Wednesday, August 17, 2022

PQC

I haven't blogged in 3 months, so I thought I would create a short post this evening.

One thing that I've noticed in my behavior lately is that I often say "I understand" versus "I agree." Latter implies I have a vote on the topic. I also find myself demonstrating the behavior that "as you age in industry you become more 'historian' than 'expert'". But the plurality of ambitious folks who believe they are 'expert' often fight when you lean too much into history mode. Their behavior reminds me of the quote 'the person may be wrong but is never in doubt.' 

As I get older I am tacking the opposite direction of confidence in all matter.  I find I doubt things more as I apprehend the huge swaths of knowledge I haven't penetrated on this life journey. I don't like Bukowski's "The problem with the world is that the intelligent people are full of doubts, while the stupid ones are full of confidence." quote in this area, though. It implies the issue involved is one of intelligence. I rather prefer to chalk it up to intellectual humility. 

Hopefully I demonstrate some of that behavior in my interactions. If I were up to the challenge of watching myself on video, I'd audit my revisit to Chips & Salsa https://www.youtube.com/watch?v=wqcUWAEHcVg. I recall blogging about that venue a while back http://vzimmer.blogspot.com/2021/11/books-old-age.html, too.

Regarding a topic area that reminds me of the of breadth of knowledge and progress, I'd like to recall the post quantum cryptography (PQC) talk https://uefi.org/sites/default/files/resources/Post%20Quantum%20Webinar.pdf. Readiness for PQC includes recent UEFI specification code-first readiness https://bugzilla.tianocore.org/show_bug.cgi?id=3413 and https://bugzilla.tianocore.org/show_bug.cgi?id=3725. A 2022 augmentation of a feature first conceived 15 years ago https://www.semanticscholar.org/paper/Platform-Trust-Beyond-BIOS-Using-the-Unified-Zimmer/0bd3bdeb6dcadf088137e13c00adc7e4390fa0de


I was enthralled with the various RT's.  Roots of Trust for Storage & Reporting (RTS/RTR) in the TPM, Root of trust for measurement (RTM) and Root of trust for enforcement/verification (RTE/V) for the platform firmware. This predated the RTU and RTD from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf years later.

Beyond UEFI there are other industry standards that require PQC accommodations. These include protocols like SPDM https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.1.pdf. The cryptography eprint https://eprint.iacr.org/2022/1049 posted today describes some of this work. This is definitely an 'application' of cryptography versus cryptographic research. The latter is especially challenging, as demonstrated by recent findings like https://thequantuminsider.com/2022/08/05/nist-approved-post-quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/. I am a fan of this type of analysis. I did feel a little bit like we were guilty of Pike's 2000 diatribe "Mostly, though, it's just a lot of measurement" http://doc.cat-v.org/bell_labs/utah2000/utah2000.html

This news story reminded me of former co-worker Ernie Brickell's knapsack paper https://link.springer.com/content/pdf/10.1007/3-540-39568-7_27.pdf. Ironically Merkle https://en.wikipedia.org/wiki/Ralph_Merkle is related to a present co-worker and I was able to grab an autograph for my book on Merkle's original knapsack work












Ernie was a rare combination of PhD and leader. I still recall Ernie trying to recruit me to join his team a decade ago. Ernie did fascinating work on zero-knowledge proofs, including co-inventing Direct Anonymous Attestation (DAA) https://eprint.iacr.org/2010/067.pdf that was eventually included in the TPM 2.0 specification. Definitely a different eprint than item mentioned at top of this blog https://eprint.iacr.org/2022/1049.pdf. Ernie also introduced me to David Chaum https://en.wikipedia.org/wiki/David_Chaum of zero-knowledge proof fame, too, at an Intel event. 

One cautionary tale I learned from Ernie was avoiding going all in on a given position. The combination of drive, technical depth, and passion for a topic can create a lot of p=mv momentum https://www.calculatorsoup.com/calculators/physics/momentum.php when slamming into the walls that one often finds in bigCo.  

Speaking of years ago, I am happy to see progress https://github.com/UniversalScalableFirmware/fspsdk/tree/qemu_fsp_at_reset toward the vision of 



from page 143 of https://link.springer.com/book/10.1007/978-1-4842-0070-4. This is yet another reminder that the march of technology takes a long time.