On Tue, 25 Jul 2006, Perry E. Metzger wrote:
EE Times is carrying the following story: http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=190900759 It is about attempts to use cryptography to protect chip designs from untrustworthy fabrication facilities, including a technology from Certicom. Unlike ordinary DRM, which I think can largely work in so far as it merely provides a (low) barrier to stop otherwise honest people from copying something they find inexpensive in the first place, it seems to me that efforts like this are doomed. It is one thing if you're just trying to keep most people honest about something that doesn't cost much money, and another if you're trying to protect something worth millions of dollars from people with extremely sophisticated reverse engineering equipment. In particular, people who operate fabs are also in possession of exquisitely good equipment for analyzing the chips they've made so they can figure out process problems, and the "key injection" equipment Certicom is making could easily be suborned as well. I'd be interested in other people's thoughts on this. Can you use DRM to protect something worth not eight dollars but eight million?
This has already been attempted with video game machines back in the 80s and with consoles like the X-Box more recently. In both cases, the encryption made it more difficult, but not impossible.
There seems to be this idea that if we just use enough DRM, or enough encryption, we can overcome its weaknesses. It is like saying if we wish for something hard enough we can overcome the laws of nature. (And if it didn't happen, we did not wish hard enough.)
But enough about US foreign policy... -- "I want to live just long enough to see them cut off Darl's head and stick it on a pike as a reminder to the next ten generations that some things come at too high a price. I would look up into his beady eyes and wave, like this... (*wave*!). Can your associates arrange that for me, Mr. McBride?" - Vir "Flounder" Kotto, Sr. VP, IBM Empire. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]