Chip Design Flaw Could Subvert EncryptionNovember 21st, 2007 - 11:28 pm ICT by admin
Adi Shamir, a leading expert on computer cryptography, has posited that a new security risk might be dawning as computer chips get more and more complex. Shamir is a professor at the Weizmann Institute of Science in Israel and is the “S” is RSA.
The New York Times reported recently that Shamir circulated a research note to colleagues hypothesizing that a subtle math error in advanced computer chips could be recognized and exploited in a way that would break public-key cryptography systems, including RSA security.
Shamir said that if an intelligence organization discovered such a flaw, security software on a computer with a compromised chip could be “trivially broken with a single chosen message.” The attacker would send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
Trouble with Design Secrets
“Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Shamir wrote.
One problem, Shamir said, is that due to the top-secret nature of chip design, it would be impossible to verify that a manufacturer’s chip was not flawed. “Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers,” he said, “there are many smaller manufacturers of microprocessors who may be less careful with their design.”
Andrew Storms, director of security operations for nCircle Network Security, emphasized that Shamir’s work is hypothetical and intended for discussion among his peers.
“It’s important to note that Shamir had not intended for his notes to be dispersed among large crowds,” Storms wrote in an e-mail. “This was more of the case of him sending an interesting note among trusted colleagues.” Times reporter John Markoff made the issue one for public…
Tags: chip design, colleagues, computer chips, computer cryptography, cryptography systems, design flaw, design secrets, intelligence organization, mail, meticulously, ncircle, new york times, posited, public key cryptography, rsa security, secret nature, shamir, storms, subvert, weizmann institute of science