Intel SGX Explained by Victor Costan and Srinivas Devadas, as it is an invaluable resource in explaining the various components of Intel SGX, which is arguably the most well-known and popular trusted hardware at the moment of this writing.

Victor Costan and Srinivas Devadas set the stage like so:

Secure remote computation (Figure 1) is the problem of executing software on a remote computer owned and maintained by an untrusted party, with some integrity and confidentiality guarantees. In the general setting, secure remote computation is an unsolved problem. Fully Homomorphic Encryption [61] solves the problem for a limited family of computations, but has an impractical performance overhead [140].

Intel’s Software Guard Extensions (SGX) is the latest iteration in a long line of trusted computing (Figure 2) designs, which aim to solve the secure remote computation problem by leveraging trusted hardware in the remote computer. The trusted hardware establishes a secure container, and the remote computation service user uploads the desired computation and data into the secure container. The trusted hardware protects the data’s confidentiality and integrity while the computation is being performed on it.

Key Work: Black-Hole Radiation Decoding is Quantum Cryptography

Black-Hole Radiation Decoding is Quantum Cryptography by Zvika Brakerski -- (Thanks to @tyurek for sharing)

Talks

Resources

About Black Holes

PUFs: Physical Unclonable Functions

See PUFs.md. Also on HackMD at https://hackmd.io/8JDYHl-qQdGGucCV2B7hzA.

Contributing

Please do! File issues & pull requests as you wish!. Don't hold back!

Loosely will attempt to follow the ZeroMQ RFC 42/C4: Collective Code Construction Contract.

But don't worry about it! Just write your mind in the form of issues and pull requests!

Origins of this Repository

As I started to learn about Intel SGX, I eventually became very much concerned about chip attacks. Eventually, a small set of slides Can we Hide Atoms? was put together to convey the concerns at the IC3 Summer Camp 2021, in the context of a Rump Session. The intuition has been that trusted hardware (e.g. Intel SGX), as of now, would require us to be capable to hide atoms, (or subatomic particles, such as electrons), from an attacker who has physical access to the chip.

In other words a secret key, is information, and information is encoded in matter. Hence, the leading question is: "Can we hide information encoded in matter from an observer, who has access to the matter?" Intuitivaly, it seems like this is not possible, at least in the classical setting, although PUFs appear to offer a solution. The quantum setting is probably very much different, as the very act of observing may destroy or change what is attempted to be observed.

As for black holes ... At the IC3 Summer Camp 2022, meanwhile having lunch with colleagues, the idea of throwing the secret bits in a black hole felt reassuring as a way to hide the bits. Far from solving the chip attack problem seemingly inherent to TEEs, it did seem to give some hope that perhaps, after all, TEEs were not doomed to be just some pipe dream in which I was wasting precious time. A few months later, @tyurek shared Black-Hole Radiation Decoding is Quantum Cryptography by Zvika Brakerski which, at the very least, in my imagination, gave me some hope that perhaps some kind of future TEEs could leverage high-energy physics objects to implement cryptographic schemes, such that breaking the TEE would require breaking physics.

About

Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published