Post-quantum chip has built-in hardware Trojan
Hacker attacks on industrial plants are no longer fiction. Attackers can steal information about production processes or paralyse entire factories. To prevent this, chips in the individual components of the plants already communicate with each other in encrypted form. However, many encryption algorithms will soon no longer offer protection: While today’s computers cannot crack established procedures, quantum computers would certainly be able to do so. This is especially critical for durable devices such as industrial plants.
For this reason, security experts worldwide are working feverishly to develop technical standards for post-quantum cryptography. One of the challenges here is the high computational demands of these encryption methods. A team led by Georg Sigl, Professor for Security in Information Technology at TUM, has now designed and had manufactured a chip that implements post-quantum cryptography particularly effectively.
Sigl and his team rely on a hardware-software co-design. In this process, specialised components and control software complement each other. “Our chip is the first to consistently rely on a hardware-software co-design for post-quantum cryptography,” says Prof. Sigl. “As a result, it can implement encryption with ‘Kyber’ – one of the most promising candidates for post-quantum cryptography – about ten times as fast as chips that rely on pure software solutions, consumes about eight times less energy and is almost as flexible as them.”
The chip is an application-specific integrated circuit (ASIC). Such specialised microcontrollers are often manufactured in large numbers according to the specifications of companies. The TUM team modified an open-source chip design based on the open-source RISC-V standard. This de facto standard is becoming more widespread and could replace proprietary approaches by large companies in many areas. The chip becomes post-quantum cryptography-capable on the one hand through a modification of the computing core and specific additional instructions with which necessary computing operations are accelerated.
In addition, the design was expanded to include a specially developed hardware accelerator. This not only enables the processor to use so-called lattice-based post-quantum cryptography algorithms such as Kyber, but could also work with the SIKE algorithm. This is associated with significantly more computing effort. According to the team, the chip developed at TUM can implement this algorithm around 21 times faster than chips that rely on software for encryption. Among experts, SIKE is seen as a promising alternative should grid-based approaches prove to be no longer secure at some point. Such safeguards make sense wherever chips are used over a long period of time.
In addition to the number of conventional hacker attacks, the threat from hardware Trojans is also increasing: computer chips are usually manufactured according to the specifications of companies in specialised factories. If attackers manage to smuggle Trojan circuits into the chip design before or during production, this could have serious repercussions. Just as with a hacker attack from outside, factories could be paralysed or production secrets stolen. What’s more, if the Trojan is already built into the hardware, it could also be used to subvert post-quantum cryptography.
“So far, we know very little about how hardware Trojans are used by real attackers,” explains Georg Sigl. “To develop protective measures, we have to put ourselves in the shoes of attackers, so to speak, and develop and hide Trojans ourselves. That’s why we have built four Trojans into our post-quantum chip that we developed and that work quite differently.”
In the coming months, Sigl and his team will intensively test the cryptographic capabilities of the chip and the function and detectability of the hardware Trojans. Afterwards, the chip will be dismantled – for research purposes. In an elaborate process, the conductor paths are ground down layer by layer, each individual layer is photographed. The goal is to test new AI methods that can be used to reconstruct the exact functioning of chips, even if no documentation is available. “Such reconstructions can help identify components of a chip whose function has nothing to do with its actual tasks and which may have been smuggled in,” says Sigl. “Such methods could one day become standard for spot checks in large chip orders. Together with effective post-quantum cryptography, we can thus make hardware in industrial plants, but also in vehicles, more secure. “