On Wed, 30 Oct 2002, Anonymous via the Cypherpunks Tonga Remailer wrote: > What technology is available to create a 2048-bit RSA key pair so that:
Does it have to be RSA? A 300 bit ECC key pair is similar to a 15,000 bit RSA problem (in time, not space). > 1 - the randomness comes from quantum noise Been there, done that. > 2 - no one knows the secret part, As in all the electronics are sealed? That's dangerous. You gotta know things are working right, so somebody has to have access to something derived from the secret, and should be able to verify it is behaving prperly. > 3 - The secret part is kept in the "box" and it is safe as long as the >box is physically secured (expense of securing the box is a don't care). Easy. > 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of >network interface You mean 100 microseconds per signature? With ECC and an FPGA that should be doable. > 5 - you can reasonably convince certain people (that stand to lose a >lot and have huge resources) in 1, 2, 3 and 4. Cake walk :-) > 6 - The operation budget is around $1m (maintenance not included). As in one million US$/year? I think I can help you out dude! > 7 - attacker's budget is around $100m The assumption in 3 is pretty damned important. > 8 - the key must never be destroyed, so backup is essential. How long is never? Is acid free paper with special ink for 1000+ years really needed? Who's gonna be around that long that needs to know? This is an important criteria, long term digital storage is a serious problem. > In other words, convincing translation of a crypto problem into physical security >problem. It has been done many times in many places. Crypto is easy. Spys are more difficult. > It looks like the key gets created on the same box(es) on which it is >stored, which all interested parties inspected to any desireable level. >Once everyone is comfortable the button gets pressed to create/distribute >the key, and then you put goons with AKs around the boxes and pray that >no one fucked with the microprocessor ... this may mean buying the >components at random. Or building your own from scratch. You can also use more than one processor from different fab houses too. But yeah, the physical security has to be first, and the psycological security comes before that. For 1) see www.eskimo.com/~eresrch Patience, persistence, truth, Dr. mike