NIST Helps You With Cryptography

Getting cryptography right isn’t easy, and it’s a lot worse on constrained devices like microcontrollers. RAM is usually the bottleneck — you will smash your stack computing a SHA-2 hash on an AVR — but other resources like computing power and flash code storage space are also at a premium. Trimming down a standard algorithm to work within these constraints opens up the Pandora’s box of implementation-specific flaws.

NIST stepped up to the plate, starting a lightweight cryptography project in 2013 which has now come out with a first report, and here it is as a PDF. The project is ongoing, so don’t expect a how-to guide. Indeed, most of the report is a description of the problems with crypto on small devices. Given the state of IoT security, just defining the problem is a huge contribution.

Still, there are some concrete recommendations. Here are some spoilers. For encryption, they recommend a trimmed-down version of AES-128, which is a well-tested block cipher on the big machines. For message authentication, they’re happy with Galois/Counter Mode and AES-128.

I was most interested in hashing, and came away disappointed; the conclusion is that the SHA-2 and SHA-3 families simply require too much state (and RAM) and they make no recommendation, leaving you to pick among less-known functions: check out PHOTON or SPONGENT, and they’re still being actively researched.

If you think small-device security is easy, read through the 22-question checklist that starts on page twelve. And if you’re looking for a good starting point to read up on the state of the art, the bibliography is extensive.

Your tax dollars at work. Thanks, NIST!

And thanks [acs] for the tip!

Fixing the Ampere: Redefining the SI Unit

We all know that it’s not the volts that kill you, it’s the amps. But exactly how many electrons per second are there in an amp? It turns out that nobody really knows. But according to a press release from the US National Institute of Standards and Technology (NIST), that’s all going to change in 2018.

The amp is a “metrological embarrassment” because it’s not defined in terms of any physical constants. Worse, it’s not even potentially measurable, being the “constant current which, if maintained in two straight parallel conductors of infinite length, of negligible circular cross-section, and placed 1 meter apart in vacuum, would produce between these conductors a force equal to 2 x 10–7 newton per meter of length.” You can’t just order a spool of infinite length and negligible cross-section wire and have it express shipped.

So to quantify the exact number of electrons per second in an amp, the folks at NIST need an electron counter. This device turns out to be a super-cooled, quantum mechanical gate that closes itself once an electron has passed through. Repeatedly re-opening one of these at gigahertz still provides around a picoamp. Current (tee-hee) research is focused on making practical devices that push a bit more juice. Even then, it’s likely that they’ll need to gang 100 of these gates to get even a single microamp. But when they do, they’ll know how many electrons per second have passed through to a few tens of parts per billion. Not too shabby.

We had no idea that the amp was indirectly defined, but now that we do, we’re looking forward to a better standard. Thanks, NIST!

Thanks [CBGB123B] for the tip!

Quantum Computing Kills Encryption

Imagine a world where the most widely-used cryptographic methods turn out to be broken: quantum computers allow encrypted Internet data transactions to become readable by anyone who happened to be listening. No more HTTPS, no more PGP. It sounds a little bit sci-fi, but that’s exactly the scenario that cryptographers interested in post-quantum crypto are working to save us from. And although the (potential) threat of quantum computing to cryptography is already well-known, this summer has seen a flurry of activity in the field, so we felt it was time for a recap.

How Bad Is It?

If you take the development of serious quantum computing power as a given, all of the encryption methods based on factoring primes or doing modular exponentials, most notably RSA, elliptic curve cryptography, and Diffie-Hellman are all in trouble. Specifically, Shor’s algorithm, when applied on a quantum computer, will render the previously difficult math problems that underlie these methods trivially easy almost irrespective of chosen key length. That covers most currently used public-key crypto and the key exchange that’s used in negotiating an SSL connection. That is (or will be) bad news as those are what’s used for nearly every important encrypted transaction that touches your daily life.

Continue reading “Quantum Computing Kills Encryption”

Hackaday Links: August 2, 2015

Over the last few years, Maker’s Asylum in Mumbai has grown from a garage to a very well stocked workspace with 140 members. They’re getting kicked out at the end of the month and they need some help. We just had a meetup at the Delhi branch of Maker’s Asylum, and these guys and gals are really cool.

Speaking of crowdfunding campaigns for hackerspaces, South Central Pennsylvania might be getting its own hackerspace. The 717 area code is a vast wasteland when it comes to anything anyone reading Hackaday would consider interesting, despite there being plenty of people who know their way around CNC machines, soldering irons, and welders. This needs to happen.

Need some help with Bluetooth standards? Tektronix has you covered with a gigantic poster of the physical layer. If only there were a repository of these handy, convenient reference posters.

Forgings and castings make for great YouTube videos, and this aluminum bell casting is no exception. There’s about 18 pounds of aluminum in there, which is pretty large as far as home casting goes.

Electronic Goldmine has an assortment of grab bags – spend a few dollars get a bag of chips, LEDs, diodes, or what have you. What’s in these grab bags? [alpha_ninja] found out. There’s some neat stuff in there, except for the ‘SMD Mixture’ bag.

Remember the found case molds for the Commodore 64C that became a Kickstarter? It’s happening again with the Amiga 1200. This is a new mold with a few interesting features that support the amazing amount of upgrades that have come out for this machine over the years. Being new molds, the price per piece is a little high, but that’s your lesson in manufacturing costs for the day.

Measuring The Accuracy Of A Rubidium Standard

A rubidium standard, or rubidium atomic clock, is a high accuracy frequency and time standard, usually accurate to within a few parts in 1011. This is still several orders of magnitude less than some of the more accurate standards – for example the NIST-F1 has an uncertainty of 5×10-16 (It is expected to neither gain nor lose a second in nearly 100 million years) and the more recent NIST-F2 has an uncertainty of 1×10-16 (It is expected to neither gain nor lose a second in nearly 300 million years). But the Rb standard is comparatively inexpensive, compact, and widely used in TV stations, Mobile phone base stations and GPS systems and is considered as a secondary standard.

[Max Carter] recently came into possession of just such a unit – a Lucent RFG-M-RB that was earlier in use at a mobile phone base station for many years. Obviously, he was interested in finding out if it was really as accurate as it was supposed to be, and built a broadcast-frequency based precision frequency comparator which used a stepper motor to characterise drift.

Compare with WWVB Broadcast

WWVB Receiver
WWVB Receiver

The obvious way of checking would be to use another source with a higher accuracy, such as a caesium clock and do a phase comparison. Since that was not possible, he decided to use NIST’s time/frequency service, broadcasting on 60 kHz – WWVB. He did this because almost 30 years ago, he had built a receiver for WWVB which had since been running continuously in a corner of his shop, with only a minor adjustment since it was built.

Comparator Circuit Installed in a Case

His idea was to count and accumulate the phase ‘slips’ generated by comparing the output of the WWVB receiver with the output of the Rb standard using a digital phase comparator. The accuracy of the standard would be calculated as the derivative of N (number of slips) over time. The circuit is a quadrature mixer: it subtracts the frequency of one input from the other and outputs the difference frequency. The phase information is conveyed in the duty cycle of the pulses coming from the two phase comparators. The pulses are integrated and converted to digital logic level by low-pass filter/Schmitt trigger circuits. The quadrature-phased outputs are connected to the stepper motor driver which converts logic level inputs to bi-directional currents in the motor windings. The logic circuit is bread-boarded and along with the motor driver, housed in a computer hard drive enclosure which already had the power supply available.

Continue reading “Measuring The Accuracy Of A Rubidium Standard”

Towards the Perfect Coin Flip: The NIST Randomness Beacon

Since early evening on September 5th, 2013 the US National Institute of Standards and Technology (NIST) has been publishing a 512-bit, full-entropy random number every minute of every day. What’s more, each number is cryptographically signed so that you can easily verify that it was generated by the NIST. A date stamp is included in the process, so that you can tell when the random values were created. And finally, all of the values are linked to the previous value in a chain so that you can detect if any of the past numbers in the series have been altered after the next number is published. This is quite an extensive list of features for a list of random values, and we’ll get into the rationale, methods, and uses behind this scheme in the next section, so stick around.

Continue reading “Towards the Perfect Coin Flip: The NIST Randomness Beacon”

Gutenberg Clock Keeps Time by Reading Books

Gutenberg clock displaying text from a book

We’ve seen a wide variety of hacks that keep time, but [ch00f]’s latest build takes a new spin on counting the seconds. The Gutenberg Clock keeps time by reading books on a scrolling LED screen.

The content for the clock is sourced from the Project Gutenberg, which releases books with expired copyright for free. The library on the clock consists of around twenty thousand such books. Read at eighty words per minute, the clock won’t repeat a passage for the next thirty-three years.

While the clock doesn’t display time itself, it is synchronized to time. Two identical clocks should display the same text at the same time. To get the time, [ch00f] first tried hacking apart a cheap radio clock, which is synchronized to NIST’s 60 kHz broadcast. After reverse engineering the protocol with great success, stray RF energy from the display turned out to cause too much interference.

With the cheap solution out the window, [ch00f] built a custom breakout for an Adafruit GPS module and used it to get the time. This was his first RF board, but it worked out fine.

Books are loaded onto a FAT filesystem on an SD card, and [ChaN]’s FatFS is used to interpret the filesystem. A microcontroller then sends the text out at a constant rate to a serial port on the display which he hacked his way into.

The project is a neat mix of art and electronics. Stick around for a video overview after the break.

Continue reading “Gutenberg Clock Keeps Time by Reading Books”