jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SMPC WIP

Browse source
This commit is contained in:
jaseg 2025-07-28 18:23:35 +02:00
parent 5c0d078824
commit c349ad1ca8
1 changed files with 122 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

174
chapter-smpc/chapter.tex
View file

@ -56,6 +56,13 @@ same time, the mesh cannot be thinned either because thinning it would enable mi
these constraints is a high thermal resistance between the HSM's processor and an external heat sink, which limits
maximum power dissipation to a fraction of what is achieved in modern CPUs or even GPUs.
A secondary limitation of conventional HSMs is that the highly specialized tamper sensing foils used in their
construction often cannot be scaled to arbitray sizes without incurring unsustainable process yields due to the
multiplication of error rates with increasing area. As a result, even if the heat dissipation problem could be solved,
manufacturing the tamper sensing foil for a conventional HSM large enough to contain a more powerful CPU might not be
possible. The HSM's tamper-sensing envelope would have to protect not only the CPU itself, but also its supporting
components such as memory, power supplies and any internal heat spreading components.
Inertial HSMs solve this issue since they allow their payload to be air cooled without compromising security, and they
expand the feasible security boundary size from the several hundred milliliters offered by conventional HSMs to several
liters and more, enabling the integration of standard, off-the-shelf server components such as mainboards, CPUs, CPU
@ -87,20 +94,88 @@ of our design.
\subsection{Practical Deployments}
\subsection{MPC in HSMs}
\subsection{HSM Construction}
\subsection{Solutions}
\section{A High-Performance IHSM for MPC Applications}
\subsection{A Practical Performance Target}
\subsection{MPC in HSMs}
\subsection{Hardware Requirements}
Multiparty Computation is at the verge of being practical in some applications, but is still too computationally
expensive for others. While some attempts at GPU-accelerating MPC primitives exist, in practice it is commonly
implemented using CPU processing. From the performance numbers given above\todo{Give performance numbers above} we can
see that a single, modern server-class CPU is sufficient for an useful amount of computation in MPC.
A naive implementation might attempt to implement MPC using an HSM by simply offloading all cryptographic operations to
the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs.
Conventional HSMs commonly use smartphone-class SoCs, which lag behind server CPUs in processing speed by several orders
of magniude.
\todo{Cite some HSM/MPC papers here.}
In the near term, absent radical developments in either MPC theory or in the speed and power efficiency of processing
hardware, the only feasible solution for HSM-protected MPC at any practical scale is to find a way to protect an entire
server-class computer. As elaborated above, IHSMs are a natural fit for this requirement since they allow for large,
air-cooled payloads.
%\subsection{Hardware Requirements}
As a baseline performance target, we consider a commodity server mainboard in CEB or ATX form factor, populated with a
high-end server CPU and a large amount of RAM. As MPC systems do not usually require a great amount of storage, we can
largely ignore storage for our size and power calculations.\todo{Refer to performance numbers from research above here}
As a result, we end up with a total maximum power dissipation of approximately \todo{Calculate, make table} XXX as shown
in Table~\ref{tab_power_budget}. Dissipating this amount of power using air cooling is within the capabilities of
commodity server cooling components\todo{Refer to datasheets}.
\begin{table}
\centering
\begin{tabular}{r|l|r|r}
Count & Component & Maximum Power Dissipation Each & Total\\\hline
1 & CPU: & &\\
16 & DDR-4 Memory modules: & &\\
1 & Mainboard: & &\\
1 & Power Supply: & &\\
\end{tabular}
\caption{Power budget of a modern mid-range server. Power supply power dissipation calculated at target load.}
\label{tab_power_budget}
\end{table}
A common type of side-channel attack on cryptographic systems are power analysis attacks. In such attacks, the supply
current of the target processing system is measured at high speed while the target is performing cryptographic
computations. By aggregating the results of a large number of the resulting power traces, it is often possible to infer
the value of secret data such as cryptographic keys. To mitigate this type of attack, not only do we have to place the
CPU, mainboard, and memory inside of the HSM's tamper-sensing barrier, but also the power supply. A secondary benefit of
placing the power supply inside the tamper-sensing barrier is that it simplifies the power wiring between the outside of
the IHSM cage and the payload. Supplying the \qty{12}{\volt} power rails that commodity mainboard commonly use requires
tens of Ampere. To carrie such high current, the wiring has to be sized accordingly. In an IHSM, even thick wires can
easily be passed through the mesh cage, but such wiring requires a large opening at the shaft on one end of the cage,
which creates a literal security gap. Placing the power supply inside of the cage reduces the size of the wires needed
since the power supply steps down a lower current \qty{240}{\volt} input to the system's high-current \qty{12}{\volt}
rails. According to DIN VDE 0298-4\todo{Citation?}, a pair of \qty{1.5}{\milli\meter^2} conductors is sufficient for
more than \qty{3}{\kilo\watt} of load under worst-case conditions.
\subsection{Software Considerations}
While the hardware of a HSM-assisted MPC system is a straightforward application of IHSM technology to a server
platform, the software implementation poses some unique challenges. A core concern in an IHSM based on commodity
hardware running a commodity operating system is the concrete implementation of the IHSM's alarm reseponse. When the
IHSM detects tampering, it is crucial that all secrets in the payload have been made unusable before an attacker can
either extract them, or stop the system from making them unusable.
Making secret data unusable to an attacker can take one of two forms depending on the implementation. The
straightforward approach is to \emph{zeroize} the secret data, i.e.~to irreversibly overwrite it with zeros or any
other pattern. While zeroizing sounds obvious and easy to implement, it comes with several practical challenges:
\begin{enumerate}
\item Zeroization usually requires accessing each storage unit of data (i.e. a cache line, DRAM memory row, or FLASH
memory block) once. For large memories, especially for storage like FLASH SSDs, accessing every memory block takes a
large amount of time. If the attacker interrupts the erasing process e.g.~by physically destroying the CPU before it can
complete, they might be able to access unerased data.
\item In many memory technologies, data leaves ``residues'' in memory cells where it was stored, especially when it was
stored for a large amount of time. Particularly SRAM memory is susceptible to this effect.\todo{citation}
\end{enumerate}
% Mention ssds with self erase features
% mention ssd erase power consumption
\subsection{Fast Zeroization of Non-Customizable Memories}
\subsection{A Joint Cooling and IHSM Envelope Powertrain}
@ -214,7 +289,7 @@ Often, these rotating joint WPT systems use coaxial structures, but segmented ap
In lower-power applications, segmented approaches are more common. A key challenge in segmented approaches is the
reduction of secondary-side ripple induced when the segments' alignment changes throught one revolution~\cite{
zhangWirelessSensorPower2024,
}, which usually requires additional secondary-side circuitry. This paper introduces a planar coil topology for WPT
}, which usually requires additional secondary-side circuitry. In this work, we introduce a planar coil topology for WPT
through a rotating joint using a single planar PCB coil on both the transmitting and the receiving side that improves
rotation ripple at low turn counts.
@ -412,7 +487,7 @@ basket-woven coils, the mandrel can be pulled out after the coil is finished. Li
structure can be made mechanically stable with some lacquer, with the turns carrying the layers where they cross.
Both construction techniques apply similar principles to those leading to the improved high-frequency behavior of
twisted inductors that we describe in this paper.\footnote{Interestingly, the winding schemes of both honeycomb and
twisted inductors that we describe in this chapter.\footnote{Interestingly, the winding schemes of both honeycomb and
basket-woven coils are also governed by the same coprimality condition between the number of turns and the number of
inversions within each turn that we describe for our twisted inductors below, although we could not find an example in
historic literature where this condition was explicitly stated~\cite{eppenAnforderungenEinzelteileRundfunkempfanger1927,
@ -501,8 +576,9 @@ naturally connect in series, with the resulting spirals on the top and bottom la
conventional two-layer inductor, and with $k=2$ inversions, creating two interleaved spirals on both the top and the
bottom layer of the PCB. Figure\ \ref{fig_nk_complex_illust} shows additional layout examples for other values of $n$
and $k$. For $k=\frac{1}{2}$, we get a standard single-layer planar spiral inductor for any turn count $n$, and for
$k=1$ we get a standard two-layer planar spiral inductor for any turn count $n$. In this paper, we will call all layouts
with $k\ge 2$ \emph{Twisted Inductors}. The coordinate description of Equation\ \ref{eqn_twolayer_spiral} thus becomes:
$k=1$ we get a standard two-layer planar spiral inductor for any turn count $n$. In this chapter, we will call all
layouts with $k\ge 2$ \emph{Twisted Inductors}. The coordinate description of Equation\ \ref{eqn_twolayer_spiral} thus
becomes:
\begin{align}
\varphi &= 2\pi n t\\\nonumber
@ -626,9 +702,9 @@ case.
\subsubsection{CAD Integration}
To allow for easy design with twisted inductors and to speed up the laboratory prototyping we performed for this paper,
we created a tool that generates arbitrary twisted inductor layouts, and that is able to output these layouts as PCB
footprint files for the open source KiCad EDA CAD tool~\cite{KiCadEDA}. We integrated the ESR and inductance
To allow for easy design with twisted inductors and to speed up the laboratory prototyping we performed for this
chapter, we created a tool that generates arbitrary twisted inductor layouts, and that is able to output these layouts
as PCB footprint files for the open source KiCad EDA CAD tool~\cite{KiCadEDA}. We integrated the ESR and inductance
approximations as derived above with our tool, so that it provides immediate design feedback when generating inductors.
In order to minimize ESR and maximize PCB area utilization, we made the tool automatically calculate the largest
possible trace width when given a minimum clearance specification.
@ -639,9 +715,6 @@ section below, our tool contains functionality to map gerbonara's geometry repre
gmsh~\cite{geuzaineGmsh3DFinite2009}, the FEM mesher that we chose to interface with Elmer
FEM~\cite{ruokolainenElmerCSCElmerfemElmer2023}.
Our inductor design tool is available in this paper's supplementary material as well as at the git repository linked at
the end of this paper.
\subsection{FEM Simulation}
To validate our analytical approximations, we performed a series of FEM simulations in Elmer FEM. For a number of
@ -697,7 +770,7 @@ approximately a factor of two. Going from a simple single-layer spiral inductor
($k=1$), we observe that the resulting inductance decreases by up to \qty{15}{\percent}. We suspect that the main factor
leading to this decrease is radial magnetic flux leakage through the PCB material between the inductor's layers.
Comparing simple two-layer inductors with $k=1$ to the twisted inductors with larger $k$ values that we propose in this
paper, we observe almost identical performance for $k>1$ with decreases of less than \qty{0.5}{\percent} going from
chapter, we observe almost identical performance for $k>1$ with decreases of less than \qty{0.5}{\percent} going from
$k=1$ to $k=3$ irrespective of turn count. From these measurements we can conclude that the flux linkage of twisted
inductors almost perfectly matches that of simple two-layer inductors.
@ -861,7 +934,7 @@ angles to one another.
\begin{figure}
\begin{center}
\includegraphics[width=.85\textwidth]{test_schematic.pdf}
\includegraphics[width=.65\textwidth]{test_schematic.pdf}
\end{center}
\caption{The test schematic used in all measurements. For direct coupling factor measurements, the load resistor was
disconnected. We measure voltage at the output of the function generator to account for drop in its internal output
@ -876,7 +949,7 @@ using Keysight 34465A multimeters in AC Root Mean Square (RMS) mode.
\begin{figure}
\begin{center}
\includegraphics[width=0.3\textwidth]{symmetry_3turn_n_twist.pdf}
\includegraphics[width=0.8\textwidth]{symmetry_3turn_n_twist.pdf}
\end{center}
\caption{RMS output voltage of the test circuit from Figure\ \ref{fig_test_schematic} for three pairs of matching
inductors with one inductor rotating w.r.t.\ the other. The inductors have $n=3$ turns each and $k=\frac{1}{2}$,
@ -911,7 +984,7 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
\begin{figure}
\begin{center}
\includegraphics[width=.85\textwidth]{k_ripple_plot.pdf}
\includegraphics[width=.65\textwidth]{k_ripple_plot.pdf}
\end{center}
\caption{RMS Voltage ripple in a model rotating WPT setup with $R_L=\qty{10}{\ohm}$ as a percentage of total RMS
output voltage, plotted against inductor inversion count $k$. Measurements were taken with a number of different
@ -939,24 +1012,40 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
\begin{figure}
\begin{center}
\includegraphics[width=.75\textwidth]{rms_ripple_double_rotation_n3_r4.pdf}
\includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n3_r4.pdf}
\end{center}
\caption{RMS ripple magnitude as a percentage of mean RMS output voltage, plotted against the rotation of each of
the two inductors. The two coils were kept at a constant \qty{4}{\milli\meter} radial offset, and the output coil
was loaded with a \qty{10}{\ohm} load. All RMS ripple plots in this paper share the same color scale to allow for
was loaded with a \qty{10}{\ohm} load. All RMS ripple plots in this chapter share the same color scale to allow for
visual comparison. This figure shows four variants of 3-turn coils, plots for $n=5$ can be found in Figure\
\ref{fig_rms_ripple_n5} and plots for $n=\{10,25\}$ in Figures \ref{fig_rms_ripple_n10} and \ref{fig_rms_ripple_n25}
in the Appendix.}
\ref{fig_rms_ripple_n5} and plots for $n=\{10,25\}$ in Figures \ref{fig_rms_ripple_n10} and
\ref{fig_rms_ripple_n25}.}
\label{fig_rms_ripple_n3}
\end{figure}
%\begin{figure}
% \begin{center}
% \includegraphics[width=.75\figurescale]{rms_ripple_double_rotation_n5_r4.pdf}
% \end{center}
% \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 5-turn coils.}
% \label{fig_rms_ripple_n5}
%\end{figure}
\begin{figure}
\begin{center}
\includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n10_r4.pdf}
\end{center}
\caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 10-turn coils.}
\label{fig_rms_ripple_n10}
\end{figure}
\begin{figure}
\begin{center}
\includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n25_r4.pdf}
\end{center}
\caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 25-turn coils.}
\label{fig_rms_ripple_n25}
\end{figure}
\begin{figure}
\begin{center}
\includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n5_r4.pdf}
\end{center}
\caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 5-turn coils.}
\label{fig_rms_ripple_n5}
\end{figure}
\subsection{Future Work}
@ -975,7 +1064,7 @@ resistances, and skin effect will affect both to a differring extent.
\subsection{Conclusion}
In this paper, we introduced a novel layout approach for planar, multi-layer inductors. Our \emph{twisted} inductors
In this chapter, we introduced a novel layout approach for planar, multi-layer inductors. Our \emph{twisted} inductors
generalize several types of conventional planar inductors including conventional single- or two-layer planar spiral
inductors as well as planar toroidal inductors. For inversion count parameter $k\ge 2$, twisted inductors produce
magnetic field distributions that have better rotational symmetry along the inductor's main axis compared to either
@ -988,12 +1077,9 @@ increased inductance compared to conventional two-layer planar spiral inductors.
We base our evaluation on laboratory measurements on a set of 39 sample inductors in total, including an automated,
four-dimensional mapping of the coupling between a pair of identical inductors. We provide both an analytical
description of twisted inductor construction as well as a set of Open-Source tools for their design, available at the
link at the end of this paper.
description of twisted inductor construction as well as a set of Open-Source tools for their design.
%\section{Supplemental plots}
%\begin{figure}
% \begin{center}
% \includegraphics[width=\figurescale]{symmetry_10turn_n_twist.pdf}
@ -1003,22 +1089,6 @@ link at the end of this paper.
% \label{fig_symmetry_10turn_n_twist}
%\end{figure}
%\begin{figure}
% \begin{center}
% \includegraphics[width=.75\figurescale]{rms_ripple_double_rotation_n10_r4.pdf}
% \end{center}
% \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 10-turn coils.}
% \label{fig_rms_ripple_n10}
%\end{figure}
%\begin{figure}
% \begin{center}
% \includegraphics[width=.75\figurescale]{rms_ripple_double_rotation_n25_r4.pdf}
% \end{center}
% \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 25-turn coils.}
% \label{fig_rms_ripple_n25}
%\end{figure}
% Thermite experiements and paper
\section{Outlook}