<img src="https://raw.githubusercontent.com/BlockchainCommons/www.blockchaincommons.com/master/images/silicon-salon.jpg" width=1024> <font size="5">#bc-silicon-salon 2022-06-01</font> --- ### This is collaborative session You can follow these slides at: <font size="6">https://hackmd.io/@bc-silicon-salon/rkxbd6rFw9?view#/</font> ### Collaborative Notes at: <font size="6">https://hackmd.io/S7raK1MdSWWciO_Ctm_uhw?edit</font> <!-- Put the link to this slide here so people can follow --> Please join us on a laptop or smartphone! --- ## Who am I? <img src="https://avatars.githubusercontent.com/ChristopherA?s=195"> Christopher Allen (@ChristopherA)<font size=5> - <u>'90s:</u> **Architect**: *RSAREF* & *SSLREF*; **Consultant:** Amix, Xanadu, PGP, RSA, Digicash; **Editor & Co-Author:** *TLS 1.0* - <u>'00s:</u> **CTO:** Certicom; **Adjuct Professor:** BGI Sustainable MBA - <u>'10s</u> **VP:** Blackphone; **Founder:** #RebootingWebOfTrust; **Author:** *10 Principles of Self-Sovereign Identity*; **Principal Architect:** Blockstream - <u>'20s</u> **Co-author:** *W3C Decentralized Identifiers (DIDs)*; **Principal Architect:** Blockchain Commons </font> --- ## <img src="https://i.imgur.com/QyDl5nK.png" width="192" height="192"></br> What is Blockchain Commons? <font size=6> * We bring together blockchain & Web3 stakeholders to collaboratively develop interoperable infrastructure. * We design decentralized solutions where everyone wins. * We are a neutral "not-for-profit" that enables people to control their own digital destiny. </font> --- ## <img src="https://i.imgur.com/QyDl5nK.png" width=192 height="192"><br/>The problem we're solving… --- <img src="https://i.imgur.com/JXU3zwD.png" width=512 > --- ## <img src="https://i.imgur.com/QyDl5nK.png" width=192 height="192"><br/>What do we do? <font size=6> - We work with blockchain & Web3 communities to identify problems & assess needs. - **This is what we're doing today in this salon!** - We use what we learn to collaboratively engineer interoperable specifications. - We evangelize these solutions to the ecosystem. - We support our partners with reference code and test suites so that they can develop their own implementations. </font> --- ## <img src="https://i.imgur.com/QyDl5nK.png" width="192" height="192"><br/>_I've done this before:_ - RSAREF, SSL, TLS - OAuth, FIDO - DID, VC - Smart Custody, Airgap URs & QRs, etc. --- ## Who are you? - Silicon designers - CrossBar, Tropic Square, Supranational - Wallet hardware manufacturers - Foundation Devices, Proxy - Blockchain & Web3 ecosystem members - Bitmark, Unchained Capital - Advocacy organizations - Blockchain Bird, Human Rights Foundation - Cryptographic engineers & cryptographers --- ## Our problem: - Leveraging secrets held on silicon chips as a “root of trust” is desirable <font size="6"> - Unfortunately… - Existing chips don't support modern cryptography. - Standards orgs (IETF, W3C, etc.) are rejecting the needs of the cryptocurrency ecosystem. - Capital costs & lead time for chips are high. - Inefficient IP licensing creates friction for developers. - Current financial incentives fail to create robust, secure infrastructure. - There's the “NASCAR” problem ... </font> --- #### <img src="https://i.imgur.com/v96FZW0.png" width="480"><br/>The NASCAR problem --- ## <img src="https://i.imgur.com/N1tDtE4.jpg" width=480><br/>We've seen this before: <font size="6"> - The “user-centric” promise of OpenID led to too many choices. * **This is the NASCAR problem.** - The big providers then subverted the protocol due to weak interoperability standards that didn't require reciprocity. - The result? Centralized dominance of Google, Facebook & Apple. - Do we want to repeat this pattern? </font> --- ## The Answer <font size="6"> * Follow the process of identification, assessment, collaboration, engineering, evangelization, and support. ***We must:*** - Work together to define <u>use cases & requirements</u> for new silicon chips. - Identify <u>essential features</u> for implementing new cryptography securely in silicon logic. - Create an <u>ecosystem roadmap</u> to support continued investment in secure infrastructure. - Specify <u>interoperable</u> and <u>future-proof</u> functionality. - Eliminate privileged points within the ecosystem. - Limit ability to <u>subvert</u> the shared protocols. </font> --- ## The Process - <u>SCAN</u>: Multiple presentations on these topics, with limited Q&A - _(~ 1 hour then a brief break)_ - <u>FOCUS:</u> Facilitated Q&A on 6 open topics - _(~ 15 minutes each)_ - <u>ACT:</u> Decide on next steps for collaboration - _(~15 minutes)_ --- ## Chatham House Rules Apply <font size="6"> - _"participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s) ... may be revealed."_ - We are recording the presentations for YouTube - We will not be sharing the Q&A, only recording to produce an anonymized summary - Summary will include quotes, but not names - You will have an opportunity to request anything you said be removed from the final summary </font> --- ## Presentations - [ ] CrossBar - [ ] [Proxy](https://hackmd.io/@simonratner/rkUkjkNu9) - [ ] Tropic Square - [ ] [Libre-SOC](https://www.youtube.com/watch?v=us061o4PBZs) - [ ] Supranational --- <!-- after the presentations --> #### Who am I? <font size=5> <img src="https://i.imgur.com/lqjgpmb.png" width=25% /> **Bryan Bishop (@kanzure)** - Software development background, contractor - Bitcoin Core contributor, Blockchain Commons sponsor - previously: - LedgerX (now FTX US Derivatives) - CTO/co-founder/director @ Custodia Bank (prev. Avanti Bank & Trust) - Creator of Webcash.org, a cryptocurrency without a blockchain - Will be taking high-fidelity notes today: https://hackmd.io/@bc-silicon-salon/Byr4vaXOc </font> --- ## Topics 1. Pain points 2. Architectures 3. Boot, firmware & supply chain 4. Cryptographic primitives, protocols & acceleration 5. Threats & countermeasures 6. Edge topics 7. Building a secure infrastructure ecosystem --- ## Pain Points <font size=6> - Semiconductor support is often limited to SEs - Lack of secp256k1 (and negative sentiment) - IP restrictions, patents & NDAs - Devkits, lack of which is made worse by NDAs - NASCAR problem (ecosystem friction) - One-off cryptography & wallet APIs - Future proofing as technology evolves & co-existence with legacy - No one has all the expertise necessary in-house - Lack of available cryptographer talent (and incentives in academia) - Market size, government support (and limits) - Support for continued investment in secure infrastructure </font> --- ## Pain Point Questions _(15 minutes)_ - Any missing pain points? - Disagree about any? --- ## Architectures <font size=6> _"Establishing next-generation **roots of trust**”_ - SE only - Secure key stores - Accelerator only - SE(x2?) & MCU - HSMs & dedicated chips: - Titan (Android), Pluton (Windows), T1/T2 (Apple) - Java SmartCard - Secure-on-chip solutions - Tee, SGX, TrustZone, vSGX - MPC & Collaborative Key Generation </font> --- ## Architecture Questions - Are we missing any important architectures? - Trusted input/output? - Integration (and risks) in larger systems? - What are your perspectives? Where is the market heading? --- ## Boot, Firmware &</br>Supply Chain - Bootloader: programable, multi-stage - Firmware signing & on-chip verification - Chip maker firmware vs OEM firmware vs user code (SE? MCU? both?) - Supply chain authentication - Auditability, verifiability, & public audits of code & secret management --- ## Boot, Firmware &<br/>Supply Chain Questions - Bootloader pain points? - Can OEM/wallet maker replace root of trust with their own? Self-sovereign devices? - Where are multiple security domains a solution? - “certified” and “open”? - How far back does supply chain authentication need to go? - With architectures of multiple chips, what are acceptable limits for updating different chips? - Pro & cons of MicroPython vs. bare metal code (Rust, etc.) --- ## Cryptographic Primitives <font size=5> - New hashes, MACs, Key Derivation - Blake3, SHA3, Poly1305, BIP32 - Symmetric Encryption - AES-512 vs ChaCha (x, 12, 20) - New curves - NIST P-384 (DH, ECDSA, secp384r1) - _Soon to be mandated by US-DHS_ - secp256k1 (DH, ECDSA & Schnorr) - IETF (25519, ed25519, x25519) - ristretto255 & decalf448 - BLS12-381 - ZK-friendly - Plonk & Halo - Quantum-attack resistant - _Emerging NIST requirements_ </font> --- ## Cryptographic Primitives Questions <font size=6> - Are we missing any cryptographic primitives that should be implemented in silicon - Spectrum: how much in RTL vs microcode vs interpreter - What primitives are challenging for your current hardware? - How important are NIST and other government standards? - How important is resistance to quantum computing attacks, to you, today? </font> --- ## Cryptographic Protocols <font size=5> - Signature Systems - Not just signing, but aggregation and revocation - Certs, Verifiable Credentials and DIDs - Browser OpenOAuth, JWTs, DIDComm, Keri - Privacy (including BBS+ signatures) - Multiparty Signature Schemes - Schnorr Aggregated: MuSig2, MuSigDN - Schnorr Threshold: FROST, TOAST - Adaptor Signatures: ECDSA, Schnorr - Various MPC protocols... - Authentication & Key Proofs - PAKE, OPAQUE - Transport - IETF TLS, Signal, Noise, IETF MLS - Cryptocurrencies - In particular Smart Signature scripts </font> --- ## Cryptography Protocol Questions - We can't support all protocols in dedicated silicon, but what parts are critical for you? - Is it security or performance that drives your choices? - How do we do secure hand-off between chips & devices with different capabilities? - supporting secure state machines --- ## Crypto Acceleration - Finite field arithmetic - ECC multiply/add - Zero-knowledge proofs, rangeproofs, bulletproofs, SNARKs, etc. - Multi-exponentiation - Fast Fourier Transforms - Secret Sharing - SSS - Shamir's Secret Sharing - VSS - Verifiable Secret Sharing - PVSS - Publicly Verifiable Secret Sharing --- ## Crypto Acceleration Questions <font size=6> - What other functions need hardware acceleration? - Which are important to you ***NOW***. - What performance requirements do you have now? - Any benchmarks? - When accelerating new cryptography (FROST, MPC, etc.), what are the real requirements for silicon protection of secrets? - Storage of firmware, state, nonces, etc. - What additional use cases could be enabled by hardware acceleration? </font> --- ## Threats & Countermeasures <font size=6> - Supply chain security - Secure input and output - Memory privacy, robustness, longevity - Side-channel resistance - Chip microcode vs RTL in CMOS for crypto algorithms - Physical countermeasures - **Tamper evident:** some indication of tampering whether successful or not - **Tamper resistant:** some resistance to tampering attempts - **Tamper-proof:** impossible case? </font> --- ## Threats & Countermeasure Questions <font size=6> - What are realistic threats? - Best-practices & countermeastures to address these threats? - What are your worries about side-channels? - Any evolving threats that we've not worried about before? - What attacks are the most critical for silicon chips protect against? - Are physical countermeasures important, and why? - What are your requirements for secure input & output? - Is a MCU+SE where the MCU has limited countermeasures just as bad as no SE at all? - Other "systemic" threats? </font> --- ## Edge Topics <font size=6> - Use cases, markets, and market size - E2E, IoT, oracles, sophisticated smart contracts, HSMs, server key management - Openness: IP licensing, NDAs, etc. - What does Open Development mean for chips? - Decentralization / "no platform lock-in" - Sharing security requirements & best practices - Better threat models & adversarial analysis - Multisig changes these significantly! - Compliance, testing services, security review, certification - Outdated certification standards (NIST, etc.)? - Liability issues </font> --- ## Ecosystem <font size=6> - Who are we missing from this discussion? - What are our priorities for further discussion, requirements, new specifications, APIs, reference code? - Any “low-hanging fruit” that need investigation collectively? - Talent: We need more cryptographers, code review, hardware designers - Hiring/job board? - Cryptographers as a shared resource? - Peer security code reviews? - Is there more things that a neutral third-party like Blockchain Commons should be doing? </font> --- ## Next Steps - Collaboration channels for futher discussion - Synchronous: [Private Signal group](https://signal.group/#CjQKINQTJeLo7ee3-i4qX6a94HouFQSXSreoQR6pbtc6JpRrEhBw2-O2uDKu7XjB_RupXaSy) - Asynchronous: [Github discussion area](https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions) - Next Silicon Salon? - F2F at [#RebootingWebOfTrust 11](https://www.weboftrust.info/next-event-page.html) in The Hague? - Do you like what we are doing here today? - Become a ongoing [sponsor](http://github.com/sponsors/BlockchainCommons) of Blockchain Commons via GitHub. --- <img src="https://avatars.githubusercontent.com/ChristopherA?s=195"> Christopher Allen (@ChristopherA) <img src="https://i.imgur.com/QyDl5nK.png" width="192" height="192"> www.BlockchainCommons.com