RS232 Crypto Dongle (idea for widely accessible crypto technology)

[Eric Hughes <hughes@soda.berkeley.edu>]

Phil K. writes:
>My thinking is to limit the external "dongle" to the one function that
>is truly sensitive and worthy of special protection: RSA secret key
>operations.

Phil's comment are right on.  There is a need for you secret keys
to be easily and physically relocatable.

Re: key compromise
>I see this as THE major obstacle to our goal of routinely
>encrypting all communications, sensitive or otherwise, as a way of
>"desensitizing" the world to the use of cryptography.

It is my own opinion that there will be a market for personal
protection devices only when data is worth money.  Data will be worth
money when some data _is_ money.

>only one primary function -- the execution of an RSA secret key
>operation. [...]
>it might have a "zeroize" function to destroy it.

I refer to this as WEEM: Write, Erase, Encrypt Memory

>Everything else (data compression and armoring, public key operations,
>symmetric cryptography, etc) can and should go in the PC where cycles
>and memory space are much more plentiful.

Depending on the silicon size and production volume, you could
probably use this device for all modular exponentiation operations.
Or a cheap version could use a DSP module from a cell library and do
all the arithmetic more slowly.

>If the dongle has a built-in keypad, then it could store your RSA
>secret key encrypted with a PIN that you'd have to enter to enable the
>device. 

Not only a keypad, but a full 4-function calculator with an LCD
display as well! :-)

>I believe that "smart cards" are already available on the market that
>do these or similar functions, although they are much more widespread
>in Europe than in the US.

Smart cards have the disadvantage that their die size is pretty
severely limited.  They have to fit within the thickness of a credit
card and withstand repeated flexure.

Much better for this application is the PCMCIA standard, which has
plenty of room for circuitry.

Eric