1992-11-26 - chip verification ( Was: Tollhouse Cookies :-)

Header Data

From: Richard Childers <rchilder@us.oracle.com>
To: cypherpunks@toad.com
Message Hash: df52a9e70536ef8f21a2858d6d9d1a70f335372fa6d581691ccfeb75c5f176af
Message ID: <9211260206.AA08221@rchilder.us.oracle.com>
Reply To: N/A
UTC Datetime: 1992-11-26 02:07:42 UTC
Raw Date: Wed, 25 Nov 92 18:07:42 PST

Raw message

From: Richard Childers <rchilder@us.oracle.com>
Date: Wed, 25 Nov 92 18:07:42 PST
To: cypherpunks@toad.com
Subject: chip verification  ( Was: Tollhouse Cookies  :-)
Message-ID: <9211260206.AA08221@rchilder.us.oracle.com>
MIME-Version: 1.0
Content-Type: text/plain

"The crucial chips could be built under "open inspection" conditions,
 much like having source code for inspection prior to compilation on
 one's own--presumably trustworthy--machines. Several such vendors
 could be used, with independent auditors observing the processing
 steps throughout. (Merely the threat of a surprise inspection is
 probably enough to head off obvious attempts to insert hardware
 trapdoors and the like.) This seems like a solvable problem."

It seems to me that an ostensibly digital device with a fixed number
of pins could be regarded as a finite state system, and systematically
analyzed accordingly, IE, traverse the set of possible combinations of
pins and signal levels and verify that it behaves in accord with pub-
-lically available specifications.

I'm no circuit designer ( yet ), but it seems to me that the microchip
might be subject to design to make it conform to such tests, yet still
contain additional circuitry which is undocumented. It might also have
analog circuitry, I suppose, although I cannot immediately conceive of
a use for such a thing. ( Of course, nanotech rears its ugly head, but
that sword cuts both ways and, until it manifests, is irrelevant. )

Perhaps a chip could be tested, at the cost of additional time, by a
systematic profiling of the finite boundaries of the device as repre-
-sented by the combination of pins being stimulated, the combination
of pin input voltage levels, and the resulting pin output voltages.
If you want to be fanatical, you can also profile the resulting fields.
It seems to me that it would be difficult to defy such a systematic
profiling. ( I guess one could also test the I:E:R ratios at each of
the states to further detect bogus circuitry, as well as borderline
products. )

Why quality assurance lines don't do this on a chip-by-chip level now is
beyond me. I'll bet the Japanese do now, or are working on it ...

-- richard

-- richard childers		rchilder@us.oracle.com		1 415 506 2411
         oracle data center  --  unix systems & network administration

                    Klein flask for rent. Inquire within.