How to Verify Crypto Engine
When using a cryptographic (hardware) engine, it is important to trust its correctness. However, is there a way to verify the engine’s output without incurring significant computational costs?
Unfortunately, there is no efficient method to detect backdoors in cryptographic hardware. Backdoors can be hidden in various ways, making them difficult to detect.
Testing is not effective in uncovering deliberately-introduced backdoors. Attackers can activate the backdoor only for specific inputs or after receiving a special signal. For example, the hardware engine may have a secret value embedded in it. If a ciphertext starting with this secret value is received, the backdoor is activated. This allows attackers to enable the backdoor after the system is in production, making it hard to detect.
A malicious crypto engine can exploit various vulnerabilities to compromise security. It can manipulate random number generation to produce guessable keys, accept malicious messages when instructed by the attacker, or leak confidential data in multiple ways. Even if the engine doesn’t have direct network access, it can still use subliminal channels or timing channels to leak information.
In conclusion, if you do not trust the crypto hardware, it is difficult to guarantee its correctness. Therefore, it is crucial to only use crypto hardware that you trust.