First draft of slides finished

This is a TUDa specific requirement for submission. It should not be
included in published versions.

Makefile

@@ -14,21 +14,34 @@ all: thesis.pdf
 
 # We need three runs for biblatex's defernumbers
 %.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
-	pdflatex -shell-escape $<
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
 	biber $*
-	pdflatex -shell-escape $<
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
-	pdflatex -shell-escape $<
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
 	echo
 	echo "Undefined biblatex references:"
 	grep -A2 'Package biblatex Warning: The following entry could not be found' thesis.log | sed -n '3~4{s/(biblatex) *//;p}' || echo "<None>"
 
-#.PHONY: preview
+%-oneside.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
-#preview:
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-#	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{thesis.tex}'
+	biber $*-oneside
-#	biber thesis
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-#	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{thesis.tex}'
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-#	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{thesis.tex}'
+	echo
-#	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{thesis.tex}'
+	echo "Undefined biblatex references:"
+	grep -A2 'Package biblatex Warning: The following entry could not be found' thesis.log | sed -n '3~4{s/(biblatex) *//;p}' || echo "<None>"
+
+%-final.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex abstract.tex abstract-de.tex
+	pdflatex -jobname $*-final -shell-escape $<
+	biber $*-final
+	pdflatex -jobname $*-final -shell-escape $<
+	pdflatex -jobname $*-final -shell-escape $<
+
+%-final-oneside.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
+	biber $*-final-oneside
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
 
 version.tex: thesis.tex $(addsuffix /chapter.tex,${CHAPTERS})
 	echo "${VERSION_STRING}" > $@

abstract-de.tex

@@ -0,0 +1,59 @@
+
+\begin{otherlanguage}{ngerman}
+\chapter*{Kurzzusammenfassung}
+\adjustmtc
+\addcontentsline{toc}{chapter}{Kurzzusammenfassung}
+
+    \marginpar{This section is a translated copy of the English abstract below.}  
+    Im Laufe der letzten Jahrzehnte habe Fortschritte in der Kryptographie sowie Techniken wie formale Verifikation den
+    Stand der Softwaresicherheit stetig verbessert. Gleichzeitig hat das Gebiet der Hardwaresicherheit mit diesen
+    Entwicklungen nicht Schritt halten können. Trotz Fortschritten in Teilgebieten wie der Resilienz gegenüber
+    Seitenkanalangriffen und Physical Unclonable Functions (PUFs) ist der Stand der Technik in der Hardwaresicherheit
+    nach wie vor auf die Verwendung mikroelektronischer Strukturen fokussiert. Solche erreichen einen Grad der Security
+    by Obscurity, liefern jedoch keine fundierteren Sicherheitsgarantien. Systemweite Manipulationsschutzmaßnahmen
+    werden nur vereinzelt in Geräten wie z.B.\ Hardware-Sicherheitsmodulen (HSMs) und Kartenzahlungsterminals
+    eingesetzt. Insbesondere HSMs werden aufgrund ihrer hohen Kosten und geringen Rechenleistung nur in
+    Nischenanwendungen wie z.B.\ der Zertifikatsausstellung im Transport Layer Security (TLS)-System sowie der
+    Zahlungsdatenverarbeitung eingesetzt.
+
+    In dieser Dissertation wird das Inertiale Hardware-Sicherheitsmodul (IHSM) vorgestellt, eine neue Architektur für
+    Hardware-Sicherheitsmodule. IHSMs stellen einen hoch sicheren, aktiven Manipulationsschutz bereit.
+    Gleichzeitig können mithilfe der IHSM-Technologie kryptographische Rechnersysteme von wesentlich größeren
+    Abmessungen, Gewicht und elektrischer Leistungsaufnahme geschützt werden, als es in konventionellen HSMs möglich
+    ist. IHSMs ersetzen die kostenintensiven und in der Herstellung aufwendigen Meshes
+    (Manipulationserkennungsmembranen) konventioneller HSMs durch eine Konstruktion, in der Meshes aus einfachen
+    Platinen aufgebaut werden. Diese Meshes rotieren schnell um das geschützte Rechnersystem, was eine unerkannte
+    Manipulation verhindert. IHSMs erreichen so mithilfe wensentlich einfacherer und kostengünstiger
+    Konstruktionstechniken ein Sicherheitsniveau, das dem konventioneller Manipulationsschutzmembranen gleicht, die in
+    spezialisierten Herstellungsprozessen gefertigt werden. In der Dissertation werden die Ergebnisse einer
+    Übersichtsstudie vorgestellt, die etwa 30 echte Implementierungen socher Meshes untersucht. In der Studie werden
+    Kriterien für die Entwicklung sicherer Meshes abgeleitet, anhand derer das IHSM-Konzept kontextualisiert wird. Um
+    die Notwendigkeit sicherer Hardware zu erörtern, wird in dieser Dissertation darüber hinaus eine Analyse einiger
+    problematischer Aspekte des Hardwaresicherheitskonzeptes der Deutschen elektronischen Patientenakte vorgestellt.
+
+    Um den Weg für zukünftige, praktische Implementierungen der IHSM-Technologie zu bereiten, werden weiterhin Lösungen
+    für wichtige Schlüsselprobleme der Konstruktion von IHSMs vorgestellt. Diese Lösungen umfassen ein neues Konzept für
+    rotationssymmetrische Planarspulen für die drahtlose Energieübertragung an rotierende Empfänger, sowie ein
+    hochpräzises und dennoch kostengünstiges Überwachungssystem für Meshes. Dieses Überwachungssystem beruht auf dem
+    Prinzip der Zeitbereichsreflektometrie und erkennt selbst fortgeschrittene Angriffstechniken zuverlässig. In
+    praktischen Versuchen zeigte sich, dass das System ausreichend empfindlich ist, um mehrere identische Kopien
+    desselben Meshes voneinander zu unterscheiden, was auf PUF-ähnliche Eigenschaften hindeutet.
+
+    In der Dissertation werden zwei konkrete Anwendungsszenarien erläutert, die erst durch das größere Volumen und die
+    höhere Leistungsaufnahme möglich werden, die die IHSM-Technologie ermöglicht. Im ersten Anwendungsszenario wird eine
+    IHSM-geschützte Zwischenstation vorgeschlagen, um die durch physikalische Grundgesetze sonst stark eingeschränkte
+    erreichbare Entfernung eines Quantenschlüsselaustausch (QKD)-Systems zu vergrößern. Im Rahmen dieses
+    Anwendungsszenarios wird ein sekundäres Mesh vorgestellt, dass die Achsdurchführung des primären IHSM-Meshes
+    zusätzlich schützt. Weiterhin wird in der Fallstudie der Entwurf eines mechanischen Trägers für diese zusätzlich
+    geschützte Achsdurchführung vorgestellt, der das QKD-System im inneren des IHSM mit der Außenwelt über
+    verlustarme Glasfaserleitungen verbindet.
+
+    In der zweiten Fallstudie wird ein Konzept vorgestellt, das mithilfe IHSM-geschützter, leistungsstarker
+    Serverhardware kolokierte Secure Multiparty Computation (MPC)-Berechnungen ermöglicht. Hierzu wird IHSM-Technologie
+    an die Anforderungen leistungsstaker Serverhardware in Größe, Leistungsaufnahme, und ableitbarer Verlustleistung
+    angepasst. Wird MPC praktisch eingesetzt, werden Knoten über mehrere Rechenzentren verteilt um einen Single Point of
+    Failure zu vermeiden. Diese Verteilung führt jedoch zu geringer Netzwerkbandbreite und hohen Latenzen zwischen den
+    MPC-Knoten, was die erreichbare MPC-Rechenleistung stark einschränkt. Durch den Einsatz von IHSMs können physisch
+    gesicherte MPC-Knoten innerhalb desselben Rechenzentrums betrieben werden, was durch die damit erreichbare höheren
+    Bandbreiten und geringeren Latenzen einen Leistungsbereich der MPC-Berechnungen erschließt.
+\end{otherlanguage}

abstract-template.tex

@@ -0,0 +1,39 @@
+\documentclass[11pt,a4paper,notitlepage,twoside]{report}
+\usepackage[a4paper, top=3cm, bottom=3.5cm, inner=3.5cm, outer=5cm, marginpar=3.8cm]{geometry}
+
+\input{common-packages}
+\input{common-defs}
+\newcommand{\figurepath}{figures}
+\graphicspath{{\figurepath}}
+
+\newcommand{\chaptertitle}[1]{
+    \chapter{#1}
+    \ifdefined\thesispreviewmode
+        \vspace*{-1cm}
+        {\Large \textbf{Draft build}, git revision \texttt{\input{version}}}
+        \vspace*{1cm}
+    \fi
+    \printchapterquote
+    \setstretch{1}
+    \minitoc
+    \newpage
+    \setstretch{1.3}
+}
+
+\title{Bootstrapping Physical Security with Inertial Hardware Security Modules}
+\author{Jan Sebastian Götte}
+
+\begin{document}
+\maketitle
+
+\setlength{\headheight}{13.6pt}
+
+\faketableofcontents
+
+\input{abstract}
+
+\chapterbibliography
+
+\appendix
+
+\end{document}

abstract.tex

@@ -0,0 +1,46 @@
+
+\chapter*{Abstract}
+\adjustmtc
+\addcontentsline{toc}{chapter}{Abstract}
+
+In the past decades, cryptographic advancements and techniques like formal verification have steadily improved software
+security. Meanwhile, the field of hardware security has not kept pace. Research has made progress in subfields such as
+resilience to Side-Channel Attacks (SCA) and Physical Unclonable Functions (PUFs). However, the state of the art still
+often relies on microelectronic integration to achieve security by obscurity insted of more fundamental security
+guarantees. While effective, system-level tamper protection is only used in few devices such as Hardware Security
+Modules (HSMs) and card payment terminals. Due to the high cost and low performance of HSMs in particular, they remain
+relegated to niche applications such as Transport Layer Security (TLS) certificate issuance and payment data processing.
+
+In this thesis, we introduce the Inertial Hardware Security Module (IHSM), a new architecture for low-cost hardware
+security modules that provide high-level active tamper protection, while supporting computing payloads of much larger
+size, weight and power dissipation compared to conventional HSMs. In an IHSM, the costly and difficult to source
+tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high speed
+around the payload. Since the mesh is rotating at high speed, it cannot be manipulated, and the security of conventional
+meshes created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
+techniques. We present the results of a survey of approximately 30 real world tamper sensing mesh implementations. Based
+on our findings, we deduce design criteria for secure meshes and contextualize our design. We further motivate the
+necessity of secure hardware by presenting an analysis of problematic aspects in the hardware security design of
+Germany's new national electronic health record system.
+
+To pave the way for practical implementations of IHSM technology, we present solutions to key engineering challenges in
+IHSM construction. We present a design and analysis of highly symmetric planar inductors for rotating wireless power
+transfer that improves self-resonant frequency by up to \qty{58}{\percent} and inductance by up to \qty{6.5}{\percent}
+in our tests. Complementing this research, we present a high-fidelity, low-cost monitoring system for security meshes
+that is based on the principles of Time-Domain Reflectometry (TDR), reaching \qty{184}{\pico\second} time resolution. We
+validate our system and find that it is able to reliably detect several classes of advanced physical attacks. We find
+that our system is sensitive enough to detect differences between identical copies of the same mesh, suggesting PUF-like
+properties.
+
+Applying IHSM technology, we analyse two use cases that are unlocked by the increased size and power dissipation
+capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key Distribution (QKD) systems is
+proposed, enabling their practical implementation across arbitrary distances, which requires trusted relay stations due
+to fundamental physical limitations. In the study, IHSMs are adapted for such high-security QKD relays by securing the
+IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a bracket design is proposed that supports
+passing through optical fibers at low loss.
+
+The second proposed use case adapts an IHSM enclosure to the size, power and thermal dissipation requirements of a
+high-power server to support co-located secure Multiparty Computation (MPC) workloads. In practical MPC deployments,
+nodes are distributed across data centers to avoid a single point of failure for physical attacks. As a result,
+practical MPC deployments are limited by network bandwidth and latency constraints. Using IHSMs, physically secured MPC
+nodes can be deployed within the same data center, increasing bandwidth, reducing latency and unlocking a new
+performance spectrum.

ai-llm-use-disclosure.tex

@@ -1,29 +1,31 @@
 
 \chapter*{Use of Artificial Intelligence in This Thesis}
+\adjustmtc
 \addcontentsline{toc}{chapter}{Use of Artificial Intelligence in This Thesis}
 
 This thesis has been written during the years of 2020 - 2025. In this time, Artificial Intelligence (AI) technology
 including Large Language Models (LLMs) has entered widespread adoption. I have used such LLM systems in the preparation
 of this thesis. At the time this thesis was written, LLMs were a powerful and useful technology, but often produced
-wrong output. Thus, I used the following list of observations to guide my LLM use during the writing of this thesis.
+wrong output. Thus I used the following list of observations to guide my LLM use during the writing of this thesis.
 
 \begin{enumerate}
     \item Passing text through an LLM is an imprecise operation. Especially when large amounts of text are passed
-        through an LLM, despite clear instructions such as ``only fix spelling errors'', the LLM output might deviate
+        through an LLM, despite clear instructions such as ``only fix spelling errors,'' the LLM output might deviate
         from the source text. Therefore, the document text should never be passed through the LLM, and the LLM should be
         prompted to point out problems, or to produce a list of suggestions for improvements instead.
-    \item LLMs are really bad at summarizing text that contains novel concepts. LLM summaries of text often converge to
+    \item Contemporary LLMs are bad at summarizing text that contains novel concepts. LLM summaries of text often
-        a re-stating of the general consensus on the text's main topic. Where the source text deviates from conventionla
+        converge to a re-stating of the general consensus on the text's main topic. Where the source text deviates from
-        wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions. Additionally, LLMs are
+        conventional wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions.
-        bad at capturing the point of a text. Unless extreme care is taken when prompting, it is easy to lead an LLM to
+        Additionally, LLMs are bad at capturing the point of a text. Unless extreme care is taken when prompting, it is
-        produce an inaccurate summary of a text that agrees with the prompt, but misses the gist of the text. Therefore,
+        easy to lead an LLM to produce an inaccurate summary of a text that agrees with the prompt, but misses the gist
-        extreme caution should be applied when using an LLM for summarization, and LLM output should be checked
+        of the text. Therefore, extreme caution should be applied when using an LLM for summarization, and LLM output
-        diligently in such instances.
+        should be checked diligently in such instances.
-    \item LLMs are bad at generating text from scratch. Especially on topics of academic interest that are novel and
+    \item Contemporary LLMs are bad at generating text from scratch. Especially on topics of academic interest that are
-        that do not have well-known answers that can be found in the training corpus for these models, in general they
+        novel and that do not have well-known answers that can be found in the training corpus for these models, in
-        will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel text.
+        general they will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel
-    \item LLMs are really bad at giving references. Prompts that ask for academic references on a topic are likely to
+        text.
-        produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
+    \item Contemporary LLMs are bad at giving references. Prompts that ask for academic references on a topic are likely
+        to produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
         usually occur on the first page of a web search on the topic, or are frequently cited in literature on the
         topic. Thus, LLMs should never be directly queried for references. When researching a new concept, a better use
         of an LLM is the generation of query strings for search engines like Google Scholar.
@@ -56,4 +58,7 @@ documentation of AI-generated materials dated September 22, 2025\cite{Recommenda
 where I used an LLM to edit parts of the text of this thesis as described above have not been explicitly labelled in the
 text. The LLM in this use assumes a similar role a human editor might assume reviewing the text.
 
+Besides the use of LLMs as described above, a specialized machine translation tool was used to create the German
+translation of the abstract at the beginning of this thesis. This use is marked explicitly.
+
 \chapterbibliography

chapter-conclusion/chapter.tex

@@ -1,22 +1,34 @@
-\chaptertitle{Conclusion}
+\chapterquote{Phillip Rogaway~\cite{rogawayMoralCharacterCryptographic2015}}{
+    Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently
+    political tool, and it confers on the field an intrinsically moral dimension.}
+\chapter{Conclusion}
 
-In this thesis, we proposed Inertial Hardware Security Modules (IHSMs), a completely new approach to physical security
+In this thesis, we provided an examination of the field of Hardware Security Modules both from an academic perspective
-that combines conventional tamper-sensing meshes with physical movement to bootstrap a highly secure system from
+and with regards to their practical implementation. We answered our first research question introduced in
-low-security, off-the-shelf parts. To motivate our research, we showed on the German national digital health record
+Chapter~\ref{chapter-intro} on the current state of the art in Chapters~\ref{chapter-epa} and \ref{chapter-survey},
-system how hardware security is hard to achieve in practice. Besides some minor cryptographic oddities, our analysis
+providing a comprehensive view of practical implementations. Chapter~\ref{chapter-epa} motivates our research using the
-revealed at least one essential specification mistake that negates the hardware security of the system by unnecessarily
+German national digital health record system as an example that demonstrates the difficulties in achieving practical
-introducing a poorly protected HSM. In the following chapters, we first introduced IHSM technology, then provided deep
+hardware security. Besides some minor cryptographic oddities, our analysis reveals at least one essential specification
-analyses of two of its engineering challenges, mesh monitoring and power transfer. We propose a low-cost TDR-based mesh
+mistake that negates the hardware security of the system by unnecessarily introducing a poorly protected HSM. In
-monitoring system that exceeds the capabilities of all previous systems from academic or from patent literature by
+Chapter~\ref{chapter-survey}, we answer our second research question in a detailed survey of a wide range of devices
-monitoring large meshes while simultaneously providing detailed results. Our TDR-based mesh monitoring system is of
+that utilize tamper-sensing meshes, distilling a set of criteria for the design of secure tamper-sensing meshes. In
-independent interest, since it can also be integrated into traditional HSM designs. Besides improved mesh monitoring, we
+Chapter~\ref{chapter-ihsm}, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security
-also proposed a new, generalized design for high-frequency PCB inductors with low parasitic capacitance. Our design
+that combines conventional tamper-sensing meshes with physical movement. IHSMs enable bootstrapping a highly secure
-provides better bandwidth and lower parasitic capacitance compared to the state of the art without increasing
+system from low-security, off-the-shelf parts, thereby solving our third research question on achieving physical
-implementation cost. We concluded our thesis with two chapters elaborating on two new use cases that are made possible
+security without bespoke components. We support the construction of concretely secure IHSMs by providing deep analyses
-by IHSM technology due to its ability to protect large payloads that have high power consumption.
+of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our fourth research
+question on mesh monitoring fidelity, we propose a low-cost TDR-based mesh monitoring system that exceeds the
+capabilities of previous systems from academic or from patent literature. Our system is capable of monitoring large
+meshes while simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest,
+since it can also be integrated into traditional HSM designs. Solving our fifth research question on ripple reduction
+for rotating Wireless Power Transfer for IHSMs, we propose a new, generalized design for high-frequency PCB inductors
+with low parasitic capacitance. Beyond our IHSM application, our design provides better bandwidth and lower parasitic
+capacitance compared to the state of the art without increasing implementation cost. We conclude this thesis with two
+chapters elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large
+payloads that have high power consumption. Together, these results answer our sixth and final research question.
 
-We believe that with the research presented in this thesis, we substantially advanced the physical security field. In
+The research presented in this thesis is aimed at advancing both academic research and applied engineering in hardware
-particular, we belive that by publishing our research including its artifacts under open-source licenses, we provide the
+security. We believe that by publishing our research including its artifacts under open source licenses, we provide the
 basis for future research in tamper-sensing technology, a field that remains under-served in today's academic landscape.
 
 Recent history has shown that state-level adversaries are a mounting threat to civil rights organizations, human rights
@@ -25,3 +37,36 @@ rights, today human rights are under attack both from within and from the outsid
 Publishing IHSM technology as open source, we hope to provide one building block for new computing systems accessible to
 all that are resilient and secure in the face of growing adversity.
 
+\section*{Outlook}
+
+With the research contributions we presented in this thesis, we open up a new field of hardware security research
+centered on Inertial HSMs and improvements to conventional tamper sensing meshes. Below, we will list some research
+directions that we consider worthwhile for future investigation.
+
+\begin{itemize}
+\item Improving the resolution of the sampling mesh monitoring approach we presented in
+    Chapter~\ref{chapter_sampling_mesh_mon}. Possible improvements include increasing pulse risetime through a discrete
+    transistor amplifier circuit, as well as evaluating an FPGA as a replacement for the microcontroller to take
+    advantage of the improved delay primitives offered by many FPGA families.
+\item Characterizing the PUF-like effects we observed in Chapter~\ref{chapter_sampling_mesh_mon} in mesh coupons using
+    our sampling mesh monitoring approach.
+\item Integrating IHSM technology with a HSM firmware implementation into a small form factor to create a portable IHSM.
+    A small form factor introduces new challenges besides the mere integration of the necessary circuitry and placement
+    of the mesh. For instance, wireless power and data transfer would need to be integrated with the device without
+    disrupting mesh monitoring. An on-axis solution would likely require magnetic shielding materials and possible
+    non-magnetic ceramic bearings. Furthermore, integrating a sufficiently small motor and optimizing the design for
+    long bearing life is challenging at the high rotation speed necessary at a small overall diameter. Finally, at high
+    speeds, precisely balancing the whole assembly to avoid vibrations that could lead to early mechanical failure is
+    difficult.
+\item Tackling motor control algorithms for IHSMs and developing tamper sensors based on counter-electromotive force as
+    a defense-in-depth measure.
+\item Integrating the IHSM hardware concept with software research on secure enclave and cryptographic coprocessors.
+\item Exploring IHSM applications beyond what we outlined in this thesis. For instance, one application of recent
+    interests would be physically securing GPUs used for AI training. The background for such work could be either
+    export control motivations, or a concern for security and privacy of user input, training data, or even trained
+    weights.
+\end{itemize}
+
+We will proceed with future research into IHSM applications. We have published our results up to this point as open
+source hardware and software, and we intend to build on these publications.
+

chapter-epa/chapter.tex

@@ -7,31 +7,42 @@
 }
 
 \chaptertitle{The German ePA: A Motivating Counter-Example}
+\label{chapter-epa}
 
 \todo{FIXME: Proper citation here}
-\sourceattrib{This part is based on a short paper presented at the HS3 workshop at ESORICS 2025.}
+\sourceattrib{This part is based on a short paper written by Jan Sebastian Götte and presented by Jan Sebastian Götte at
+the HS3 workshop at ESORICS 2025~\cite{gotteGermanyRollingOut2026}.}
 Looking at the landscape of computer security solutions, we are presented with a wide variety of vendors and products
 that may give the impression that hardware security is a solved problem. Vendors sell various claims rangning from
-\emph{You don't need hardware security, just do it in the cloud!} to \emph{Buy our HSM and you will be secure!}. In
+\emph{``You don't need hardware security, just do it in the cloud!''}~\cite{
+    utimacoWhatCloudHSM2025,
+    microsoftOverviewAzureCloud,
+    ibmCloudHSM2016,
+    amazonAWSCloudHSM,
+    googleCloudHSMCloud2025,
+    WhatCloudHSM}
+to \emph{``Buy our HSM and you will be secure!''}~\cite{utimacoUseCases,thalesLunaNetworkHardware}. In
 practice, things are not as easy and even well-intentioned projects still often go awry on the hardware security
-dimension. Concluding this chapter, we will now have a look at one such project that was done by capable people with the
+dimension. To motivate our research into physical security in this thesis, in this chapter we will have a look at one
-best intentions, yet it resulted in a hardware security design that is dangerously inadequate for the purpose.
+such project that was done by capable people with the best intentions, yet it resulted in a hardware security design
+that is dangerously inadequate for the purpose.
 
 Beginning May 2025, after several delays, Germany has started the nation-scale rollout of its new electronic medical
-record system. The system aims to create a national database accessible to all healthcare providers that holds the
+record system, named ePA (short for \emph{elektronische Patientenakte}, ``electronic patient
-complete electronic medical records of all publically insured people living in Germany. The system aims to replace
+record'')~\cite{kochNochVieleUnklarheiten2025}. The system aims to create a national database accessible to all
-paper-based workflows that are error-prone and lead to healthcare providers often only having access to a subset of
+healthcare providers that holds the complete electronic medical records of all publically insured people living in
-patient's medical records. Data in scope for the system includes medical letters, laboratory results, and medical
+Germany. The system aims to replace paper-based workflows that are error-prone and lead to healthcare providers often
-imaging files.
+only having access to a subset of patient's medical records. Data in scope for the system includes medical letters,
+laboratory results, and medical imaging files.
 
 Due to Germany's mandatory health insurance laws, the system's user base encompasses the majority of all German
-residents. People who have replaced their public health insurance with private insurance as of now are not subject to
+residents, approximately 90\%. People who have replaced their public health insurance with private insurance as of now
-the system. In Germany, by law private health insurance is only available to people from the top 10th percentile of
+are not subject to the system. In Germany, by law private health insurance is only available to people from the top 10th
-household income. This means that the system disproportionally affects people who have low income, creating an equity
+percentile of household income. This means that the system disproportionally affects people who have low income,
-issue. While it is possible to opt out from the use of the system, the process of opting out is difficult. Additionally,
+creating an equity issue. While it is possible to opt out from the use of the new digital record, the process of opting
-the government and health insurance providers have publically depicted the system in a one-sidedly positive way, meaning
+out is difficult. Additionally, the government and health insurance providers have publically depicted the system in a
-that it is unlikely the majority of people subject to the system have a comprehensive understanding of the system's
+one-sidedly positive way, meaning that it is unlikely the majority of people subject to the system have a comprehensive
-benefits and risks that would be necessary for an informed decision.
+understanding of the system's benefits and risks that would be necessary for an informed decision.
 
 While there has been loud criticism of the system's security from civil society organizations such as digital rights
 nonprofit organization Chaos Computer Club (CCC) \cite{kochMoreMoreExperts2025} and several severe security flaws have
@@ -39,11 +50,11 @@ been demonstrated practically, this criticism has largely been ignored by the po
 that despite this civil society outrage and the system's large scale, it has received little attention from the academic
 cryptography and information security community.
 
-In this chapter, we aim to point out some perplexing cryptographic engineering decisions in the system. In particular,
+In this chapter, we aim to highlight some unconventional cryptographic engineering decisions in the system. In
-we point out that the system's core per-user secrets are kept in a rudimentary key escrow system whose security is based
+particular, we point out that the system's core per-user secrets are kept in a rudimentary key escrow system whose
-on engineering assumptions, not on cryptographic principles. Furthermore, we observe that by specification, the
+security is based on engineering assumptions, not on cryptographic principles. Furthermore, we observe that by
-individual user keys of the system are derived from a per-user cleartext salt based on a system-wide long-term secret
+specification, the individual user keys of the system are derived from a per-user cleartext salt based on a system-wide
-with only 256 bits of entropy\footnote{
+long-term secret with only 256 bits of entropy\footnote{
     In previous versions of the standard \cite{
         gematikSpezifikationSchluesselgenerierungsdienstEPA2023,
         gematikUebergreifendeSpezifikationVerwendung2025,
@@ -51,29 +62,24 @@ with only 256 bits of entropy\footnote{
     The current standard only requires one escrow service, and drops the entropy requirement of the root keys from 512
     bits to 256 bits. The apparent reason for the long-term nature of these keys is that they are updated manually.
 }. Finally, we note that according to specification, the only physical security requirement for the protection of this
-highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required. We
+highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required.
-belive that Inertial HSMs provide a path forward for systems like this, enabling physical security in applications that
-currently rely on insecure, legacy systems. Even if for regulatory reasons a poorly secured conventional HSM without
-active tamper sensing is chosen, it would be conceivable to construct an IHSM enclosure \emph{around} this conventional
-HSM, in effect retrofitting the missing active tamper-sensing envelope.
 
 We base our analysis of the ePA on the system's publicly available standards in their latest version as of the writing
 of the paper underlying this chapter in April 2025, describing version 3.0 of the healthcare record system \cite{
     gematikSpezifikationAktensystemEPA2025,
     gematikUbergreifendeSpezifikationVerwendung2024,
-}. We note that the implementation might well deviate from these standards and be more secure--however, with the
+}. We note that hypothetically, the implementation might deviate from these standards and be more secure. The reference
-system's history of flaws, we believe this is unlikely to be the case. The reference implementation provided by the
+implementation provided by the specification authority \cite{GithubRepositoryERPFD} follows the specified minimum
-specification authority \cite{GithubRepositoryERPFD} follows the specified minimum requirements closely. As of now,
+requirements closely. As of now, there is no meaningful way for either the public or for researchers such as us to
-there is no meaningful way for either the public or for researchers such as us to ascertain the concrete implementation
+ascertain the concrete implementation security of the system.
-security of the system.
 
 \section{The Design of ePA}
 
-ePA (short for \emph{elektronische Patientenakte}, ``electronic patient record''), is embedded into Germany's national
+ePA is embedded into Germany's national public healthcare backend system ``Telematikinfrastruktur'' (abbreviated TI;
-public healthcare backend system ``Telematikinfrastruktur'' (TI). TI is a highly complex system, and a detailed
+German for ``telematics infrastructure''). TI is a highly complex system, and a detailed description would exceed the
-description would exceed the limits of this analysis. Briefly put, TI consists of a shared DMZ that parties like
+limits of this analysis. Briefly put, TI consists of a shared demilitarized zone (DMZ) that parties like insurance
-insurance providers and healthcare providers connect to through a VPN. At the client location, usually an individual
+providers and healthcare providers connect to through a VPN. At the client location, usually an individual doctor's
-doctor's office or a hospital, this VPN connection is terminated by a specialized VPN appliance named ``Konnektor'' that
+office or a hospital, this VPN connection is terminated by a specialized VPN appliance named ``Konnektor'' that
 simultaneously acts as a trusted component inside the client network hosting some software for purposes such as
 authentication. The Konnektor contains several smart cards that store keys used for authentication. Konnektor devices
 are offered by several vendors and healthcare providers like doctor's offices are indivudally responsible for purchasing
@@ -82,49 +88,51 @@ and maintaining a Konnektor.
 % FIXME: Is there a threat/trust model of the system that you could summarise in a few sentences?
 
 Every person enrolled in the system as well as every healthcare professional providing services under it is issued an ID
-card that contains a smart card that contains keys used to authenticate towards the central infrastructure. The primary
+card that contains a smart card with keys to authenticate towards the central infrastructure. The primary use of these
-use of these smart cards up to now is that when someone visits a healthcare provider, they will insert their ID card
+smart cards previously was to automatically provide personal information such as name, birth date, address and insurance
-into a terminal so the healthcare provider can automatically fetch their personal information such as name, birth date,
+enrollment status when an enrolled person visits a healthcare provider.
-address and enrollment status from their insurance provider.
 
 ePA is implemented inside the TI system. Its centralized services are accessed by healthcare providers through the TI's
-VPN. Patient records are encrypted and decrypted inside TI's backend systems. Smart cards authenticate parties and
+VPN, and by patients through proxy servers connected to TI's VPN. Patient records are encrypted and decrypted inside
-hardware devices to each other. Each insurance provider picks one of several implementations of ePA's server-side
+TI's backend systems. Smart cards authenticate parties and hardware devices to each other. Each insurance provider picks
-infrastructure to run for its clients. Currently, there are two approved implementations of this server-side
+one of several implementations of ePA's server-side infrastructure to run for its clients. Currently, there are two
-infrastructure.
+approved implementations of this server-side infrastructure.
 
 With the current version of the specificatoin, the overall architecture of ePA heavily relies on Trusted Execution
 Environments (TEEs). Data processing on the server side is done in plaintext inside TEEs, with some cryptographic key
-management delegated to a Hardware Security Module. While attacks on the TEEs are considered in the system, the HSMs are
+management delegated to a Hardware Security Module (HSM). While attacks on the TEEs are considered in the system, the
-assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary
+HSMs are assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary
 motivation for plaintext processing seems to be to enable large-scale data analysis for research purposes without
-requiring consent or cooperation of the people whose records are being processed.
+requiring consent or cooperation of the people whose records are being
+processed~\cite{gematikWhitepaperDatenschutzUnd2025}.
 
 The primary services offered by the server side are authentication services, key escrow, and a database storing the
 encrypted records themselves. Records are symmetrically encrypted with keys that are derived from system-wide secrets
 inside an HSM. The primary motivation behind the use of a key escrow service seems to be to enable the creation of a
-duplicate patient ID smartcard in case a person looses theirs. While the current version of the standard is unclear on
+duplicate user ID smartcard in case an enrolled person looses theirs. While the current version of the standard is
-the exact mechanism of key derivation, in previous versions of the standard, the escrow service's root key, a random
+unclear on the exact mechanism of key derivation, in previous versions of the standard, the escrow service's root key, a
-salt, and the healthcare ID number of the person owning the record was used in SHA256-HKDF. The specification requires
+random salt, and the healthcare ID number of the enrolled person was used in SHA256-HKDF. The specification requires
 that a new root key is generated once a year, but as far as we can tell, record key rollover is not done automatically
 but is only meant to be done when the \emph{user} requests it, and old root keys must be retained forever to ensure old
-records can be accessed.
+records can be accessed. Through this lack of automatic key rollover combined with the need to retain root keys
+indefinitely, attack surface is maximized and incremental compromises of the system over long time spans become possible.
 
-\section{Related Work}
+\subsection{Previous Analyses}
 
-The state-owned company specifying the system commissioned several security assessments of the system relating to the
+\emph{gematik}, the state-owned company specifying the system, commissioned several security assessments of the system
-key escrow service. \textcite{fischlinKryptographischeAnalyseSpezifikation2021} focuses on the cryptographic
+relating to the key escrow service.
-dimension of the key escrow service used in an older version of the standard, and is now obsolete.
+\citeauthor{fischlinKryptographischeAnalyseSpezifikation2021}~\cite{fischlinKryptographischeAnalyseSpezifikation2021}
-\textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on the
+focuses on the cryptographic dimension of the key escrow service used in an older version of the standard, and is now
-cryptography of the inner protocol layers spoken between the system's components. Industry research organization
+obsolete. \textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on
+the cryptography of the inner protocol layers spoken between the system's components. Industry research organization
 Fraunhofer SIT was comissioned for a structured, theoretical assessment of attack paths to the system
-\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of
+\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of independent
-independent academic security research on the system. 
+academic security research on the system. 
 
 The design and operation of the system have been independently described in detail by civil society activists, who have
-demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder0100} demonstrated how they
+demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder2019} demonstrated how they
 could trivially acquire each of the smartcards as well as the Konnektor necessary for accessing the system.
-\textcite{tschirsichKonnteBisherNoch0100} summarize the history of attacks demonstrated on the system and show multiple
+\textcite{tschirsichKonnteBisherNoch2024} summarize the history of attacks demonstrated on the system and show multiple
 practical attacks on various parts of the system's implementation.
 
 \section{Concerning Cryptographic Engineering Choices}
@@ -134,11 +142,11 @@ by no means an exhaustive list, and is only meant to underscore why we believe t
 
 \subsection{Use of Key Escrow}
 
-First, the system's general approach of using a key escrow service instead of securely storing the keys inside the
+Key escrow describes a concept that was originally devised during the 1990ies out of a fear that the widespread
-system's already existing smart card infrastructure is concerning, given that this key escrow service poses a
+availability of strong encryption would stifle the ability of law enforcement agencies to wiretap communications in the
-centralized security risk. The system's designers made this decision since it was deemed important that access to an
+prosecution of crime. At the core of the concept rests the idea that a trusted \emph{key escrow} service should hold a
-encrypted record can be restored quickly after an insurance ID card is lost, without requiring the cooperation of the
+copy of every private key in use. In case the government wants to access one of these keys, the key escrow service can
-healthcare providers holding the primary copies of the person's medical records.
+provide this access\textcite{andersonSecurityEngineeringGuide2020,jarvisCryptoWarsFight2020}.
 
 While key escrow services have been a topic of political debate in decades past, in the cryptographic community,
 consensus generally is that they are a bad idea since they pose a centralized target for attack, and increase attack
@@ -146,10 +154,19 @@ surface \cite{
     abelsonRisksKeyRecovery1997,
     abelsonKeysDoormats2015,
     andersonSecurityEngineeringGuide2020,
+    rogawayMoralCharacterCryptographic2015,
 }.
 
+Our first concern is the system's general approach of using a key escrow service instead of securely storing the keys
+inside the system's already existing smart card infrastructure. Like any other key escrow system, this key escrow
+service poses a centralized security risk. The system's designers made this decision since it was considered important
+that when an encrypted record must be restored after an insurance ID card is lost, it can be re-created without the
+cooperation of the healthcare providers holding the primary copies of the person's medical records.
+
 \subsection{Cryptographic Design}
 
+\todo{Feedback from HS3 reviewer: I feel that this section is a mix-up of critique on the cryptographic design and the
+    approach to privacy protection and data minimisation. How are they linked? I'm missing some discussion here.}
 The system's overall cryptographic design is intentionally kept simple. The standard explicitly mentions that symmetric
 primitives have been preferred over asymmetric primitives in the core key escrow functions due to the risk of an attack
 on asymmetric primitives in the long term. Notably, other advanced cryptographic techniques such as secret sharing
@@ -164,28 +181,25 @@ For instance, the system leaks a person's insurance ID number to the key escrow
 requested. Along with the timing and frequency of these requests, this leaks information on the person's condition to
 the key escrow service in an identifiable way.
 
-% TODO I feel that this section is a mix-up of critique on the cryptographic design and the approach to privacy
-% protection and data minimisation. How are they linked? I'm missing some discussion here.
-
 \subsection{A Realistic Attacker Model}
 
-We observe that the system as a whole does not appear to be designed to defend against well-resourced adversaries. The
+We observe that the system as a whole does not appear to be designed to defend against well-resourced adversaries. A
-series of practical attacks that have been demonstrated on the system confirm this impression. In
+series of demonstrated practical attacks on the system, none of which required advanced capabilities, confirm this
-\textcite{tschirsichKonnteBisherNoch0100} summarize a series of successful attacks. Attacks include social engineering
+impression. In \textcite{tschirsichKonnteBisherNoch2024} summarize a series of successful attacks. Attacks include
-resulting in access to copies of smartcards enabling accessing patient records, using misconfigured Konnektor VPN
+social engineering resulting in access to copies of smartcards enabling accessing patient records, using misconfigured
-appliances with their LAN DMZ and authentication interface exposed on the public internet, circumventing video-based
+Konnektor VPN appliances with their local network DMZ and authentication interface exposed on the public internet,
-authentication processes resulting in duplicate file keys being provided, classis SQL injection on a backend service
+circumventing video-based authentication processes resulting in duplicate file keys being provided, classis SQL
-maintaining an authentication database, accessing all national patient records through brute-force enumeration of weak
+injection on a backend service maintaining an authentication database, accessing all national patient records through
-identifiers, and several more.
+brute-force enumeration of weak identifiers, and several more.
 
-We believe that a system like this must be designed to withstand well-resourced adversaries such as enemy secret
+We believe that a system like this must be designed to withstand well-resourced adversaries such as foreign secret
 services, since the medical data stored in such as information on chronic illness, sexually transmittable disease or
 severe food allergies has intelligence value. Repeated breaches of national digital infrastructure such as the 2015
 breach of the US Office of Personnel Management \cite{barrettUSSuspectsHackers2015} or the 2024 compromise of US
 telecommunications wiretapping systems \cite{mennChineseGovernmentHackers2024} demonstrate that such state-sponsored
 attacks on national digital infrastructure are a realistic concern. A possible scenario in the ePA system would be an
-enemy secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret by
+foreign secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret
-an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
+by an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
 nation-state adversary might have access to an exploit allowing the compromise of the system's TEEs, which would enable
 the extraction of any patient records being processed in plaintext inside these TEEs.
 
@@ -193,19 +207,20 @@ the extraction of any patient records being processed in plaintext inside these
 
 Physical security has received some consideration in the system's specification. First, smart cards are used extensively
 for authentication. Second, Hardware Security Modules are used in key locations of the system to process some
-cryptographic secrets. The core of the system's key escrow service is implemented inside an HSM. However, it is notable
+cryptographic secrets. The core of the system's key escrow service is implemented inside an HSM that is part of a
-that the actual security level required for this HSM is only FIPS 140-2 level
+redundant HSM cluster. However, it is notable that the actual security level required for this HSM is only FIPS 140-2
-3 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}. Not only has FIPS 140-2
+level 3 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}. FIPS 140-2 is a US
-been superseded by FIPS 140-3 since
+government standard that used to be popular for the specification of HSMs. However, not only has FIPS 140-2 been made
-2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}, its security level 3
+obsolete by FIPS 140-3 in 2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019},
-mostly provides logical separation of cryptographic functions from other logic and is not very meaningful in the context
+its security level 3 mostly provides logical separation of cryptographic functions from other logic and is not very
-of physical attacks. The only physical requirement of FIPS 140-2 level 3 is that the HSM has a hard, opaque coating.
+meaningful in the context of physical attacks. The only physical requirement of FIPS 140-2 level 3 is that the HSM has a
-This coating is specified to be tamper-evident, but notably no active tamper detection or response features are required
+hard, opaque coating. This coating is specified to be tamper-evident, but notably no active tamper detection or response
-by this standard. In contrast to the newer FIPS 140-3 standard and the related ISO/IEC 19790 \cite{ISOIEC19790} as well
+features are required by this standard~\cite{andersonSecurityEngineeringGuide2020}. In contrast to the newer FIPS 140-3
-as ISO/IEC 24759 \cite{ISOIEC24759} standards, FIPS 140-2 does not make any particular requirements regarding resistance
+standard and the related ISO/IEC 19790 \cite{ISOIEC19790} as well as ISO/IEC 24759 \cite{ISOIEC24759} standards, FIPS
-to side-channel attacks. The lack of tamper response, unspecified resistance to side-channel attacks and the fact that
+140-2 does not make any particular requirements regarding resistance to side-channel attacks. The lack of tamper
-the ePA specification only requires the long-lived key escrow root key inside the HSM to have 256 bits of entropy lead
+response, unspecified resistance to side-channel attacks and the fact that the ePA specification only requires the
-to an unsatisfactory overall constellation.
+long-lived key escrow root key inside the HSM to have 256 bits of entropy lead to an unsatisfactory overall
+constellation.
 
 \section{Conclusion}
 
@@ -226,11 +241,13 @@ From an academic perspective, it is interesting to see how the ePA ended up in i
 cryptographic solutions left by academic research that contributed. A fundamental truth in cryptographic engineering is
 that in the absence of technical checks, political promises are no guarantees of restraint. As such, the degree of trust
 the ePA system places on organizational measures leads to a concerning overall picture. In particular, the system's
-strong reliance on conventional HSMs built to long obsolete security standards as well as on trusted execution
+extensive reliance on not just conventional HSMs built to long obsolete security standards but also on trusted execution
-environment technology that has been broken multiple times highlights the need for new approaches to hardware security
+environments that have been broken multiple times highlights the need for new approaches to hardware security
 that better accomodate real-world use cases.
 
 We believe that Inertial HSMs can address this use case by cleanly separating the physical security primitive into a
 retargetable design that can be applied to entire servers if needed, and augment or replace technology like conventional
-HSMs or trusted execution environments to provide high-level hardware security.
+HSMs or trusted execution environments to provide high-level hardware security. Before introducing IHSMs in
+Chapter~\ref{chapter-ihsm}, in the following chapter, we will first complement this chapter's outlook on the state of
+the art in hardware security with a survey of tamper sensing meshes in a wide range of real world devices.
 

chapter-hsms/pres-harris.tex

@@ -0,0 +1,493 @@
+\documentclass[aspectratio=169]{beamer}
+\usetheme{default}
+\usepackage[T1]{fontenc}
+\usepackage{textcomp}
+\usepackage{graphicx}
+\usepackage{subcaption}
+\usepackage{siunitx}
+\usepackage{booktabs}
+\usepackage{array}
+\usepackage{ragged2e}
+\usepackage{colortbl}
+\usepackage{pdflscape}
+\usepackage[percent]{overpic}
+\usepackage[backend=biber,style=numeric,sorting=none]{biblatex}
+\addbibresource{../main.bib}
+
+\graphicspath{{figures}}
+
+% Define custom commands if not already defined
+\newcommand{\surveypic}[2]{
+    \begingroup
+        \setlength{\fboxsep}{0.2mm}
+        \begin{overpic}[percent,height=10mm]{#2}
+            \put(100,85){\makebox[0pt][r]{\colorbox{white}{\footnotesize H#1}}}
+        \end{overpic}
+    \endgroup
+    }
+\newcommand{\sampleno}[1]{#1}
+
+\title{Tamper-Sensing Meshes in the Wild}
+\author{\textbf{Jan Sebastian Götte} \& Björn Scheuermann\\TU Darmstadt\\contact: \texttt{research@jaseg.de}}
+\date{2026-03-24}
+
+\begin{document}
+
+\begin{frame}
+\titlepage
+\end{frame}
+
+\begin{frame}{What is a Tamper Sensing Mesh?}
+\begin{itemize}
+\item Embedded looped conductor covering a surface
+\item Detects physical intrusion
+  \begin{itemize}
+    \item Drills, saws, lasers etc.
+  \end{itemize}
+\item Triggers some tamper response
+  \begin{itemize}
+    \item Deleting keys
+    \item Raising alarms
+    \item Explosions?
+  \end{itemize}
+\item Widely used in HSMs, payment terminals, ATMs, nuclear weapons
+\end{itemize}
+\end{frame}
+
+\begin{frame}{The History of Tamper-Sensing Meshes}
+\begin{itemize}
+\item \textbf{1870}: First patents using literal wire meshes to protect bank vaults~\cite{ImprovementProtectingSafes1870,ImprovementElectromagneticEnvelopes1870}
+\item \textbf{1902}: Multi-layer, orthogonal meshes documented~\cite{suttonElectricallyprotectedStructure1902}
+\item \textbf{1971}: Printed circuit technology adopted~\cite{hamPrintedcircuitTypeSecurity1971}
+\item \textbf{1990s}: Widespread commercial adoption with cryptographic applications
+\end{itemize}
+
+Other, hard to date examples: NSA use for protecting ciphering machines~\cite{boakHistoryUSCommunications1973,boakHistoryUSCommunications1981}, US use in nuclear weapons~\cite{carterManagingNuclearOperations1987}
+\end{frame}
+
+\begin{frame}{Commercial Applications Today}
+\begin{itemize}
+\item Datacenter HSMs (Key management, payment processing)
+\item Card Payment Terminals (PIN encryption)
+\item ATM Encrypting Pin Pads (PIN encryption)
+\item Key Safes for Emergency services access (Germany only?)
+\item Mail Franking Machines (credit counter)
+\item Slot Machines (likely for DRM)
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Our Survey}
+\textbf{Sample Size}: 30 devices
+
+\textbf{Device Types}:
+\begin{itemize}
+    \item 23 Card payment terminals (Verifone, Ingenico, SumUp, etc.)
+    \item 3 ATM Encrypting Pin Pads (NCR, Sagem)
+    \item 2 HSM modules (SafeNet, Utimaco)
+    \item 1 Franking machine
+    \item 1 German slot machine CPU
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Mesh Materials and Structure Sizes Observed}
+\begin{itemize}
+    \item \textbf{Rigid PCB (FR-4):} Photolithographic etching, \SIrange{100}{200}{\micro\meter}
+    \item \textbf{Polyimide/Copper FPC:} Photolithographic etching, \SIrange{100}{200}{\micro\meter}
+    \item \textbf{Silver ink FPC:} Screen printing, \SIrange{500}{3000}{\micro\meter}
+    \item \textbf{Carbon ink FPC:} Screen printing, \SIrange{500}{3000}{\micro\meter}
+    \item \textbf{Gold laser direct structuring:} Laser Direct Structuring, \SIrange{50}{200}{\micro\meter}
+    \item \textbf{IBM/Gore mesh:} Printed, \SIrange{200}{1500}{\micro\meter}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Survey Specimens - External Photos}
+\begin{figure}
+    \centering
+    \footnotesize
+    \begin{tabular}[c]{cccccc}
+        \surveypic{02}{survey_diag_S02.jpg}&
+        \surveypic{03}{survey_diag_S03.jpg}&
+        \surveypic{04}{survey_diag_S04.jpg}&
+        \surveypic{05}{survey_diag_S05.jpg}&
+        \surveypic{06}{survey_diag_S06.jpg}&
+        \surveypic{08}{survey_diag_S08.jpg}\\
+        \surveypic{09}{survey_diag_S09.jpg}&
+        \surveypic{10}{survey_diag_S10.jpg}&
+        \surveypic{11}{survey_diag_S11.jpg}&
+        \surveypic{12}{survey_diag_S12.jpg}&
+        \surveypic{13}{survey_diag_S13.jpg}&
+        \surveypic{14}{survey_diag_S14.jpg}\\
+        \surveypic{15}{survey_diag_S15.jpg}&
+        \surveypic{16}{survey_diag_S16.jpg}&
+        \surveypic{17}{survey_diag_S17.jpg}&
+        \surveypic{18}{survey_diag_S18.jpg}&
+        \surveypic{19}{survey_diag_S19.jpg}&
+        \surveypic{20}{survey_diag_S20.jpg}\\
+        \surveypic{21}{survey_diag_S21.jpg}&
+        \surveypic{22}{survey_diag_S22.jpg}&
+        \surveypic{23}{survey_diag_S23.jpg}&
+        \surveypic{24}{survey_diag_S24.jpg}&
+        \surveypic{25}{survey_diag_S25.jpg}&
+        \surveypic{27}{survey_diag_S27.jpg}\\
+        \surveypic{28}{survey_diag_S28.jpg}&
+        \surveypic{29}{survey_diag_S29.jpg}&
+        \surveypic{30}{survey_diag_S30.jpg}&
+        \surveypic{31}{survey_diag_S31.jpg}&
+        \surveypic{32}{survey_diag_S32.jpg}&
+        \\
+    \end{tabular}
+\end{figure}
+\end{frame}
+
+\begin{frame}{Survey Specimens - Internal Photos}
+\begin{figure}
+    \centering
+    \footnotesize
+    \begin{tabular}[c]{cccccc}
+        \surveypic{01}{survey_internal_09_S01.jpg}&
+        \surveypic{02}{survey_internal_20_S02.jpg}&
+        \surveypic{03}{survey_internal_11_S03.jpg}&
+        \surveypic{04}{survey_internal_03_S04.jpg}&
+        \surveypic{05}{survey_internal_10_S05.jpg}&
+        \surveypic{06}{survey_internal_08_S06.jpg}\\
+        \surveypic{08}{survey_internal_24_S08.jpg}&
+        \surveypic{09}{survey_internal_13_S09.jpg}&
+        \surveypic{10}{survey_internal_23_S10.jpg}&
+        \surveypic{11}{survey_internal_17_S11.jpg}&
+        \surveypic{12}{survey_internal_19_S12.jpg}&
+        \surveypic{13}{survey_internal_02_S13.jpg}\\
+        \surveypic{14}{survey_internal_00_S14.jpg}&
+        \surveypic{15}{survey_internal_04_S15.jpg}&
+        \surveypic{16}{survey_internal_05_S16.jpg}&
+        \surveypic{17}{survey_internal_22_S17.jpg}&
+        \surveypic{18}{survey_internal_21_S18.jpg}&
+        \surveypic{19}{survey_internal_26_S19.jpg}\\
+        \surveypic{20}{survey_internal_12_S20.jpg}&
+        \surveypic{21}{survey_internal_15_S21.jpg}&
+        \surveypic{22}{survey_internal_16_S22.jpg}&
+        \surveypic{23}{survey_internal_07_S23.jpg}&
+        \surveypic{24}{survey_internal_06_S24.jpg}&
+        \surveypic{25}{survey_internal_25_S25.jpg}\\
+        \surveypic{27}{survey_internal_18_S27.jpg}&
+        \surveypic{28}{survey_internal_14_S28.jpg}&
+        \surveypic{30}{survey_internal_29_S30.jpg}&
+        \surveypic{31}{survey_internal_27_S31.jpg}&
+        \surveypic{32}{survey_internal_28_S32.jpg}&
+        \\
+    \end{tabular}
+\end{figure}
+\end{frame}
+
+\begin{frame}{Mesh Trace Layouts}
+\begin{columns}[T]
+\begin{column}{0.5\textwidth}
+    \centering
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_offset.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_orthogonal.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+
+    \vspace{5mm}
+
+    \begin{overpic}[width=.45\textwidth]{hsm_utimaco_mesh_gore.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_stack_epp.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+\end{column}
+\begin{column}{0.45\textwidth}
+    \raggedright
+    \textbf{A:} Offset layers (H12)
+
+    \textbf{B:} Orthogonal patterns (H14)
+
+    \textbf{C:} Orthogonal + area pattern (H30)
+
+    \textbf{D:} Spaced layers (H28)
+\end{column}
+\end{columns}
+\end{frame}
+
+\begin{frame}{Mesh Materials and Manufacturing}
+\centering
+\begin{tabular}{lll}
+    \begin{overpic}[width=.22\textwidth]{trace_material_copper_pcb.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_copper_flex.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_silver.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[3mm]
+    \begin{overpic}[width=.22\textwidth]{trace_material_contact_gold_lds.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_carbon.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{tabular}[b]{@{}l@{}}
+        \textbf{A:} Rigid PCB (H10) \\
+        \textbf{B:} Flexible PCB (H15) \\
+        \textbf{C:} Silver ink (H14) \\
+        \textbf{D:} Laser Direct Structuring (H32) \\
+        \textbf{E:} Carbon ink (H30)
+    \end{tabular}
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Mesh Connection Methods}
+\centering
+\begin{tabular}{ccc}
+    \begin{overpic}[width=.20\textwidth]{connector_castellated_edge.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_elastomeric.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_rf_gasket.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[2mm]
+    \begin{overpic}[width=.20\textwidth]{connector_zif_fpc_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_stacking.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_metal_dome.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries F}}
+    \end{overpic}
+\end{tabular}
+
+\vspace{3mm}
+
+\small
+\textbf{A:} Direct soldering (H05) \quad
+\textbf{B:} Elastomeric connector (H31) \quad
+\textbf{C:} EMI gasket (H14) \\
+\textbf{D:} FPC connector (H20) \quad
+\textbf{E:} Stacking connector (H17) \quad
+\textbf{F:} Tactile dome (H06)
+\end{frame}
+
+\begin{frame}{3D Mesh Construction Styles}
+\centering
+\begin{tabular}{lll}
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_fold_overlap.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_fold_no_overlap.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{3d_construction_lds_top.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[3mm]
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_vacform.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{3d_construction_cards_standalone.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{tabular}[b]{@{}l@{}}
+        \textbf{A:} Folded with overlap (H03) \\
+        \textbf{B:} Folded without overlap (H14) \\
+        \textbf{C:} Laser Direct Structuring (H32) \\
+        \textbf{D:} Thermoformed (H12) \\
+        \textbf{E:} House-of-Cards (H08)
+    \end{tabular}
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Thermoforming Example}
+\begin{columns}[T]
+\begin{column}{0.48\textwidth}
+    \centering
+    \includegraphics[width=.6\textwidth]{survey_formed_mesh_before.jpg}\\
+    \small Before removing lacquer
+\end{column}
+\begin{column}{0.48\textwidth}
+    \centering
+    \includegraphics[width=.6\textwidth]{survey_formed_mesh_after.jpg}\\
+    \small After removing lacquer
+\end{column}
+\end{columns}
+\vspace{3mm}
+\centering
+\small Formed cavities in printed foil mesh specimen H24
+\end{frame}
+
+\begin{frame}{Sandwich-Style Construction}
+\begin{columns}[T]
+\begin{column}{0.5\textwidth}
+    \centering
+    \begin{overpic}[width=.45\textwidth]{3d_construction_offset_mesh_delayered_contrast_improved.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{3d_construction_via_stitch_mesh_delayer_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+
+    \vspace{3mm}
+
+    \begin{overpic}[width=.45\textwidth]{3d_construction_planar_stack.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{3d_construction_cavity_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+\end{column}
+\begin{column}{0.45\textwidth}
+    \raggedright
+    \textbf{A:} Obstacle mesh coupons (H17)
+
+    \textbf{B:} Via-fence meshes (H24)
+
+    \textbf{C:} Planar sandwich stack (H24)
+
+    \textbf{D:} PCB lid with cavity (H14)
+\end{column}
+\end{columns}
+\end{frame}
+
+\begin{frame}{Security Issues Observed}
+\begin{itemize}
+    \item Incomplete mesh coverage
+    \item Meshes not overlapping at edges leaving gaps for probe insertion
+    \item Gaps at mesh-PCB interfaces
+    \item Thermoformed cavities with enlarged structure size at corners
+    \item In one case, an opaque lacquer was easily removed with acetone (without damaging the mesh!)
+    \item Trace patterns visible through cover layers due to surface unevenness
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Design Recommendations (1/2)}
+    \begin{itemize}
+        \item Commodity PCB manufacturing process design rules in the \SIrange{100}{200}{\micro\meter} range are better than the state of the art in mesh structure size
+        \item Avoid ink printing processes or thermoforming because of their large structure size
+        \item Carefully think about your literal corner cases (and edges)!
+        \begin{itemize}
+            \item Overlap meshes where possible.
+        \end{itemize}
+        \item Use potting and cover layers, but verify that they work
+        \begin{itemize}
+            \item Check that you \emph{actually} can't see what's below
+            \item Test their chemical resistance (and that of your mesh)
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}{Design Recommendations (2/2)}
+    \begin{itemize}
+        \item Mixing tough potting or enclosure materials and fragile mesh materials makes life harder for an attacker
+        \begin{itemize}
+            \item Consider using steel instead of plastic (also helps against X-ray inspection!)
+            \item Use thin substrates and thin conductive layers for the mesh
+            \item Balance adhesion so removing potting / cover layers tears away traces below
+        \end{itemize}
+        \item Overlap mesh layers at a 50\% structure size offset
+        \item Space (some) mesh layers apart in Z direction to constrain attack tools
+        \item Use a pressure-sensitive connection method like tactile domes or elastomeric conncetors
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\centering
+\Huge Thank you!
+
+\vspace{1cm}
+
+\Large Questions?
+
+\texttt{research@jaseg.de}
+\end{frame}
+
+\begin{frame}
+\centering
+Long-form version of this presentation in my thesis (pre-release, to be published this summer):
+
+\url{https://jaseg.de/thesis-final-web.pdf}
+
+\includegraphics{thesis_qr.png}
+\end{frame}
+
+\begin{frame}{Specimen List (1/2)}
+\footnotesize
+\begin{tabular}{c>{\RaggedRight\arraybackslash}p{25mm}>{\RaggedRight\arraybackslash}p{35mm}ll}
+\toprule
+\textbf{ID} & \textbf{Device} & \textbf{Manufacturer} &  \textbf{Type} & \textbf{Year} \\
+\midrule
+H01 & PED & Verifone & VX 570 & ca. 2010 \\
+H02 & Slot machine & Merkur / ADP & Sam 12 EC2 & ca. 2012 \\
+H03 & EPP & Sagem & USA1315-4240 & 2014 \\
+H04 & EPP & Sagem & USA1316-5120 & 2007 \\
+H05 & PED & Xac & xAPT-103 & 2014 \\
+H06 & PED & Ingenico & iCT250-11T1860A & 2016-17 \\
+H08 & PED & Sagem & NOR4100-4220 & 2012 \\
+H09 & PED & Hypercom & M4230 & 2010 \\
+H10 & PED & Worldline & YOMANI XR & 2016 \\
+H11 & PED & Banksys & C-ZAM Smash & 2004 \\
+H12 & PED & Hypercom & Optimum P2100 & 2010 \\
+H13 & PED & Ingenico & iCT 220-11T2938A & 2016 \\
+H14 & PED & Verifone & H5000 & 2016 \\
+H15 & PED & Verifone & MX 925 & 2018 \\
+H16 & PED & Verifone & V200c CTLS & 2021 \\
+H17 & PED & Verifone & VX 680 & 2014 \\
+\bottomrule
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Specimen List (2/2)}
+\footnotesize
+\begin{tabular}{c>{\RaggedRight\arraybackslash}p{25mm}>{\RaggedRight\arraybackslash}p{35mm}ll}
+\toprule
+\textbf{ID} & \textbf{Device} & \textbf{Manufacturer} &  \textbf{Type} & \textbf{Year} \\
+\midrule
+H18 & PED & Ingenico & i7910 & 2010 \\
+H19 & PED & Banksys & XENTA & 2004-2011 \\
+H20 & PED & Verifone & VX 520 3G & 2017 \\
+H21 & PED & Verifone & V400m Plus 4G & 2018 \\
+H22 & PED & Ingenico & Move 3500 & 2020 \\
+H23 & PED & Ingenico & iPP 350-11T1718A & 2015 \\
+H24 & PED & Ingenico & iWL255-01T2117A & 2016 \\
+H25 & Franking Mach. & Neopost & IJ-25 & ca. 2001 \\
+H27 & PED & Sumup & AIR1E205 & 2021 \\
+H28 & EPP & NCR & 5814 UEPP & 2019 \\
+H29 & HSM & SafeNet & VBD-05 & 2018 \\
+H30 & HSM & Irdeto & Mayflower & 2011 \\
+H31 & PED & SumUp & SumUp 3G & 2019 \\
+H32 & PED & SumUp & SumUp Air & 2022 \\
+\bottomrule
+\end{tabular}
+\vspace{3mm}
+
+\tiny PED: Pin Entry Device; EPP: Encrypting Pin Pad; HSM: Hardware Security Module
+\end{frame}
+
+\begin{frame}[allowframebreaks]{References}
+\printbibliography[heading=none]
+\end{frame}
+
+\end{document}

chapter-ihsm/chapter.tex

@@ -1,12 +1,23 @@
-\chapterquote{Russell Impagliazzo~\cite{impagliazzoPersonalViewAveragecase1995}}{
+\chapterquote{Dungeons \& Dragons 2024 Player's Handbook~\cite{crawfordDungeonsDragonsPlayers2024}}{
-    One should always assume that people willing to break a system are also willing to use significantly more resources
+    \begin{center}
-    doing so than legitimate users are willing to spend routinely!
+        \includegraphics[scale=0.85]{resilient sphere.pdf}
+    \end{center}
 }
-\chaptertitle{Inertial Hardware Security Modules}
+% Manually do the chapter preamble stuff instead of using our \chaptertitle def from thesis.tex to bring the minitoc to
+% a new page because of the large graphic embedded in the chapterquote.
+\chapter{Inertial Hardware Security Modules}
 \label{chapter-ihsm}
+\printchapterquote
+\newpage
+\begin{spacing}{1.1}
+    \minitoc
+\end{spacing}
+\newpage
 
 \section{Introduction}
 
+\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann and
+presented by Jan Sebastian Götte at CHES 2022~\cite{gotteCantTouchThis2022}.}
 While information security technology has matured a great deal in the last half-century, physical security did not keep
 up with the pace of the remainder of this industry. Given the right skills, physical access to a computer still often
 allows full compromise. The physical security of modern server hardware hinges on what lock you put on the room it is
@@ -22,7 +33,7 @@ TPM~\cite{newman2020,frazelle2019,johnson2018}.
 Like smartcards, TPMs rely on a modern IC being hard to tamper with.  Shrinking things to the nanoscopic level to secure
 them against tampering is a good engineering solution for some years to come.  However, in essence, this is a type of
 security by obscurity: Obscurity here referring to the rarity of the equipment necessary to attack modern
-ICs~\cite{albartus2020,anderson2020}.
+ICs~\cite{albartus2020,andersonSecurityEngineeringGuide2020}.
 
 In contrast to TPMs and Smartcards, HSMs rely on an active security barrier usually consisting of a fragile foil with
 conductive traces. These traces are much larger scale than a smart card IC's microscopic structures and instead are
@@ -56,15 +67,14 @@ This chapter contains the following contributions:
 \begin{figure}
     \center
     \includegraphics[width=12cm]{prototype_pic2.jpg}
-    \caption{The prototype as we used it to test power transfer and bidirectional communication between stator and
+    \caption[Inertial HSM prototype]{The prototype as we used it to test power transfer and bidirectional communication
-    rotor.  This picture shows the proof-of-concept prototype's configuration that we used for accelerometer
+    between stator and rotor.  This picture shows the proof-of-concept prototype's configuration that we used for
-    characterization (Section~\ref{sec_accel_meas}) without the vertical security mesh struts that connect the circular
+    accelerometer characterization (Section~\ref{sec_accel_meas}) without the vertical security mesh struts that connect
-    top and bottom outer meshes.}
+    the circular top and bottom outer meshes.}
     \label{prototype_picture}
 \end{figure}
 
-In Section~\ref{sec_related_work}, we will give an overview of the state of the art in HSM physical security. On this
+In Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
-basis, in Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
 analyze its weaknesses in Section~\ref{sec_attacks}. Based on these results we have built a proof-of-concept hardware
 prototype. In Section~\ref{sec_proto} we will elaborate on the design of this prototype. In Section~\ref{sec_accel_meas}
 we present our characterization of an automotive MEMS accelerometer IC as a rotation sensor in this proof-of-concept
@@ -75,36 +85,18 @@ prototype. We conclude this chapter with a general evaluation of our design in S
 % summaries of research papers on HSMs.  I have not found any actual prior art on anything involving mechanical motion
 % beyond ultrasound.
 
-In this section, we will briefly explore the history of HSMs and the state of academic research on active tamper
+As we elaborated in Chapter~\ref{chapter-survey}, HSMs are an old technology that traces back decades in its electronic
-detection.
+realization. Today's common approach of monitoring meandering electrical traces on a fragile foil that is wrapped around
+the HSM essentially transforms the security problem into the challenge to
+manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
+andersonSecurityEngineeringGuide2020}.  There has been some research on monitoring the HSM's interior using e.g.\
+electromagnetic radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this
+research has found widespread adoption yet.
 
-HSMs are an old technology that traces back decades in its electronic realization, initially being conceived by the US
+HSMs can be compared to physical seals~\cite{andersonSecurityEngineeringGuide2020}. Both are tamper-evident devices. The
-NSA during the second world war~\cite{boak1973}. Today's common approach of monitoring meandering electrical traces on a
+difference is that an HSM continuously monitors itself whereas a physical seal only serves to record tampering and
-fragile foil that is wrapped around the HSM essentially transforms the security problem into the challenge to
+requires someone to examine it. This examination can be done by eye in the field, but it can also be carried out in a
-manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019, anderson2020}.  There has been
+laboratory using complex equipment.  An HSM in principle has to have this examination equipment built-in.
-some research on monitoring the HSM's interior using e.g.\ electromagnetic radiation~\cite{tobisch2020, kreft2012} or
-ultrasound~\cite{vrijaldenhoven2004} but none of this research has found widespread adoption yet.
-
-HSMs can be compared to physical seals~\cite{anderson2020}. Both are tamper-evident devices. The difference is that an
-HSM continuously monitors itself whereas a physical seal only serves to record tampering and requires someone to examine
-it. This examination can be done by eye in the field, but it can also be carried out in a laboratory using complex
-equipment.  An HSM in principle has to have this examination equipment built-in.
-
-Physical seals are used in a wide variety of applications. The most interesting ones from a research point of view that
-are recorded in public literature are those used for the monitoring of nuclear material under the International Atomic
-Energy Authority (IAEA). Most of these seals use the same approach that is used in Physically Unclonable Functions
-(PUFs), though their development predates that of PUFs by several decades.  The seal is created in a way that
-intentionally causes large, random device-to-device variations. These variations are precisely recorded at deployment.
-At the end of the seal's lifetime, the seal is returned to a lab and closely examined to check for any deviations from
-the seal's prior recorded state. The type of variation used in these seals includes random scratches in metal parts and
-random blobs of solder (IAEA metal cap seal), randomly cut optical fibers (COBRA seal), the uncontrollably random
-distribution of glitter particles in a polymer matrix (COBRA seal prototypes) as well as the precise three-dimensional
-surface structure of metal parts at microscopic scales (LMCV)~\cite{iaea2011}.
-
-The IAEA's equipment portfolio does include electronic seals such as the EOSS. These devices are intended for remote
-reading, similar to an HSM. They are constructed from two components: A cable that is surveilled for tampering, and a
-monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil like it is used in
-commercial HSMs. 
 
 The self-destruct built into an HSM serves as a strong tamper deterrent.  For illustration, compare an HSM to a computer
 inside a locked safe when opposing a well-funded attacker with plenty of time.  In~\cite{boak1973}, Boak asserts that
@@ -113,14 +105,16 @@ several minutes. While the state of electronics has advanced rapidly since Boak'
 has not increased correspondingly. Thus, we can conclude that even today, against a ``smart, well-equipped opponent with
 plenty of time'' as noted by Boak, this self-destruction functionality is essential.
 
-In~\cite{anderson2020}, Anderson gives a comprehensive overview of physical security. An example HSM that he cites is
+In~\cite{andersonSecurityEngineeringGuide2020}, Anderson gives a comprehensive overview of physical security. An example
-the IBM 4758, the details of which are laid out in-depth in~\cite{smith1998}. This HSM is an example of an
+HSM that he cites is the IBM 4758, the details of which are laid out in-depth
-industry-standard construction. Although its turn of the century design is now a bit dated, the construction techniques
+in~\cite{smithBuildingHighperformanceProgrammable1999}. This HSM is an example of an industry-standard construction.
-of the physical security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature
+Although its turn of the century design is now a bit dated, the construction techniques of the physical security
-and radiation sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the
+mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature and radiation sensors to
-common construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state
+guard against attacks on the built-in SRAM memory, the module's main security barrier uses the common construction of a
-that the module monitors this mesh for short circuits, open circuits, and conductivity. Other commercial offerings use
+flexible mesh foil wrapped around the module's core. In~\cite{smithBuildingHighperformanceProgrammable1999}, the authors
-similar approaches to tamper detection~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
+state that the module monitors this mesh for short circuits, open circuits, and conductivity. Other commercial offerings
+use similar approaches to tamper
+detection~\cite{obermaier2018,drimer2008,andersonSecurityEngineeringGuide2020,isaacs2013}.
 
 Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an
 HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to
@@ -247,9 +241,9 @@ security barrier.  In industry, mesh membranes are commonly used for tamper dete
 systems for a variety of use cases ranging from low-security payment processing to high-security certificate management.
 From this, we can conclude that a properly implemented mesh \emph{can} provide a practical level of security.  In
 contrast to this industry focus, academic research has largely focused on ways to fabricate enclosures that embed
-characteristics of a Physically Unclonable Function as a means of tamper detection~\cite{tobisch2020,immler2019}. By
+characteristics of a PUF as a means of tamper detection~\cite{tobisch2020,immler2019}. By using stochastic properties of
-using stochastic properties of the enclosure material to form a PUF, such academic designs leverage signal processing
+the enclosure material to form a PUF, such academic designs leverage signal processing techniques to improve the
-techniques to improve the system's security level by a significant margin.
+system's security level by a significant margin.
 
 In our research, we focus on security meshes as our IHSM's tamper sensors.  The cost of advanced manufacturing
 techniques and special materials used in fine commercial meshes poses an obstacle to small-scale manufacturing and
@@ -321,20 +315,24 @@ shaft penetrates the mesh to simplify mechanical construction.
 \begin{figure}
     \center
     \includegraphics{concept_vis_one_axis.pdf}
-    \caption{Concept of a simple spinning Inertial HSM. 1 - Shaft. 2 - Security mesh. 3 - Payload. 4 -
+    \caption[Inertial HSM concept visualization]{Concept of a simple spinning Inertial HSM. 1 - Shaft. 2 - Security
-    Accelerometer. 5 - Shaft penetrating security mesh.}
+    mesh. 3 - Payload. 4 - Accelerometer. 5 - Shaft penetrating security mesh.}
     \label{fig_schema_one_axis}
 \end{figure}
 
 The spinning mesh must be designed to cover the entire surface of the payload, but it suffices if it sweeps over every
 part of the payload once per rotation. This means we can design longitudinal gaps into the mesh that allow outside air
 to flow through to the payload.  In traditional boundary-sensing HSMs, cooling of the payload processor is a serious
-issue since any air duct or heat pipe would have to penetrate the HSM's security boundary. This problem can only be
+issue since any air duct or heat pipe would have to penetrate the HSM's security boundary~\cite{
-solved with complex and costly siphon-style constructions, so in commercial systems, heat conduction is used
+    petriePartIITechnical,
-exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its processing power.
+    curetHardwareSecurityModule2025,
-Using longitudinal gaps in the mesh, our setup allows direct air cooling of regular heatsinks. This unlocks much more
+    zhangTamperrespondentAssembliesPorous2023,
-powerful processing capabilities that greatly increase the maximum possible power dissipation of the payload.  In an
+    dragoneVentedTamperrespondentAssemblies2020}.
-evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan.
+This problem can only be solved with complex and costly siphon-style constructions, so in commercial systems, heat
+conduction is used exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its
+processing power. Using longitudinal gaps in the mesh, our setup allows direct air cooling of regular heatsinks. This
+unlocks much more powerful processing capabilities that greatly increase the maximum possible power dissipation of the
+payload.  In an evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan.
 
 Conventional HSMs are limited by the construction of their security meshes which rely on plastics as their main
 structural material. The security mesh has to fit the highest components inside the HSM. Since creating a security mesh
@@ -532,10 +530,10 @@ One type of these attacks are contactless attacks such as electromagnetic (EM) s
 EM side-channel attacks can be mitigated by shielding and by designing the IHSM's payload such that critical components
 such as CPUs are physically distant to the security mesh, preventing EM probes from being brought close.
 Conducted EMI side-channels that could be used for power analysis can be mitigated by placing filters on the inside of
-the security mesh at the point where the power and network connections penetrate the mesh~\cite{anderson2020}.
+the security mesh at the point where the power and network connections penetrate the mesh~\cite{andersonSecurityEngineeringGuide2020}.
 Finally, the API between the HSM's payload and the outside world provides attack surface.  Attacks through the network
 interface must be prevented as in any other networked system by only exposing the minimum necessary amount of API
-surface to the outside world, and by carefully vetting this remaining attack surface~\cite{anderson2020}.
+surface to the outside world, and by carefully vetting this remaining attack surface~\cite{andersonSecurityEngineeringGuide2020}.
 
 IHSMs do not provide an inherent benefit against such contactless attacks. However, there are two mitigating factors in
 play that still give IHSMs an advantage over conventional HSMs in this scenario. Because IHSM meshes can be made using
@@ -567,16 +565,17 @@ acceleration is $a=\omega^2 r$. In our example, this results in a minimum angula
 \frac{1}{2\pi}\sqrt{\frac{a}{r}} = \frac{1}{2\pi}\sqrt{\frac{\SI{1000}{\meter\per\second^2}}{\SI{100}{\milli\meter}}}
 \approx \SI{16}{\hertz} \approx \SI{1000}{rpm}$. From this, we can conclude that even at moderate speeds of
 $\SI{1000}{rpm}$ and above, a manual attack is no longer possible and any attack would have to be carried out using some
-kind of mechanical tool.
+kind of mechanical tool. Literature supports this conclusion, with loss of orientation reported as early as at
+\SI{70}{rpm} in an observer located on the axis of rotation~\cite{fowlerInvestigationFlowProcesses1966}.
 
 \begin{figure}
     \center
     \includegraphics[width=6cm]{attack-robot.pdf}
-    \caption{Schematic overview of a robotic rotating-stage attack. An optical sensor (1) observes the IHSM's rotation
+    \caption[Inertial HSM attack robot scenario]{Schematic overview of a robotic rotating-stage attack. An optical
-    and adjusts the setpoint of a servo motor (2) that rotates the attack stage (3). On the rotating attack stage, a
+    sensor (1) observes the IHSM's rotation and adjusts the setpoint of a servo motor (2) that rotates the attack stage
-    remote-controlled manipulator (4) is mounted that deactivates the security mesh (7) and creates an opening (5).
+    (3). On the rotating attack stage, a remote-controlled manipulator (4) is mounted that deactivates the security mesh
-    Through this opening, a human operator can then insert tools such as probes to read out sensitive information from
+    (7) and creates an opening (5). Through this opening, a human operator can then insert tools such as probes to read
-    the actual payload (6).}
+    out sensitive information from the actual payload (6).}
     \label{fig_attack_robot}
 \end{figure}
 
@@ -609,9 +608,9 @@ penetrates the mesh at the axis. The mesh's tangential velocity decreases close
 allow an attacker to insert tools such as probes into the device through the opening it creates.  Conventional HSMs also
 have to take precautions to protect their power and data connections. In conventional HSMs, power and data are routed
 into the enclosure along a meandering path through the PCB or through flat flex cables sandwiched in between security
-mesh foil layers~\cite{smith1998}.  As a result of these precautions, in conventional HSMs, this interface rarely is a
+mesh foil layers~\cite{smithBuildingHighperformanceProgrammable1999}.  As a result of these precautions, in conventional
-mechanical weak spot. In inertial HSMs, careful engineering is necessary to achieve the same effect.
+HSMs, this interface rarely is a mechanical weak spot. In inertial HSMs, careful engineering is necessary to achieve the
-Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity.
+same effect. Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity.
 
 \begin{figure}
     \begin{subfigure}[t]{0.3\textwidth}
@@ -636,7 +635,8 @@ Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing co
         \caption{A second moving tamper detection mesh also enables more complex topographies.}
         \label{shaft_cm_a}
     \end{subfigure}
-    \caption{Mechanical countermeasures to attacks through or close to the shaft of a fixed-axis rotating IHSM.}
+    \caption[IHSM shaft mechanical attack countermeasures]{Mechanical countermeasures to attacks through or close to the
+        shaft of a fixed-axis rotating IHSM.}
     \label{shaft_cm}
 \end{figure}
 
@@ -742,7 +742,7 @@ files.
         \center 
         \caption{Assembled mechanical prototype rotor (left) and stator (right) PCB components.}
     \end{subfigure}
-    \caption{Our proof-of-concept prototype IHSM's PCB security mesh design}
+    \caption[IHSM PCB rotor and stator prototypes]{Our proof-of-concept prototype IHSM's PCB security mesh design}
     \label{fig_proto_mesh}
 \end{figure}
 
@@ -761,7 +761,7 @@ files.
         \caption{Detail of a PCB produced with a generated mesh.}
         \label{mesh_gen_sample}
     \end{subfigure}
-    \caption{Our automatic security mesh generation process}
+    \caption[Automatic security mesh generation process visualization]{Our automatic security mesh generation process}
     \label{mesh_gen_fig}
 \end{figure}
 
@@ -841,7 +841,7 @@ are shielded from one another by the motor's body in the center of the PCB.
         stray capacitances.}
         \label{photolink_schematic}
     \end{subfigure}
-    \caption{IR data link implementation}
+    \caption[IHSM IR data link implementation]{IR data link implementation}
 \end{figure}
 
 \subsection{Evaluation}
@@ -951,17 +951,17 @@ the fly, without stopping the rotor.
 \begin{figure}
     \center
     \includegraphics[width=0.7\textwidth]{fig-acc-theory-meas-run50.pdf}
-    \caption{Centrifugal acceleration versus angular frequency in theory and in our experiments. Experimental
+    \caption[Centrifugal acceleration versus angular frequency]{Centrifugal acceleration versus angular frequency in
-    measurements are shown after correction for offset and scale error.  Above \SI{300}{rpm}, the relative error is
+        theory and in our experiments. Experimental measurements are shown after correction for offset and scale error.
-    below $\SI{0.5}{\percent}$. Below $\SI{300}{rpm}$, the residual offset error has a large impact ($0.05\,g$ absolute
+        Above \SI{300}{rpm}, the relative error is below $\SI{0.5}{\percent}$. Below $\SI{300}{rpm}$, the residual
-    or $8\%$ relative at $\SI{95}{rpm}$.)}
+        offset error has a large impact ($0.05\,g$ absolute or $8\%$ relative at $\SI{95}{rpm}$.)}
     \label{fig-acc-theory}
 \end{figure}
 
 \section{Conclusion}
 \label{sec_conclusion} 
 
-In this chapter, we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of
+In this chapter, we introduce Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of
 advanced hardware security modules from simple components.  We analyzed the concept for its security properties and
 highlighted its ability to significantly strengthen otherwise weak tamper detection barriers.  We validated our design
 by creating a proof-of-concept hardware prototype. In this prototype, we have demonstrated practical solutions to the
@@ -978,9 +978,14 @@ allow the construction of devices secure against a wide range of practical attac
 specialized tools.  The rotating mesh allows longitudinal gaps, which enables new applications that are impossible with
 traditional HSMs.  Such gaps can be used to integrate a fan for air cooling into the HSM, allowing the use of powerful
 computing hardware inside the HSM.  We hope that this simple construction will stimulate academic research into (more)
-secure hardware. We published all design artifacts of our PoC online, please refer to Appendix~\ref{sec_repo} for
+secure hardware.
-details. The next steps towards a practical application of our design will be to design a manufacturable stator/rotor
+
-interface with inductive power and data transfer integrated into the motor's magnetics and a custom motor driver tuned
+Building on the foundations of IHSM construction that we laid out in this chapter, in the following two chapters we will
-for the application that is able to precisely measure both angular velocity and winding current for an added degree of
+provide detailed solutions for two key design challenges in IHSM construction. In
-tamper detection through the measurement of external forces acting on the rotor.
+Chapter~\ref{chapter_sampling_mesh_mon}, we will introduce a low-cost tamper sensing mesh monitoring circuit based on
+Time Domain Reflectometry. Using this approach, we can further strengthen the security of meshes created using simple
+manufacturing processes in an IHSM. In Chapter~\ref{chapter-nice-coils}, we approach the question of a
+rotation-invariant wireless inductive power supply for an IHSM and provide a planar inductor layout that minimizes
+voltage ripple with IHSM rotation. In Chapters~\ref{chapter-qkd} and \ref{chapter-smpc}, we will analyze two use cases
+benefitting from IHSMs and tailor the IHSM concept to their requirements.
 

chapter-ihsm/resilient sphere.svg

@@ -0,0 +1,423 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   version="1.1"
+   id="svg1"
+   width="389.46683"
+   height="604.25159"
+   viewBox="0 0 389.46683 604.25161"
+   sodipodi:docname="resilient sphere.svg"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   xml:space="preserve"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+     id="defs1" /><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="0.97134932"
+     inkscape:cx="66.917224"
+     inkscape:cy="294.95053"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="g1"><inkscape:page
+       x="0"
+       y="0"
+       inkscape:label="1"
+       id="page1"
+       width="389.46683"
+       height="604.25159"
+       margin="0"
+       bleed="0" /></sodipodi:namedview><g
+     id="g1"
+     inkscape:groupmode="layer"
+     inkscape:label="1"
+     transform="translate(-75.505248,-73.321357)"><g
+       id="g2"
+       transform="translate(31.302428,34.942244)" /><g
+       id="g11"
+       transform="translate(1.4559264,27.66261)"><g
+         id="g40"
+         transform="translate(-30.574464,69.884489)"><g
+           id="g3"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text3"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,90.867685)"><tspan
+               id="tspan3"
+               style="font-variant:normal;font-weight:100;font-size:14px;font-family:MrsEavesSmallCaps;writing-mode:lr-tb;fill:#8d281e;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.014 0 0 0 -0.028000001 0 0 0 0.028000001 -0.014 0 0 -0.014 0 0 0 0 0 0 -0.014 0.014 0 0 0 -0.041999999"
+               y="0">Otiluke’s Resilient Sphere</tspan></text></g><g
+           id="g4"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text4"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,111.06769)"><tspan
+               id="tspan4"
+               style="font-style:italic;font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 -0.024 0 0.024 -0.024 0 0 0 0.024 0 0.012 -0.024 -0.024 0.024 0 0.012 -0.012 0.012 0 -0.048 0.024 0.012 -0.012 0.024 -0.024"
+               y="0">Level 4 Abjuration (Wizard)</tspan></text></g><g
+           id="g5"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text5"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,140.06769)"><tspan
+               id="tspan5"
+               style="font-variant:normal;font-weight:700;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.059999999 -0.012 -0.012 -0.012 -0.012 0 0 -0.252 -0.024 0.024 -0.035999998 0.024"
+               y="0">Casting Time:</tspan></text></g><g
+           id="g6"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text6"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,166.86667,140.06769)"><tspan
+               id="tspan6"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0"> </tspan></text></g><g
+           id="g7"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text7"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,170.53333,140.06769)"><tspan
+               id="tspan7"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.035999998 0.012 -0.012 -0.012"
+               y="0">Action</tspan></text></g><g
+           id="g8"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text8"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,159.26769)"><tspan
+               id="tspan8"
+               style="font-variant:normal;font-weight:700;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.012 -0.012 0 -0.035999998 0.024"
+               y="0">Range:</tspan></text></g><g
+           id="g9"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text9"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,121,159.26769)"><tspan
+               id="tspan9"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 0 -0.012 0 0 -0.035999998 0.012 -0.024"
+               y="0"> 30 feet</tspan></text></g><g
+           id="g10"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text10"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,178.46769)"><tspan
+               id="tspan10"
+               style="font-variant:normal;font-weight:700;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.059999999 -0.048 0 0.132 -0.048 0 0.024 -0.035999998 -0.012 0.024"
+               y="0">Components:</tspan></text></g><g
+           id="g11-6"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text11"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,164.93333,178.46769)"><tspan
+               id="tspan11"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.396 -1.296 -0.024 0 -0.012 0.012 0 0 0 -0.012 -0.012 0 0 -0.012 -0.012 0.024 -0.012 0 -0.012 -0.012 0.012 0.012 0 -0.024"
+               y="0"> V, S, M (a glass sphere)</tspan></text></g><g
+           id="g12"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text12"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,197.66769)"><tspan
+               id="tspan12"
+               style="font-variant:normal;font-weight:700;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.035999998 0 0 -0.012 -0.012 0.024 -0.048"
+               y="0">Duration:</tspan></text></g><g
+           id="g13"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text13"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,138.66667,197.66769)"><tspan
+               id="tspan13"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Scala Sans Pro';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 0 -0.21600001 0 0 -0.024 0.012 0 -0.012 0 -0.012 -0.012 -0.012 0 0 0.012 0 0 -0.012 0 -0.012 0 0 0.012 0 -0.012 -0.012 0 0 -0.012"
+               y="0"> Concentration, up to 1 minute</tspan></text></g><g
+           id="g14"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text14"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,226.33435)"><tspan
+               id="tspan14"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 0 0.012 0 -0.048 0 0 0 0 0 -0.035999998 0.012 0 0.012 -0.012 0 0 -0.035999998 0 0 0 0 0.024 -0.048 0 0.012 0 0.012 0 0 0 -0.024 0 0 0.012 0 0 0 -0.035999998 0 0.012 0 0 0 0 0 -0.035999998"
+               y="0">A shimmering sphere encloses a Large or smaller </tspan></text></g><g
+           id="g15"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text15"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,248.46769)"><tspan
+               id="tspan15"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.012 0 0 0 -0.012 0 0 0 0 0 -0.035999998 0 0 0 0 0 0.024 -0.012 0 0 0 -0.012 0 0 0 0 -0.035999998 0 0 0.012 0 0 0 -0.024 0 0 0 -0.035999998 0 0 0 0 0 0 -0.024 0 0.024 -0.035999998"
+               y="0">creature or object within range. An unwilling crea</tspan></text></g><g
+           id="g16"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text16"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,428.66667,248.46769)"><tspan
+               id="tspan16"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0">-</tspan></text></g><g
+           id="g17"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text17"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,270.60102)"><tspan
+               id="tspan17"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.012 0 -0.035999998 0 0 0 0 0.012 -0.012 0 0.012 -0.035999998 0.024 -0.012 0 0 0.024 0 0 0 0 0 0 -0.024 0 0 -0.012 0 0 0 -0.012 0.012 0 0.012 0 -0.024 0 0 -0.024 0 -0.012"
+               y="0">ture must succeed on a Dexterity saving throw or </tspan></text></g><g
+           id="g18"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text18"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,292.73435)"><tspan
+               id="tspan18"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.035999998 0 0 0 0 -0.012 0 0 0.012 0 0.024 0 -0.048 0 0 0 0.024 -0.035999998 0 0 0.024 0 -0.035999998 0 0.024 -0.048"
+               y="0">be enclosed for the duration.</tspan></text></g><g
+           id="g19"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text19"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,87.733333,314.86769)"><tspan
+               id="tspan19"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 0 -0.012 0 0 -0.035999998 0.012 0 0 0 -0.012 0 -0.012 0 -0.024 0.012 0 -0.012 0 0 0 0 0 0 0 0.024 -0.012 0.012 0 0 0 -0.035999998 0 0 0.012 -0.024 0 0 0 0 0 0 -0.012 0 0 0 0 -0.024 0.024 0 -0.048"
+               y="0">Nothing—not physical objects, energy, or other spell </tspan></text></g><g
+           id="g20"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text20"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,337.00102)"><tspan
+               id="tspan20"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.048 0 0 0 0.024 -0.012 0.012 0 -0.012 0 0 0 -0.012 0 0.012 0.012 0 -0.012 0 -0.035999998 0 0 0.012 -0.035999998 0 0.024 -0.035999998 0 0 0 0 0 0 0 -0.048 0 0 0 0 0 0 0 0 0 0 -0.035999998 0.024 0 0 -0.012 0 0 -0.035999998 0.012"
+               y="0">effects—can pass through the barrier, in or out, though</tspan></text><text
+             id="text21"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,463.93333,337.00102)"><tspan
+               id="tspan21"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0"> </tspan></text></g><g
+           id="g21"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text22"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,359.13435)"><tspan
+               id="tspan22"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 0 0 -0.012 0 0 0 -0.012 0 0 0 0 -0.048 0 0 -0.012 0 0 0 0.012 -0.012 0 0 -0.035999998 0 0 0.024 0 0 0 -0.035999998 0 0 0 -0.012 0 0 0 -0.012 0 0 0 0 0 0 0 0 0 0 -0.024 -0.012"
+               y="0">a creature in the sphere can breathe there. The sphere </tspan></text></g><g
+           id="g22"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text23"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,381.26769)"><tspan
+               id="tspan23"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.048 0.012 0 0 0 0 -0.035999998 0 0 0 -0.012 0 0 0 0 0 0 0.024 0 -0.035999998 0 0.012 0 0 0 0 0 -0.024 0 0 0 0.024 0 0 0 -0.012 0 -0.035999998 0 0 0 0 0 0 0 0 0 0.024 -0.012"
+               y="0">is immune to all damage, and a creature or object in</tspan></text></g><g
+           id="g23"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text24"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,441.73333,381.26769)"><tspan
+               id="tspan24"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0">-</tspan></text></g><g
+           id="g24"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text25"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,403.40102)"><tspan
+               id="tspan25"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 0 0.024 0 0 -0.012 0 0 0.012 -0.012 0 0 0 0 -0.024 0 0 0 -0.024 0 0.024 0 0 -0.024 0 0 0.024 -0.012 0 -0.012 0.012 0.012 0 0 -0.035999998 0 0 0 0 0 0.024 -0.012 0.012 0 0 0 -0.048 0.012 0 -0.035999998 0 0.024 -0.048 0 0.012"
+               y="0">side can’t be damaged by attacks or effects originating </tspan></text></g><g
+           id="g25"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text26"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,425.53435)"><tspan
+               id="tspan26"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.048 0 0 0 0 0 0 -0.012 0.012 0 -0.024 0 0 0 0 0 0 0 -0.012 0 0 0 0 0 0.024 -0.035999998 0 0 0.024 -0.035999998 0 0 0 0 0 -0.024 0 0.024 0 0 -0.012 0 0 0 -0.024 0.024 -0.035999998"
+               y="0">from outside, nor can a creature inside the sphere </tspan></text></g><g
+           id="g26"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text27"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,447.66769)"><tspan
+               id="tspan27"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 0 0 0 -0.024 0 0 0 0 0.012 -0.012 0 -0.048 0 0.012 0 0 -0.035999998 0.024 -0.024 0 0.024 0 0 0 -0.012"
+               y="0">damage anything outside it.</tspan></text></g><g
+           id="g27"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text28"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,85.333333,469.80102)"><tspan
+               id="tspan28"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 0 -0.035999998 0 0 0.012 -0.012 0 0 0 0 0 -0.048 0.012 0 0 0 0 0.012 -0.035999998 0.024 -0.048 0 0.012 0.012 0 0 0 -0.024 0 0 0 0.012 -0.012 0 0 0 0 -0.024 0 0 0 0 0 -0.035999998 0.012 0 0 -0.012"
+               y="0">The sphere is weightless and just large enough to</tspan></text><text
+             id="text29"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,433.4,469.80102)"><tspan
+               id="tspan29"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0"> </tspan></text></g><g
+           id="g29"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text30"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,491.93435)"><tspan
+               id="tspan30"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.012 0 0 -0.012 0 0 0 0 -0.012 0 -0.048 0 0.024 0 0 0 -0.012 0 0 0 0 0 -0.035999998 0 0 0 0 0 0.024 -0.012 0 0 0 -0.024 0 0.024 0 0 0 -0.024 0 0 0 0 -0.012 0 0 0.012 0 -0.024"
+               y="0">contain the creature or object inside. An enclosed </tspan></text></g><g
+           id="g30"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text31"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,514.06769)"><tspan
+               id="tspan31"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.012 0 0 0 -0.012 0 0 0 0 -0.012 0 0 0 -0.012 0 0.012 -0.048 0 0 0 0 0 0.024 -0.012 0 0 0 0 -0.012 0 0 -0.012 0 0.012 -0.035999998 0 0 0.012 0 0 -0.035999998 0.012 -0.012 0 0.024 -0.035999998"
+               y="0">creature can take an action to push against the </tspan></text></g><g
+           id="g31"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text32"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,536.20102)"><tspan
+               id="tspan32"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 -0.012 0 0 0 0 0.012 -0.024 0 0 0 0 0 0.012 0 0 0 -0.024 0 -0.012 0 0 0.012 0 -0.035999998 0 0 0 0 -0.012 0 0 0 0.012 -0.012 0 0 -0.035999998 0 0 0 0.024 0 -0.035999998 0.024 0 -0.012"
+               y="0">sphere’s walls and thus roll the sphere at up to </tspan></text></g><g
+           id="g32"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text33"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,558.33435)"><tspan
+               id="tspan33"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.035999998 0 0 0 0 -0.012 0 0 0 -0.012 0 0 0 -0.012 0 0 0 0.012 -0.024 0 0 0.024 0 0 -0.024 0 0 0 0 0 0 -0.048 0 0 0 0.012 0 0 -0.012 0 0 0 -0.024 0 0 0 0 0 -0.012"
+               y="0">half the creature’s Speed. Similarly, the globe can </tspan></text></g><g
+           id="g33"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text34"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,580.46769)"><tspan
+               id="tspan34"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.035999998 0 0 -0.012 0 0.024 -0.024 0 0.024 0 0 -0.012 0 0 0 -0.024 0 0 0 0.024 0 -0.024 0 0 -0.024 0 0 0.024 -0.035999998 0 0 0 0.024 0 0 0 -0.012 0 -0.035999998 0 0.012"
+               y="0">be picked up and moved by other creatures.</tspan></text></g><g
+           id="g34"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text35"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,85.333333,602.60102)"><tspan
+               id="tspan35"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024"
+               y="0">A </tspan></text></g><g
+           id="g35"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text36"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,101.73333,602.60102)"><tspan
+               id="tspan36"
+               style="font-style:italic;font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 0.012 -0.024 0.012 -0.024 0 0.024 0 -0.024 0.024 0 -0.024"
+               y="0">Disintegrate </tspan></text></g><g
+           id="g36"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text37"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,186.6,602.60102)"><tspan
+               id="tspan37"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 -0.024 -0.012 0 0 0 0 -0.012 0 0 0.012 0 -0.012 0 -0.035999998 0.012 0 -0.012 0 0 0 -0.024 0 0 0 0 0 0.024 0 -0.024 0.024 -0.035999998 0 0.012 0.012 0 -0.048"
+               y="0">spell targeting the globe destroys it</tspan></text><text
+             id="text38"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,435.2,602.60102)"><tspan
+               id="tspan38"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               y="0"> </tspan></text></g><g
+           id="g38"
+           transform="translate(30.157292,-73.263254)"><text
+             id="text39"
+             xml:space="preserve"
+             transform="matrix(1.3333333,0,0,1.3333333,75.733333,624.73435)"><tspan
+               id="tspan39"
+               style="font-variant:normal;font-weight:normal;font-size:12px;font-family:'Book Antiqua';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               x="0"
+               dx="0 0 0 -0.012 -0.035999998 0 0 -0.012 0 0 0 0 0 0 -0.035999998 0.012 0 0 0 -0.024 -0.012 0 0 0 -0.024 0 0 0 -0.024 0 0.024"
+               y="0">without harming anything inside.</tspan></text></g></g></g><path
+       style="opacity:0.908147;fill:none;stroke:#000000;stroke-width:1.13386;stroke-linecap:round;stroke-linejoin:round"
+       d="m 374.1732,73.888288 c 6.15825,0 16.0152,0 21.47493,9.827506 19.1697,-9.827506 44.46642,-9.827506 64.42476,-9.827506 H 78.984032 v 7.077133 c 3.536433,-3.911646 8.434726,-6.27069 14.694879,-7.077133"
+       id="path39"
+       sodipodi:nodetypes="cccccc" /><path
+       style="opacity:0.908147;fill:none;stroke:#000000;stroke-width:1.13386;stroke-linecap:round;stroke-linejoin:round"
+       d="m 371.26135,677.00598 c 6.15825,0 16.0152,0 21.47493,-9.82751 19.1697,9.82751 44.46642,9.82751 64.42476,9.82751 H 76.072178 v -7.07713 c 3.536433,3.91164 8.434726,6.27069 14.694879,7.07713"
+       id="path40"
+       sodipodi:nodetypes="cccccc" /></g><g
+     id="g1-3"
+     inkscape:groupmode="layer"
+     inkscape:label="1"
+     transform="translate(728.23333,-73.321357)"><g
+       id="g2-5" /></g></svg>

chapter-introduction/chapter.tex

@@ -6,144 +6,319 @@
 }
 
 \chaptertitle{Introduction}
+\label{chapter-intro}
 
-All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist circles since the mid-twentieth century
+\emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a
-that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this
+rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. Despite its
-blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists an interesting parallel between this
+origin in a different era, it encapsulates an approach that is commonly followed in modern cryptography. In
-and modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least
+cryptography, it is considered best practice to have the least amount of parties possible involved in any computation.
-amount of keys possible involved in any computation, and cryptographers have time and time again strongly rejected
+Most cryptographic problems are easily solved by involving a trusted third party (TTP). Yet, cryptographers have time
-attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems~\cite{
+and again vocally rejected attempts to involve third parties in cryptographic protocols~\cite{
     abelsonRisksKeyRecovery1997,
     abelsonKeysDoormats2015,
     andersonSecurityEngineeringGuide2020,
+    rogawayMoralCharacterCryptographic2015,
 }.
 
-The aversion of cryptographers against backdoor access shows up everywhere---from cryptographic protocol standards like
+Considerable research has been focused on creating a versatile set of tools to perform tasks as diverse as secure
-TLS, to cryptographic applications like the Signal messenger, not only is backdoor access excluded from the system
+communication~\cite{
-design, its possibility is considered a potential vulnerability and measures such as forward secrecy and post-compromise
+    alwenDoubleRatchetSecurity2019,
-security are taken to mitigate its impact when it is achieved through other means. In computing, this design aspect
+    marlinspikeDoubleRatchetAlgorithm2025,
-makes cryptographic protocols a unique holdout. In other parts of the stack, explicit or implicit backdoor access is
+    dowlingFlexibleAuthenticatedConfidential2020,
-commonplace, and attempts at preventing it are rare. For instance, network providers are generally required to comply
+    sasySoKMetadataProtectingCommunication2024},
-with so-called \emph{Lawful Interception} orders on particular customers or traffic types, and datacenter operators
+oblivious database access~\cite{
-commonly provide hardware access to state authorities. The design decisions in cryptographic protocols generally hold,
+    chorPrivateInformationRetrieval,
-and the gold standard for backdoor access to modern systems is either exploiting a \emph{zero-day} flaw that is not yet
+    aguilar-melchorXPIRPrivateInformation2016,
-publically known, or acquiring physical access to the target system.
+    reichertMenhirObliviousDatabase2024},
+and even general computation~\cite{
+    goosInformationTheoreticallySecure1999,
+    aumannSecurityCovertAdversaries2010,
+    chorPrivateInformationRetrieval}
+in a decentralized way that avoids trusted authorities.
+While politically, the anarchist blanket rejection of authority represents a fringe viewpoint, in cryptography it has a
+long tradition originating with the Cypherpunk and Hacker movements~\cite{
+    andersonCypherpunkEthicsRadical2022,
+    hughesCypherpunksManifesto,
+    jarvisCryptoWarsFight2020,
+    marlinspikeWeShouldAll2013},
+and extending throughout mainstream academic cryptography.
 
-\section{Research Questions}
+While the aforementioned cryptographic tools enable a large gamut of use cases in theory, in practice cryptographic
+systems are still routinely compromised~\cite{
+    gellmanNSAInfiltratesLinks2013,
+    goldmanUnrestrainedChineseCyberattackers2025,
+    scott-railtonWhoseAuthorityPegasus2024,
+    quintinSomethingRememberUs2024,
+    marczakGraphiteCaughtFirst2025,
+    PredatorFilesTechnical2023,
+    PakistanMassSurveillance2025}.
+A fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even
+today, average computing hardware provides little physical security~\cite{
+    gotzfriedCacheAttacksIntel2017,
+    Lipp2018meltdown,
+    Kocher2018spectre,
+    moghimiTPMFAILTPMMeets2020}.
+\emph{Hardware Security Modules} are a class of devices specifically designed to execute cryptographic algorithms while
+providing strict physical security guarantees, but these systems are expensive,
+and their physical security is often questionable~\cite{
+    obermaier2018,
+    andersonSecurityEngineeringGuide2020},
+which we will elaborate further in Chapter~\ref{chapter-survey}. \textcite{andersonSecurityEngineeringGuide2020} writes
+on HSM security:
 
-In this thesis, we wish to extend the level of protection afforded by cryptographic protocol design down the technology
+\begin{quote}
-stack. While cryptographic protocols and modern software from the operating system up make it possible to secure the
+    Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
-software side of the stack to a high level, the hardware side remains poorly protected. There are a variety of hardware
+    buying HSMs probably won’t be aware of the huge gap between FIPS\footnote{Anderson here refers to the US national
-security solutions in the wild, but the majority of them either do not target protection against local, physical attacks
+    HSM security standard FIPS
--- such as Trusted Platform Modules (TPMs) -- or are not widely available due to market segmentation or cost -- such as
+    140~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002,
-conventional Hardware Security Modules (HSMs).
+    usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}} level 3 and level 4, and
+    understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance,
+    and where real security clashes with operations it’s not surprising to see weaker standards designed to make
+    compliance easier.
+    \begin{flushright}
+        \textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629}
+    \end{flushright}
+\end{quote}
 
-We approach this task by solving three research questions that progress from theory to practical deployment.
+In this thesis, we aim to fill this gap in easily obtainable, secure hardware and extend the level of protection
+afforded by cryptographic protocol design down the technology stack to the hardware level. We propose a new HSM design
+that unlike existing designs can be manufactured at low cost and without access to specialized tools.
+
+% Go into drawbacks of existing HSMs
+
+We publish our design fully open source, including all detials necessary for replication. A fundamental principle in
+cryptographic engineering is Kerckhoffs' principle\footnote{
+    \textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source,
+    as well as a translation of the cited part from French. The original source is
+    \textcite{kerckhoffsCryptographieMilitaire1883}.
+}, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a
+cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. Existing
+commercial designs routinely contravene Kerckhoff's principle by applying the widespread industry practice of
+\emph{Security by Obscurity}. Even in academic related work, the principle is sometimes violated by omitting
+implementation and methodological details in the interest of patents and commercial exploitation. By publishing all
+details of our research into HSMs and their components, we provide the foundation for future independent research.
+
+Beyond applying Kerckhoffs' principle, publishing our design also enables independent replication. Our design is
+based entirely on standard components and does not require bespoke manufacturing processes. Both commercial and academic
+existing HSM tamper sensing designs require bespoke manufacturing methods or custom integrated circuits
+(ICs)~\cite{
+    obermaierPUFfilmMethodProducing2023,
+    immler2019,
+    garbTamperSensitiveDesignPUFBased,
+    immlerBTREPIDBatterylessTamperresistant2018}. Custom ICs require a large up-front financial commitment to produce.
+Bespoke manufacturing methods may require custom machines, training, and specialty materials, also incurring a high
+startup cost. This creates a single point of failure in the manufacturer, and opens up an opportunity for a hardware
+supply-chain attack~\cite{harrisonSoKSecurityArchitects2025}. Such supply chain attacks can be mitigated by
+independently manufacturing our design.
+
+%%%
+\section{A Note on Hardware Security Module Terminology}
+
+In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
+following three properties.
 
 \begin{enumerate}
-    \item Can we achieve physical security without relying on conventional tamper-sensing meshes?
+\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
-    \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
+        such as careful drilling or cutting into the device from any direction.
-        measurement?
+\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
-    \item Can we integrate our findings into a system that provides a useful security guarantee in practice?
+        cryptographic secrets and rendering the device inoperable.
+\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
+        battery. Loss of power triggers the tamper response.
 \end{enumerate}
 
-To solve our first research question, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that
+This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
-extends the high level of protection offered by the modern cryptographic software stack down to the hardware level,
+conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
-enabling secure computation in insecure places.
+simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
+different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
+Council) standards, and from its industry use.
 
-To solve our second question, we propose improvements to the state of the art in HSM tamper sensors such as the use of
+In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
-low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that can even be
+particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
-applied to conventional HSMs.
+landscape, where for applications outside of card payment processing the US FIPS
+140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
+the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
+draw a distinction in its terminology between the two classes.
 
-Finally, we solve our last research question by showing in two case studies how an end-to-end design of an IHSM-secured
+\subsection{Use in government standards}
-data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously
+
-infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key
+Under the still widely used US national standard FIPS 140 in in its 2002 version
-Distribution (QKD) networks. As part of this effort we provide a solution adapting and improving upon the state of the
+2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
-art in wireless power transfer to supply a rotating inertial HSM with a clean, stable power supply.
+\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level} 4 out of 4. Interesting
+to note are that only level 4 requires any active tamper detection and response, so devices compliant only up to levels
+3 and below do not align with our HSM definition. Futher of note is that according to the standard, a single-chip
+solution does not require any tamper detection and response either to meet the standard's security level 4, which is in
+misalignment with our definition. The standard's 2019 updated version FIPS
+140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
+international standards ISO/IEC 19790 and 24759.
+
+ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
+Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
+active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
+
+\subsection{Use in card payment processing (PCI SSC) standards}
+
+The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
+defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
+payment data in online shop backend systems.
+
+PCI SSC terminology aligns with our definition and with common everyday use of the term HSM. In PCI SSC terminology, a
+HSM is a crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology
+differs from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device
+used for backend processing of payment data. The general class of ``hardware devices performing some security function
+with or without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
+Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
+versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
+SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
+\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
+response functionality including partial coverage of areas like their main cryptographic processor and smart card reader
+by battery-backed tamper-sensing meshes. Under our definition, these devices can be classified as a type of HSM. 
+
+\subsection{Tamper-Sensing Meshes}
+
+In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
+refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
+drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
+less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
+or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
+to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
+
+% FIXME note leo: Das ganze wirkt wie ein guter baustein für eine Einleitung. Für einen Terminologie übersicht ist es
+% ansonsten auch eigentlich zu lang.
+% Splitte das vielleicht auf, ein paar mehr details in den Abstract um die HSM definition etwas zu präzisieren, den rest
+% in die Intro?
+%%%
+
+\section{Inertial Hardware Security Modules}
+
+In this thesis, we propose Inertial Hardware Security Modules (IHSMs) to fill the gap of protecting systems that handle
+highly sensitive data but that cannot use conventional HSMs for cost or performance reasons. In a system with a secure
+software stack, the role of a HSM is to secure the hardware part of the stack. The basic approach of a HSM is to combine
+a secure software stack with tamper sensors connected to a fast self-destruct mechanism. The tamper sensors are tasked
+with detecting any physical attack an attacker could mount on the device. Common classes of such sensors include
+environmental sensors such as temperature or radiation sensors that detect attempts at causing controllable faults in
+the HSM by heating, cooling or irradiating it. Building on the basic protection offered by such sensors,
+\emph{tamper-sensing meshes} are often employed. These \emph{meshes} are flexible foils containing circuit traces that
+are attached to the HSM's enclosure to detect attempts at penetrating the shell of the device with probes.
+Tamper-sensing meshes usually are the primary line of defense against most physical attacks. They are very effective at
+mitigating a large variety of physical attacks, but they are difficult to construct securely as they usually require
+bespoke manufacturing processes. As a result, they are currently only used in niche applications, and even there not
+every realization is equally secure. The self-destruct mechanism can be hardware or software that quickly and securely
+destroys all cryptographic secrets, thereby rendering the device worthless to an attacker. 
+
+IHSMs are a new design approach that utilizes mechanical motion to create secure tamper-sensing meshes from simple
+components. IHSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
+tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
+rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
+bespoke foils used in conventional HSMs against an attacker with access to commercially available tools, yet they are
+simpler and less expensive to manufacture. To verify that the mesh is rotating correctly, an accelerometer is placed on
+the rotating mesh, and its centrifugal force reading is used to validate its path of motion.
+
+IHSMs enable the protection of much larger payloads compared to conventional mesh designs, and they can support larger
+power dissipation. Combined with their low cost, this enables the implementation of high-level hardware security in
+applications that previously would not have been possible to secure.
+
+To the best of our knowledge, IHSMs are the first fully open source, replicable HSM with advanced tamper sensing
+features. Across application domains, IHSMs can be applied to gain resistance to physical attacks in scenarios where
+conventional HSMs were not used because of cost, computing power or implementation effort. Where conventional HSMs come
+as fully integrated devices that only expose limited APIs to their users, IHSMs at their core are just an enclosure that
+the user can put whatever hardware they need into, adapting the tamper response to their application's needs. Since the
+simpler tamper-sensing mesh construction of IHSMs scales to larger payload volumes, entire servers can be
+protected---something that is impossible with conventional HSMs. Since the mesh in an IHSM is constantly moving, unlike
+a mesh in a conventional HSM, it does not have to entirely cover the payload. Instead, it can have gaps that allow for
+air flow between outside and inside, enabling active cooling of the IHSM's payload. This cooling capability increases
+computing power by increasing feasible payload power dissipation by orders of magnitude~\cite{kordyban1998}.
+
+\section{Research Questions and Contributions}
+
+Based on the current state of the field of hardware security, we deduce six overarching research questions for this
+thesis that progress from theory to practical deployment.
+
+\begin{enumerate}
+    \item What is the state of the art in commercial tamper sensing mesh implementations?
+    \item What are criteria and approaches for the design of secure tamper sensing meshes?
+    \item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
+        bespoke manufacturing process?
+    \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
+        measurement?
+    \item Can we improve the ripple voltage performance of Wireless Power Transfer (WPT) through rotating joints to
+        adapt it to IHSM applications?
+    \item What applications does our IHSM technology open up through its increase in power dissipation and size
+        capabilities?
+\end{enumerate}
+
+We answer our first research question in two parts. In Chapter~\ref{chapter-epa}, we analyze the hardware security
+design of Germany's new national electronic health record system. Our analysis unveils a combination of problematic
+choices resulting from conflicting constraints and lack of awareness. In Chapter~\ref{chapter-survey}, we present the
+results of a survey across approximately 30 real world tamper sensing mesh implementations, analyzing common design
+features.
+
+The second half of our survey in Chapter~\ref{chapter-survey} answers our second research question. From our analysis of
+a large corpus of devices, we deduce a list of design criteria that can be applied to increase the security of any
+tamper sensing mesh implementation. To answer our third research question, in Chapter~\ref{chapter-ihsm} we propose the
+Inertial Hardware Security Module (IHSM), a new type of HSM that extends the high level of protection offered by the
+modern cryptographic software stack down to the hardware level, enabling secure computation in insecure places. IHSMs
+can be built from basic, off-the-shelf components and do not require bespoke manufacturing processes. To answer our
+fourth research question, in Chapter~\ref{chapter_sampling_mesh_mon} we propose improvements to the state of the art in
+HSM tamper sensors based on the use of low-cost, embeddable Time-Domain Reflectometry (TDR). Our improvements can be
+applied to both IHSMs and to conventional HSMs. IHSMs come with unique power supply constraints since their rotating
+mesh must be continuously powered. A straightforward solution utilizes Wireless Power Transfer using planar inductors,
+but existing WPT designs exhbit a ripple voltage due to an asymmetry of conventional planar inductors. This leads to our
+fifth research question, which we solve in Chapter~\ref{chapter-nice-coils} with the design and experimental evaluation
+of a new, generalized class of \emph{twisted} planar inductors that reduces voltage ripple in rotating shaft setups.
+A finding of independent interest is that compared to conventional two-layer planar inductors, in our experiments our
+proposed inductor design improved self-resonant frequency by up to \qty{50}{\percent} and increased inductance by up to
+\qty{6.5}{\percent}. Finally, we answer our last research question by showing in two case studies how an end-to-end
+design of an IHSM-secured data processing system could look like. Both case studies concern scenarios that IHSMs unlock
+that were previously infeasible using conventional HSMs: In Chapter~\ref{chapter-qkd}, we explore how IHSMs enable
+long-range Quantum Key Distribution (QKD) networks using trustable physically secured relay nodes and in
+Chapter~\ref{chapter-smpc} we elaborate how datacenter-scale Secure Multiparty Computation (SMPC) clusters can be
+created using IHSM enclosures with commercial server hardware.
+
+\section{Contributions}
+
+Through this thesis, we make contributions advancing the state of hardware securty across several related sub-fields.
+Our contributions include:
+
+\begin{enumerate}
+    \item We conduct the first large-scale survey of tamper sensing measures in the real world, analyzing approximately
+        30 devices.
+    \item From our real world observations, we systematize tamper sensing mesh construction techniques and we provide a
+        list of criteria improving mesh security.
+    \item We experimentally analyze the impact of Computed Tomography (CT) imaging on mesh security.
+    \item We propose the IHSM, a new concept for HSM design based on a rotating mesh that increases payload size and
+        power dissipation capacity while simultaneously allowing for simpler meshes constructed from standard
+        components.
+    \item We show experimental results on IHSM mesh performance obtained with a prototype IHSM.
+    \item We introduce an algorithm for the automatic layout of tamper-sensing meshes and its implementation on top of a
+        popular, open-source Electronic Design Automation (EDA) tool.
+    \item We introduce a high-fidelity mesh monitoring approach that uses Time-Domain Reflectometry (TDR).
+    \item We show a low-cost implementation of our TDR monitoring approach.
+    \item We evaluate the performance of our TDR monitoring implementation and demonstrate its response to a large
+        set of attacks. We show that it reliably distinguishes identical copies of the same mesh specimen, suggesting
+        PUF-like behavior.
+    \item We introduce a generalized design approach for low-loss planar inductors that out-peform prior approaches in
+        parasitic capacitance, self-resonant frequency and rotational symmetry. 
+    \item We apply our design approach to the problem of Wireless Power Transfer to the rotating mesh of an IHSM.
+    \item We conduct an exhaustive experimental evaluation of the rotational symmetry of a large set of planar WPT
+        inductors created using our approach.
+    \item We analyze physically secure Quantum Key Distribution relays as an IHSM use case and develop a low-loss fiber
+        optic passthrough that supports an additional, secondary, independently rotating mesh shielding the shaft
+        passthrough of the IHSM's primary mesh.
+    \item We explore IHSMs for co-located high performance Multiparty Computation (MPC) setups. We demonstrate a
+        fan-driven IHSM mesh concept for high-availability scenarios that removes motors as a single point of failure
+        while providing sufficient airflow for cooling high-power server components.
+\end{enumerate}
 
 We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs
 can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure
 computation in insecure places even to small organizations such as university research departments, NGOs and small
 businesses.
 
-\section{Cryptographic Principles and Physical Reality}
-
-Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
-Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle, named after Dutch military
-cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system should only depend on the
-secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle states the opposite of the
-widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security by making it sufficiently
-annoying to cryptoanalyze a system that nobody bothers. Complementary to Kerckhoff's principle is the principle of least
-authority, which describes that in a secure system each component should only have access to the smallest set of
-capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design
-should be transparent and not include any hidden components or opaque parts that cannot be inspected, and that the
-system's keys should be scoped to place the least amount of trust possible in each participating party.
-
-Let's take a basic videoconferencing system as an example. In our example system's deployment, users log on to a central
-conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video
-streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would
-have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed
-architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access
-system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to
-the proper function of the videoconference system.
-
-In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the
-practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern
-open-source software, practical depoloyments usually are vulnerable to physical attacks. Computer hardware generally is
-not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully
-prevent them---such attacks usually can only be detected, or at best slowed down. As a result, commonplace attacks
-against modern software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted
-(E2EE) communication systems can be compromised if one of the encrypted channel's endpoints can be physically
-compromised. Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available
-as a turnkey solution on the market.
-
-\section{Inertial HSMs}
-
-In this thesis, we propose Inertial HSMs to fill this gap in the protection of systems that are not critical enough to
-warrant the expensive existing solutions such as conventional HSMs, while still handling highly sensitive data. In a
-system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic approach
-of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The self-destruct
-mechanism can be hardware or software that quickly and securely destroys all cryptographic secrets, thereby rendering
-the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could
-mount on the device. Common classes of such sensors include environmental sensors such as temperature or radiation
-sensors that detect attempts at causing controllable faults in the HSM by heating, cooling or irradiating it. Building
-on the basic protection offered by such sensors, \emph{tamper-sensing meshes} are often employed. These \emph{meshes}
-are flexible foils containing circuit traces that are attached to the HSM's enclosure to detect attempts at penetrating
-the shell of the device with probes. Tamper-sensing meshes usually are the primary line of defense against most physical
-attacks. They are very effective at mitigating a large variety of physical attacks, but they are difficult to construct
-securely as they usually require bespoke manufacturing processes. As a result, they are currently only used in niche
-applications, and even there not every realization is equally secure.
-
-Inertial HSMs are a new design approach that utilizes mechanical motion to create secure tamper-sensing meshes from
-simple components. IHSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
-tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
-rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
-bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh
-is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to
-validate itk path of motion.
-
-IHSMs enable the protection of much larger payloads compared to conventional mesh designs, and they can support larger
-power dissipation. This and their low cost enables the implementation of high-level hardware security in applications
-that previously would not have been possible to secure.
-
-Inertial HSMs are the first fully open source HSM with advanced tamper sensing features. Across application domains,
-Inertial HSMs can be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used
-because of cost, computing power or implementation effort. Where conventional HSMs come as fully integrated devices that
-only expose limited APIs to their users, Inertial HSMs at their core are just an enclosure that the user can put
-whatever hardware they need into. Since the simpler tamper-sensing mesh construction of IHSMs scales to larger payload
-volumes, entire servers can be protected---something that is impossible with conventional HSMs. Since the mesh in an
-IHSM is constantly moving, unlike a mesh in a convetional HSM, it does not have to entirely cover the payload. Instead,
-it can have gaps that allow for air flow between outside and inside, enabling active cooling of the IHSM's payload. This
-cooling capability sharply increases computing power by increasing feasible payload power dissipation by
-two orders of magnitude.
-
-\section{Conclusion}
-
 Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions
 promising easy hardware security, clearly there is still a lack of solutions that provide the adaptability necessary for
 some real use cases at low enough cost. By publishing the tamper-sensing technology we developed during the making of
-this thesis as open source hardware designs, we wish to provide this missing building block to provide high-level
+this thesis as open source hardware designs, we aim to provide this missing building block to provide high-level
-hardware security in real-world applications. Our hardware designs can be adapted to a devices ranging from Single-Board
+hardware security in real-world applications. Our hardware designs can be adapted to devices ranging from Single-Board
 Computers (SBCs) to servers, they are compatible with non-computing applications like Quantum Key Distribution (QKD) and
 their design approaches can even be integrated into existing HSM designs to provide better security at little additional
 cost.

chapter-nice-coils/chapter.tex

@@ -1,11 +1,17 @@
-\chapter{Rotation-Invariant Envelope Power Supply}
+\chapterquote{Clifford Ashley~\cite{ashleyAshleyBookKnots1993}}{
+    A knot is never ``nearly right''; it is either exactly right or it is hopelessly wrong, one or the other; there is
+    nothing in between. This is not the impossibly high standard of the idealist, it is a mere fact for the realist to
+    face.}
+\chaptertitle{Rotation-Invariant Envelope Power Supply}
+\label{chapter-nice-coils}
 % Twisted Inductor paper
 
 A central engineering challenge in inertial HSMs is transferring power and data between the payload and the rotating
-mesh cage. Industrially, power and data transfer through rotating joints is usually done using slip ring assemblies. A
+mesh cage (cf.\ Chapter~\ref{chapter-ihsm}). Industrially, power and data transfer through rotating joints is usually
-slip ring consists of one or more contacts that wipe on a rotating circular surface. Industrially, metal spring contacts
+done using slip ring assemblies. A slip ring consists of one or more contacts that wipe on a rotating circular surface.
-plated with hard gold or other common surface coatings are used for transferring small currents and data signals, and
+Industrially, metal spring contacts plated with hard gold or other common surface coatings are used for transferring
-carbon brushes are used for higher currents. Slip rings are widely used in motors and other rotating machinery.
+small currents and data signals, and carbon brushes are used for higher currents. Slip rings are widely used in motors
+and other rotating machinery.
 
 For use in IHSMs, slip rings have several limitations. First, they are complex precision-machined components and thus
 are rather expensive. Beyond cost, they also have performance limitations. Generally, slip rings are most well-suited to
@@ -16,8 +22,9 @@ any misalignment or contamination by dust can increase wear and cause intermitta
 An IHSM's data link can easily be realized using optical communication. Although power transfer using light is also
 possible---and we have in fact demonstrated it in our first prototype IHSM---it comes at the disadvantage of a heavy
 rotating assembly since large solar cells are needed, and it has poor end-to-end efficiency. For the large-scale meshes
-needed in a high-performance IHSM tailored to SMPC applications, we engineered a better solution: A rotation-invariant
+needed in a high-performance IHSM such as one tailored to SMPC applications as we will propose later in
-inductive Wireless Power Transfer link.
+Chapter~\ref{chapter-smpc}, we engineered a better solution: A rotation-invariant inductive Wireless Power Transfer
+link.
 
 While Wireless Power Transfer (WPT) is widely used and can be implemented in many different ways~\cite{
     awuahNovelCoilDesign2023,
@@ -58,13 +65,14 @@ circuits.
         \subcaptionbox{\raggedright Our proposed inductor layout}{
             \includegraphics[width=0.28\textwidth]{svg_vis_paper.png}}
     \end{center}
-    \caption{Illustration of our proposed inductor layout compared to contemporary conventional planar inductors and
+    \caption[Planar inductor layout comparison]{Illustration of our proposed inductor layout compared to contemporary
-        honeycomb as well as basket-woven coils from the early days of wireless radio.}
+        conventional planar inductors and honeycomb as well as basket-woven coils from the early days of wireless
+        radio.}
     \label{fig_illust_honeycomb_basket}
 \end{figure}
 
 \todo{Not final graphics. Get proper scans for camera-ready version}
-In the WPT link powering the rotating mesh of an IHSM presentsan unusual set of constraints, which does not seem to be
+In the WPT link powering the rotating mesh of an IHSM presents an unusual set of constraints, which does not seem to be
 addressed adequately in the existing literature on inductive WPT yet. To reduce the need for custom-wound inductors, we
 settled on using a planar inductor implemented in a Printed Circuit Board (PCB). Such planar PCB inductors are limited
 by the structure size limits of the PCB process, resulting in rotational asymmetry due to the trace width. Planar
@@ -113,15 +121,16 @@ rotation ripple at low turn counts.
 
 \subsection{Twisted inductors}
 
-To solve these issues, we propose a layout for circular PCB inductors that uses a number of series-connected interleaved
+To solve these issues, in this chapter we propose a layout for circular PCB inductors that uses a number of
-spirals to achieve a topological equivalent to a torus knot from mathematical knot theory. Our layout twists the
+series-connected interleaved spirals to achieve a topological equivalent to a torus knot from mathematical knot theory.
-inductor's windings around one another by connecting the interleaved spiral segments with a ring of vias each on the
+Our layout twists the inductor's windings around one another by connecting the interleaved spiral segments with a ring
-inside and outside of the inductor's windings. Our approach provides better performance beyond our particular use case,
+of vias each on the inside and outside of the inductor's windings. Our approach provides better performance beyond our
-and improves over conventional contemporary planar inductors applying similar principles to those which inspired  the
+particular use case, and improves over conventional contemporary planar inductors applying similar principles to those
-polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted inductor for any number
+which inspired  the polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted
-of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a design space for inductor
+inductor for any number of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a
-layouts that interpolate between planar spiral inductors on one end, and planar toroidal inductors on the other end. Our
+design space for inductor layouts that interpolate between planar spiral inductors on one end, and planar toroidal
-approach thus generalizes a super-set to a number of previous approaches to the design of planar inductors.
+inductors on the other end. Our approach thus generalizes a super-set to a number of previous approaches to the design
+of planar inductors.
 
 We observe that in high-frequency applications, a moderate number of layer inversions increases the spacing between the
 beginning and end of the inductor's conductor, where the majority of the inductor's AC current flows. This decreases the
@@ -147,6 +156,10 @@ Our contributions on this matter include:
 
 \section{Related Work}
 
+In this section we will give an overview on related work from two primary angles. First, we will approach our question
+from the application side, examining literature on Wireless Power Transfer. To conclude, we will then consider our
+inductor design question from the fundamentals of inductor design.
+
 \subsection{Inductive WPT in Practice}
 
 Inductive WPT has been proposed in a large number of
@@ -372,9 +385,9 @@ scheme~\cite{lopeFirstSelfresonantFrequency2021,sproHighVoltageInsulationDesign2
     \begin{center}
         \includegraphics[width=\textwidth]{nk_combined.pdf}
     \end{center}
-    \caption{Inductor layouts for several sets of turn count $n$ and inversion count $k$. The top row shows the actual
+    \caption[Basic twisted planar inductor layouts]{Inductor layouts for several sets of turn count $n$ and inversion
-    trace layout in cartesian coordinates, the bottom row visualizes the winding schema.
+        count $k$. The top row shows the actual trace layout in cartesian coordinates, the bottom row visualizes the
-    }
+        winding schema.}
     \label{fig_nk_combined}
 \end{figure}
 
@@ -382,8 +395,9 @@ scheme~\cite{lopeFirstSelfresonantFrequency2021,sproHighVoltageInsulationDesign2
     \begin{center}
         \includegraphics[width=\textwidth]{nk_complex_illust.pdf}
     \end{center}
-    \caption{Layout examples for a number of combinations of turn count $n$ and inversion count $k$. Note that in this
+    \caption[Complex twisted planar inductor layout variants]{Layout examples for a number of combinations of turn count
-    illustration we chose values for $n$ and $k$ such that all pairs are coprime.}
+        $n$ and inversion count $k$. Note that in this illustration we chose values for $n$ and $k$ such that all pairs
+        are coprime.}
     \label{fig_nk_complex_illust}
 \end{figure}
 
@@ -664,10 +678,11 @@ additional cost and without compromising other performance parameters.
         $25$& $37$& $18.15$&  $6.0$&    $2.0197$& $15.9$&   $17.100$& $0.2$&    $2.000$&  $15.1$&   $\textbf{17.066}$&  $10.31$&  $1.698$\\
 
     \end{tabular}
-    \caption{Inductor sample design parameters and measured characteristics. All inductors have outer diameter
+    \caption[Inductor sample design parameters and measured characteristics.]{Inductor sample design parameters and
-        \qty{35}{\milli\meter} and inner diameter \qty{15}{\milli\meter}. The missing values in the simulation results
+        measured characteristics. All inductors have outer diameter \qty{35}{\milli\meter} and inner diameter
-        columns result from the solver failing to converge. Bolded values highlight the best performing coil of each
+        \qty{15}{\milli\meter}. The missing values in the simulation results columns result from the solver failing to
-        turn count. Shaded rows indicate conventional two-layer planar inductors ($k=1$).}
+        converge. Bolded values highlight the best performing coil of each turn count. Shaded rows indicate conventional
+        two-layer planar inductors ($k=1$).}
     \label{tab_coupons}
 \end{sidewaystable}
 
@@ -734,9 +749,9 @@ indicating a contribution from flux linkage.
         $75$&$90$&$53$  &$320$& $461$&          $76.2$&          $8.75$&           $0.72$\\
         $75$&$90$&$53$  &$480$& $\mathbf{470}$& $92.9$&          $8.00$&           $0.84$\\
     \end{tabular}
-    \caption{Parameters and measurement results of a set of larger sample inductors. Bold values indicate best
+    \caption[Parameters and measurement results of larger sample inductors.]{Parameters and measurement results of a set
-        performance at a given size. Shaded rows indicate conventional planar toroidal ($n=1$) or two-layer planar
+        of larger sample inductors. Bold values indicate best performance at a given size. Shaded rows indicate
-        spiral inductors ($k=1$).}
+        conventional planar toroidal ($n=1$) or two-layer planar spiral inductors ($k=1$).}
     \label{tab_wide_coils}
 \end{table}
 
@@ -754,9 +769,9 @@ angles to one another.
     \begin{center}
         \includegraphics[width=.65\textwidth]{test_schematic.pdf}
     \end{center}
-    \caption{The test schematic used in all measurements. For direct coupling factor measurements, the load resistor was
+    \caption[Planar inductor test schematic]{The test schematic used in all measurements. For direct coupling factor
-    disconnected. We measure voltage at the output of the function generator to account for drop in its internal output
+        measurements, the load resistor was disconnected. We measure voltage at the output of the function generator to
-    resistance.}
+        account for drop in its internal output resistance.}
     \label{fig_test_schematic}
 \end{figure}
 
@@ -769,10 +784,10 @@ using Keysight 34465A multimeters in AC Root Mean Square (RMS) mode.
     \begin{center}
         \includegraphics[width=0.8\textwidth]{symmetry_3turn_n_twist.pdf}
     \end{center}
-    \caption{RMS output voltage of the test circuit from Figure\ \ref{fig_test_schematic} for three pairs of matching
+    \caption[Planar inductor voltage ripple versus rotation angle]{RMS output voltage of the test circuit from Figure\
-    inductors with one inductor rotating w.r.t.\ the other. The inductors have $n=3$ turns each and $k=\frac{1}{2}$,
+        \ref{fig_test_schematic} for three pairs of matching inductors with one inductor rotating w.r.t.\ the other. The
-    $k=1$, and $k=3$, respectively. For each $k$, voltage curves are plotted for a number of different radial offsets
+        inductors have $n=3$ turns each and $k=\frac{1}{2}$, $k=1$, and $k=3$, respectively. For each $k$, voltage
-    between the two inductor's centers.}
+        curves are plotted for a number of different radial offsets between the two inductor's centers.}
     \label{fig_symmetry_3turn_n_twist}
 \end{figure}
 
@@ -804,12 +819,12 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
     \begin{center}
         \includegraphics[width=.65\textwidth]{k_ripple_plot.pdf}
     \end{center}
-    \caption{RMS Voltage ripple in a model rotating WPT setup with $R_L=\qty{10}{\ohm}$ as a percentage of total RMS
+    \caption[Planar inductor voltage ripple versus design parameter]{RMS Voltage ripple in a model rotating WPT setup
-    output voltage, plotted against inductor inversion count $k$. Measurements were taken with a number of different
+        with $R_L=\qty{10}{\ohm}$ as a percentage of total RMS output voltage, plotted against inductor inversion count
-    coils with turn count $n$ between a single turn and $25$ turns. Measurements were taken at two different radial coil
+        $k$. Measurements were taken with a number of different coils with turn count $n$ between a single turn and $25$
-    offsets of $r=\qty{1}{\milli\meter}$ and $\qty{4}{\milli\meter}$. Coil distance was $d=\qty{1}{\milli\meter}$ in all
+        turns. Measurements were taken at two different radial coil offsets of $r=\qty{1}{\milli\meter}$ and
-    cases. The shaded area indicates conventional coil layouts, with the remainder of the plot showing twisted
+        $\qty{4}{\milli\meter}$. Coil distance was $d=\qty{1}{\milli\meter}$ in all cases. The shaded area indicates
-    inductors.}
+        conventional coil layouts, with the remainder of the plot showing twisted inductors.}
     \label{fig_k_ripple_plot}
 \end{figure}
 
@@ -832,10 +847,11 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
     \begin{center}
         \includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n3_r4.pdf}
     \end{center}
-    \caption{RMS ripple magnitude as a percentage of mean RMS output voltage, plotted against the rotation of each of
+    \caption[Planar inductor voltage ripple versus both angles for $n=3, k=\{0,1,4\}$]{RMS ripple magnitude as a
-    the two inductors. The two coils were kept at a constant \qty{4}{\milli\meter} radial offset, and the output coil
+        percentage of mean RMS output voltage, plotted against the rotation of each of the two inductors. The two coils
-    was loaded with a \qty{10}{\ohm} load. All RMS ripple plots in this chapter share the same color scale to allow for
+        were kept at a constant \qty{4}{\milli\meter} radial offset, and the output coil was loaded with a
-    visual comparison. This figure shows four variants of 3-turn coils, plots for $n=5$ can be found in Figure\
+        \qty{10}{\ohm} load. All RMS ripple plots in this chapter share the same color scale to allow for visual
+        comparison. This figure shows four variants of 3-turn coils, plots for $n=5$ can be found in Figure\
         \ref{fig_rms_ripple_n5} and plots for $n=\{10,25\}$ in Figures \ref{fig_rms_ripple_n10} and
         \ref{fig_rms_ripple_n25}.}
     \label{fig_rms_ripple_n3}
@@ -845,7 +861,8 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
     \begin{center}
         \includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n10_r4.pdf}
     \end{center}
-    \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 10-turn coils.}
+    \caption[Planar inductor voltage ripple versus both angles for $n=10, k=\{0,1,3,7\}$]{RMS ripple magnitude as shown
+        in Figure\ \ref{fig_rms_ripple_n3} for four different 10-turn coils.}
     \label{fig_rms_ripple_n10}
 \end{figure}
 
@@ -853,7 +870,8 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
     \begin{center}
         \includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n25_r4.pdf}
     \end{center}
-    \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 25-turn coils.}
+    \caption[Planar inductor voltage ripple versus both angles for $n=25, k=\{0,1,3,13\}$]{RMS ripple magnitude as shown
+        in Figure\ \ref{fig_rms_ripple_n3} for four different 25-turn coils.}
     \label{fig_rms_ripple_n25}
 \end{figure}
 
@@ -861,7 +879,8 @@ pitch, as their turns deviate the furthest from a set of ideal, concentric circl
     \begin{center}
         \includegraphics[width=.65\textwidth]{rms_ripple_double_rotation_n5_r4.pdf}
     \end{center}
-    \caption{RMS ripple magnitude as shown in Figure\ \ref{fig_rms_ripple_n3} for four different 5-turn coils.}
+    \caption[Planar inductor voltage ripple versus both angles for $n=5, k=\{0,1,3,7\}$]{RMS ripple magnitude as shown
+        in Figure\ \ref{fig_rms_ripple_n3} for four different 5-turn coils.}
     \label{fig_rms_ripple_n5}
 \end{figure}
 
@@ -895,8 +914,16 @@ increased inductance compared to conventional two-layer planar spiral inductors.
 
 We base our evaluation on laboratory measurements on a set of 39 sample inductors in total, including an automated,
 four-dimensional mapping of the coupling between a pair of identical inductors. We provide both an analytical
-description of twisted inductor construction as well as a set of Open-Source tools for their design.
+description of twisted inductor construction as well as a set of Open-Source tools for their design in the supplementary
+material to this thesis.
 
+Applied to an IHSM design, a wireless power transfer system using twised inductors to power the rotating mesh improves
+efficiency by reducing losses due to stray capacitance and reduces secondary-side ripple. The reduced secondary-side
+ripple allows the use of smaller filtering components, reducing board mass and mitigating heavy components as a possible
+fault location. Additionally, the reduced ripple allows the use of secondary-side voltage regulators with less voltage
+headroom, further reducing power transfer losses. By directly embedding twisted inductors into the IHSM's secondary side
+mesh monitoring PCB, construction is simplified. The resulting assembly is lighter and smaller, which reduces motor load
+and enables the implementation of compact IHSM meshes. 
 
 %\begin{figure}
 %    \begin{center}

chapter-qkd/chapter.tex

@@ -1,4 +1,9 @@
+\chapterquote{Russell Impagliazzo~\cite{impagliazzoPersonalViewAveragecase1995}}{
+    One should always assume that people willing to break a system are also willing to use significantly more resources
+    doing so than legitimate users are willing to spend routinely.
+}
 \chaptertitle{Case Study: Physical Security in Quantum Key Distribution}
+\label{chapter-qkd}
 
 Quantum Computing promises efficient solutions to a number of widely used cryptographic computational problems. As a
 countermeasure, new \emph{post-quantum} cryptosystems have been developed that are not susceptible to known quantum or
@@ -35,7 +40,7 @@ requirements of a QKD system.
     \begin{center}
         \includegraphics[width=0.7\textwidth]{fiber_passthrough_mech_model__8290_small_annotations.pdf}
     \end{center}
-    \caption{Photo of our mechanical prototype.
+    \caption[QKD fiber passthrough prototype mechanical prototype]{Photo of our mechanical prototype.
     1 - Bracket connecting payload and shaft with hidden spiral conduit for optical fibers.
     2 - Upper tamper sensing mesh PCB. 
     3 - Outer IHSM tamper sensing mesh cage.
@@ -52,7 +57,7 @@ requirements of a QKD system.
 \end{figure}
 
 In this chapter, we present several designs and a mechanical prototype adapting the Inertial Hardware Security Module
-(IHSM) concept first proposed by \textcite{gotteCantTouchThis2022} to a QKD relay node. IHSMs replace the tamper sensing
+(IHSM) concept that we developed in Chapter~\ref{chapter-ihsm} to a QKD relay node. IHSMs replace the tamper sensing
 security mesh foil that is wrapped around the payload in conventional HSMs by a tamper-sensing cage made from
 conventional circuit board material by spinning this cage at a high speed. On its own, circuit board material provides
 lower tamper security than the tamper sensing foils made using bespoke manufacturing processes that are used in
@@ -237,14 +242,15 @@ common fibers is usually in the range of
 
 \subsection{Multi-fiber passthrough design}
 
-To approach the security of the data and power connections passing through the IHSM's unprotected shaft,
+To approach the security of the data and power connections passing through the IHSM's unprotected shaft, in our
-\textcite{gotteCantTouchThis2022} list some shielding methods that use an independently rotating secondary tamper
+introduction of the IHSM concept in Chapter~\ref{chapter-ihsm} we listed some shielding methods that use an
-sensing mesh on the inside of the primary mesh, located right next to the primary mesh's axis opening. This secondary
+independently rotating secondary tamper sensing mesh on the inside of the primary mesh, located right next to the
-mesh makes accessing the payload using probes inserted through the shaft much more difficult.
+primary mesh's axis opening. This secondary mesh makes accessing the payload using probes inserted through the shaft
-\textcite{gotteCantTouchThis2022} only present conceptual drawings of these schemes, and focus on electrical signals. In
+much more difficult. In our introduction in Chapter~\ref{chapter-ihsm}, we only presented conceptual drawings of these
-this chapter, building on these concepts, we present mechanical designs of three variations of a fiber passthrough for
+schemes, and focused on electrical signals. In this chapter, building on these concepts, we present mechanical designs
-IHSMs that are adapted to the limited bending radius of optical fiber: A simple disc cover, offset labyrinth meshes, and
+of three variations of a fiber passthrough for IHSMs that are adapted to the limited bending radius of optical fiber: A
-interlocking gear meshes. We present a mechanical prototype of our offset labyrinth mesh design.
+simple disc cover, offset labyrinth meshes, and interlocking gear meshes. We present a mechanical prototype of our
+offset labyrinth mesh design.
 
 \subsection{Simple disc cover}
 
@@ -429,13 +435,13 @@ resulted in a difference below the measurement floor of approximately \qty{0.25}
         \hspace*{5mm}
         \includegraphics[width=0.45\textwidth]{fiber_passthrough_mech_model__8292_small.jpg}
     \end{center}
-    \caption{An disassembled view of our optical passthrough mechanical prototype. The fiber is passed through from the
+    \caption[QKD fiber passthrough mechanical model components]{A disassembled view of our optical passthrough
-    shaft going through the IHSM's primary tamper sensing mesh cage to the outside into the interior of the IHSM through
+        mechanical prototype. The fiber is passed through from the shaft going through the IHSM's primary tamper sensing
-    the green bracket. A secondary tamper sensing mesh is located on the inside of the shaft interface and driven
+        mesh cage to the outside into the interior of the IHSM through the green bracket. A secondary tamper sensing
-    separately. In this prototype, the secondary mesh is driven by a cooling fan. Both independently rotating meshes
+        mesh is located on the inside of the shaft interface and driven separately. In this prototype, the secondary
-    have tabs that extend into the bracket such that they do not interfere, but reduce the space available to an
+        mesh is driven by a cooling fan. Both independently rotating meshes have tabs that extend into the bracket such
-    attacker. The HSM's primary mesh cage is partially shown in white.
+        that they do not interfere, but reduce the space available to an attacker. The HSM's primary mesh cage is
-    }
+        partially shown in white.}
     \label{fig_pic_proto_detail}
 \end{figure}
 
@@ -456,11 +462,11 @@ the amount of inter-mesh space necessary for power and data feedthroughs as well
 meshes, on the other hand, this pitch increases by the offset distance. Even for a small offset this quickly adds up to
 an unwieldy total mesh size.
 
-In this section, we conceptually introduce a solution to this problem that allows for larger offsets using a design
+We conceptually introduce a solution to this problem that allows for larger offsets using a design where the two meshes
-where the two meshes interlock like gears. This does mean that the two meshes' rotation must be synchronized, but it
+interlock like gears. This does mean that the two meshes' rotation must be synchronized, but it increases the design
-increases the design space of offset labyrinth meshes. For instance, in a gear setup, the wide sides of the inter-mesh
+space of offset labyrinth meshes. For instance, in a gear setup, the wide sides of the inter-mesh zones can be aligned
-zones can be aligned to lie on the same side, so fiber passthrough can be realized more easily even without the need to
+to lie on the same side, so fiber passthrough can be realized more easily even without the need to spiral the fiber
-spiral the fiber around the axes of rotation.
+around the axes of rotation.
 
 \subsection{Mesh synchronization}
 
@@ -469,78 +475,33 @@ In this setup, the mesh tabs act like gear teeth. Depending on the ratio between
 meshes do not have to rotate at the same rate of rotation and harmonic ratios are possible. Additionally, unlike actual
 gears which need to constantly maintain an area of contact, both co-rotating and counter-rotating setups are possible.
 
-\section{Physical attacks and countermeasures}
-\label{sec_attacks}
-In this section we will consider possible ways to attack an IHSM-secured QKD relay, as well as potential
-countermeasures.
-
-\subsection{Attacks on the IHSM mesh}
-
-There are two ways an attacker could attack the mesh itself if an adequate speed of rotation such as \qty{1000}{\rpm} is
-used~\cite{gotteCantTouchThis2022}: Either, an attacker would have to slow down the mesh so they can perform a manual
-attack, or they would have to use a robot. The first class of attack would require the attacker to falsify the readings
-of the centrifugal accelerometer. MEMS accelerometers are complex devices, and the simplest way to falsify its readings
-would be to attach a circuit to the accelrometer's data bus that overrides the measurement result data. Creating such a
-circuit is easy, the challenge the attacker would have to overcome would be to access this bus and attach this circuit
-to the mesh in motion without stopping or disturbing it. At high speeds, this would necessarily require a custom attack
-robot.
-
-\subsection{Contactless attacks on the payload}
-
-Contactless attacks such as electromagnetic (EM) side-channel attacks or optical fault injection attacks on the payload
-could conceivably be conducted from the outside of the mesh. The efficacy of EM side-channel as well as fault injection
-attacks decays quickly with increased distance between probe and target, and they can be counteracted by simply placing
-the QKD relay's components such that they are spaced apart from the mesh. Optical attacks, on the other hand can be
-carried out even at a distance using appropriate focusing optics. The easiest way to prevent such attacks would be to
-place the payload into an opaque enclosure inside the mesh.
-
-An additional variant of optical attacks would be using a laser to cut or drill into the payload. Such attacks can be
-impeded through several defense-in-depth measures. First, the payload QKD relay should be designed such that destroying
-any part of it such as connecting wires or fibers causes it to fail secure. Irrespective of attacks, this is a
-reasonable design objective anyway given that components could fail, and a component failure should never put the device
-in an insecure state. Further, similar to other optical attacks, a shield can be used to prevent laser cutting or
-drilling attacks as well with the only difference being the kind of shield. To prevent laser cutting or drilling, a
-thick metal shield can be used. The large thermal mass, high thermal conductivity and reflective surface of such a
-shield makes it difficult to cut. There are lasers such as pulsed Nd:YAG lasers that can cut even thick steel, but these
-this cutting produces a large amount of metal plasma and debris, which would likely destroy the payload in the process.
-
-To make sure any active laser attack is quickly detected, as a final line of defense, both mesh and payload should
-include wideband optical sensors in their array of environmental tamper sensors. For instace, high-power pulsed lasers
-do not deposit much heat into their target because the surface of the target is vaporized by the laser pulse too
-quickly, and thus might not trigger a simple temperature alarm inside the payload. In contrast, optical sensors even
-outside of the laser's wavelength range would have no trouble detecting the light emitted from the metal plasma created
-by the laser's pulses on impact with the payload.
-
-\subsection{Fast, mechanical attacks on the payload}
-
-A final class of attacks are mechanical attacks where an attacker mechanically compromises the IHSM QKD relay so quickly
-that the tamper alarm mechanism has no time to act. An instance of such an attack would be using a gun to fire a bullet
-at the payload, aiming to selectively destroy parts of it that are involved in tamper alarm response before they can
-act. This class of attack can be counteracted in similar ways as the previously mentioned optical attacks. Destruction
-of parts of the payload should never let it fall into an insecure state, meaning that such an attack alone should never
-be enough to compromise the QKD relay. There is little one can do to prevent destruction of the payload by projectile or
-by explosive, but a thick metal shield around the payload would make it more difficult to selectively target part of it
-using a projectile.
-
 \section{Outlook}
 \label{sec_outlook}
 
 \subsection{Achievable security guarantees}
 
-Like conventional HSMs, Inertial HSMs are only ever an engeineering answer to a security question. In contrast with
+Like conventional HSMs, Inertial HSMs are only ever an engineering answer to a security question. In contrast with
-cryptographic solutions that can achieve provable, information-theoretic security in some cases, an IHSM's security
+cryptographic solutions that in some cases can achieve provable, information-theoretic security, an IHSM's security
 rests upon an assumption on the engineering capabilities of an attacker. In contrast to conventional HSMs, which
 achieve this engineering assumption through the manufacture of hard-to-manipulate tamper sensing meshes, Inertial HSMs
 achieve it by rotating their tamper sensing mesh. In a conventional HSM, increasing the security of the tamper sensing
 mesh requires fine-tuning a bespoke manufacturing process. In contrast, increasing the security of an IHSMs simply
 requires making the rotor faster.
 
+While QKD systems provide theroetically impervious security guarantees based on fundamental laws of physics, they too
+are engineered systems embedded into a macroscopic world. As such, while the physics at their core might be sound
+similar to how the cryptography at the heart of a HSM might be provable, like HSMs they also cannot side-step requiring
+engineering solutions to security questions at the system level. As such, IHSMs complement QKD implementations, and
+provide the system-level security barrier necessary for the protection of a QKD node's quantum components.
+
 \subsection{Trust bootstrapping}
 
-A key question in any trusted hardware deployment is how to bootstrap trust in a new device when faced with the
+When considering the security of a system, we often assume a steady state, where the system is already secure at the
-possibility of supply-chain attacks. Conventional HSMs are only manufactured by a single manufacturer, and the common
+start and then needs to resist some attack. A key question in any practical trusted hardware deployment is how to
-solution is to just trust that manufacturer. The HSM's manufacturer can factory-provision an identity key to the HSM
+bootstrap this initial trust in a new device when faced with the possibility of supply-chain attacks. Conventional HSMs
-that can be used to ascertain the HSM's integrity during shipping to the customer.
+are only manufactured by a single manufacturer, and the common solution is to just trust that manufacturer. The HSM's
+manufacturer can factory-provision an identity key to the HSM that can be used to ascertain the HSM's integrity during
+shipping to the customer.
 
 One of the key components of IHSM technology is that it does not require specialized components, or potting of the
 payload. While an IHSM could be manufactured and sold as a complete unit like a conventional HSM, their more modular

chapter-sampling-mesh-monitor/chapter.tex

@@ -1,7 +1,13 @@
+%\chapterquote{Attributed to Tom Milligan~\cite{peaseTroubleshootingAnalogCircuits1993}}{When you are taking data, if you see something funny, Record Amount of Funny.}
+\chapterquote{Stewart Brand~\cite{internetarchiveWholeEarthCatalog1969}}{We are as gods and might as well get good at
+it.}
 \chaptertitle{High Fidelity Security Mesh Monitoring using Low-Cost, Embedded Time Domain Reflectometry}
+\label{chapter_sampling_mesh_mon}
 
 \section{Introduction}
 
+\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann that
+will be presented by Jan Sebastian Götte at CHES 2026~\cite{gotteHighFidelitySecurity2026}.}
 Security meshes continue to be the state of the art for tamper sensing in applications where sophisticated physical
 attacks such as attempts at drilling or sawing through the device's enclosure to place probes must be prevented. Common
 applications for such meshes include Hardware Security Modules (HSMs) used to store and process cryptographic keys
@@ -13,14 +19,18 @@ two or more conductive traces that are laid out in a meandering pattern to cover
 electrically monitors these traces to detect attempts at penetrating this surface.
 
 As is often the case with security technologies, in practice a tension exists between the level of security offered by a
-particular security mesh implementation and its implementation cost. Commercial designs often only coarsely monitor the
+particular security mesh implementation and its implementation cost. In Chapter~\ref{chapter-survey}, we have examined a
-conductivity of the mesh traces and are incapable of detecting attacks that manipulate small parts of the mesh. The most
+broad range of real-world security meshes. We found that the majority of implementations use simple construction
+approaches and coarse structure sizes, which results in limited security when only monitoring macroscopic parameters of
+the mesh such as electrical continuity or resistance. The coarse monitoring approaches based on trace continuity that
+are used in many commercial designs are incapable of detecting attacks that manipulate small parts of the mesh. The most
 secure meshes are made in custom manufacturing processes. Materials such as polymer substrates are specifically chosen
 such that the mesh is difficult to manipulate without breaking it. A drawback of this approach is that the specialized
-manufacturing processes are difficult to replicate and that the resulting cost of the mesh is high. In some
+manufacturing processes are difficult to replicate and that the resulting cost of the mesh is high~\cite{isaacs2013}. In
-lower-security applications such as card payment terminals, simpler approaches are still commonly used for their ease of
+some lower-security applications such as card payment terminals, simpler approaches are still commonly used for their
-implementation. Often, standard copper/polyimide Flexible Printed Circuits (FPCs) or even standard Printed Circuit
+ease of implementation. Often, standard copper/polyimide Flexible Printed Circuits (FPCs) or even standard Printed
-Boards (PCBs) are used because of the wide availability of manufacturing services.
+Circuit Boards (PCBs) are used because of the wide availability of
+manufacturing services.
 
 Inertial HSMs are one approach that enables the use of less expensive, commodity materials in high-security
 applications. Several other academic approaches exist that target low-cost~\cite{
@@ -38,7 +48,7 @@ applications. Several other academic approaches exist that target low-cost~\cite
 High-performance mesh monitoring approaches try to characterize the mesh's physical properties with high accuracy, but
 often come at the cost of specialized, expensive circuitry. Low-cost approaches utilize advanced analog techniques in
 their circuitry to extract precise measurements using few components. They trade off measurement precision for lower
-component cost. Besides simple monitoring, detecting tamper attempts by replacing the mesh with a macro-scale Physically
+component cost. Besides simple monitoring, detecting tamper attempts by replacing the mesh with a macro-scale Physical
 Unclonable Function (PUF) has also been researched~\cite{
     immlerBTREPIDBatterylessTamperresistant2018,
     staatAntiTamperRadioSystemLevel2022,
@@ -48,9 +58,10 @@ specialty components.
 \begin{figure}
     \centering
     \includegraphics[width=0.6\textwidth]{pic_board_setup_2_small.jpg}
-    \caption{Measurement setup. Shown are the test specimen board on the left, and the frontend board with one of the
+    \caption[Sampling mesh monitor prototype and test coupon]{Measurement setup. Shown are the test specimen board on
-    four pulse amplifiers in the center. The frontend board is powered through a USB-C connection, and data is sent to a
+        the left, and the frontend board with one of the four pulse amplifiers in the center. The frontend board is
-    computer through a Single-Wire Debug (SWD) interface. The grid in the background has \qty{10}{\milli\meter} pitch.}
+        powered through a USB-C connection, and data is sent to a computer through a Single-Wire Debug (SWD) interface.
+        The grid in the background has \qty{10}{\milli\meter} pitch.}
     \label{fig_pic_board}
 \end{figure}
 
@@ -101,6 +112,7 @@ The contributions of our work are as follows:
 \end{itemize}        
 
 \section{Related Work}
+\label{sec_sampling_mesh_mon_related_work}
 
 Tamper sensing meshes are used in numerous applications from Hardware Security Modules (HSMs) to card payment
 terminals~\cite{andersonCryptographicProcessorsASurvey2006,tehranipoorHardwareSecurityPrimitives2023}. Despite their
@@ -139,8 +151,8 @@ blind spots.
     obermaierMeasurementSystemCapacitive2018,
     garbTamperSensitiveDesignPUFBased}
 propose one of the most advanced security mesh designs in the current academic state of the art. They use a specialized
-security mesh as a Physically Unclonable Function (PUF), combining tamper sensing with cryptographic key storage. In
+security mesh as a Physical Unclonable Function (PUF), combining tamper sensing with cryptographic key storage. In their
-their design, the mesh consists of a cross-hatch pattern made from several dozen individually addressable capacitive
+design, the mesh consists of a cross-hatch pattern made from several dozen individually addressable capacitive
 electrodes. They manufacture their meshes in a specialized process that results in unpredictable, random variations in
 capacitance between electrodes. They propose an analog frontend that measures the precise mutual capacitance of each
 pair of electrodes~\cite{obermaierMeasurementSystemCapacitive2018} using an approach similar to
@@ -392,7 +404,8 @@ attack tools, or specialized tools for large-scale industrial manufacturing such
     \centering
     \hspace*{-7mm}
     \includegraphics[height=80mm]{block_diagram.pdf}
-    \caption{Block diagram of our prototype sampling TDR security mesh monitoring circuit.}
+    \caption[Sampling mesh monitor circuit block diagram]{Block diagram of our prototype sampling TDR security mesh
+        monitoring circuit.}
     \label{fig_block_diagram}
 \end{figure}
 
@@ -473,10 +486,10 @@ such as the CML-output comparators made by Analog Devices due to cost.
         \includegraphics[width=0.9\textwidth]{pic_pi3hdx_small.jpg}
         \caption{PI3HDX12211}
     \end{subfigure}
-    \caption{Implementation of the pulse amplifier variants of the design. Amplifiers were mounted dead bug style on
+    \caption[Sampling mesh monitor pulse amplifier implementations]{Implementation of the pulse amplifier variants of
-    copper tape and connected with \qty{120}{\micro\meter} wire. Supply rails were connected with copper tape where
+        the design. Amplifiers were mounted dead bug style on copper tape and connected with \qty{120}{\micro\meter}
-    possible to reduce impedance. MLCC power supply decoupling capacitors were placed on the copper tape to reduce loop
+        wire. Supply rails were connected with copper tape where possible to reduce impedance. MLCC power supply
-    area.}
+        decoupling capacitors were placed on the copper tape to reduce loop area.}
     \label{fig_pic_amps}
 \end{figure}
 
@@ -532,8 +545,8 @@ of Xilinx 7 Series FPGAs provides the same $\frac{1}{32}$ clock cycle resolution
         N/A&25&0.01&Various resistors\\\hline
         \multicolumn{2}{r}{}&\textbf{9.67}&\textbf{Total}
     \end{tabular}
-    \caption{Cost breakdown of our prototype design. Prices are listed at order quantity 1000 to make prices more
+    \caption[Prototype design cost breakdown]{Cost breakdown of our prototype design. Prices are listed at order
-    comparable between distributors.}
+        quantity 1000 to make prices more comparable between distributors.}
     \label{tab_bom}
 \end{table}
 
@@ -641,10 +654,10 @@ turn-on knee of the sampling diodes.
         \end{subfigure}
     \end{center}
     \vspace*{-5mm}
-    \caption{Spectrum measurements and reconstructed time domain edge shape of the stimulus pulse
+    \caption[Sampling mesh monitor stimulus pulse spectrum measurements]{Spectrum measurements and reconstructed time
-        measured at the mesh interface for each of the four driver ICs, captured using a spectrum analyzer. Vertical
+        domain edge shape of the stimulus pulse measured at the mesh interface for each of the four driver ICs, captured
-        scale shows arbitrary units. Spectrum plots include a $\frac{1}{f}$ reference curve indicating an ideal
+        using a spectrum analyzer. Vertical scale shows arbitrary units. Spectrum plots include a $\frac{1}{f}$
-        infinite-bandwidth square wave.}
+        reference curve indicating an ideal infinite-bandwidth square wave.}
     \label{fig_spec_risetime}
 \end{figure}
 
@@ -671,8 +684,9 @@ slower than the raw pulse rise time value alone would suggest.
     \begin{center}
         \includegraphics[width=\textwidth]{fig_edge_risetime.pdf}\vspace*{-7mm}
     \end{center}
-    \caption{One edge of the stimulus pulse with no mesh connected measured by the board itself, using different
+    \caption[Sampling mesh monitor pulse self-characterization]{One edge of the stimulus pulse with no mesh connected
-    amplifier ICs. For each IC, ten traces are shown. The vertical scale is in Volts at the sampling amplifier output.}
+        measured by the board itself, using different amplifier ICs. For each IC, ten traces are shown. The vertical
+        scale is in Volts at the sampling amplifier output.}
     \label{fig_edge_risetime}
 \end{figure}
 
@@ -710,10 +724,11 @@ slower than the raw pulse rise time value alone would suggest.
             \qty{2.25}{\volt\per\nano\second}
         \end{tabular}
     \end{center}
-    \caption{Single-ended stimulus edge rise times for different amplifier ICs. The single-ended rise times of both
+    \caption[Single-ended stimulus edge rise times for different amplifier ICs]{Single-ended stimulus edge rise times
-    positive and negative half of the differential pair have been averaged. External measurements are from Figure\
+        for different amplifier ICs. The single-ended rise times of both positive and negative half of the differential
-    \ref{fig_spec_risetime}, measuring the stimulus pulse at the mesh interface. $V_{pp}$ measurements are taken at the
+        pair have been averaged. External measurements are from Figure\ \ref{fig_spec_risetime}, measuring the stimulus
-    mesh interface. Effective slew rates are calculated from the external measurements and pulse $V{pp}$.}
+        pulse at the mesh interface. $V_{pp}$ measurements are taken at the mesh interface. Effective slew rates are
+        calculated from the external measurements and pulse $V{pp}$.}
     \label{tab_edge_risetime}
 \end{table}
 
@@ -741,7 +756,47 @@ its switching happens in the short period between its input differential voltage
 combined forward voltage of the Schottky diodes. Thus, while the \partno{74LVC} might produce slow edges overall, its
 large output swing results in a high slew rate in the critical region around the zero crossing.
 
-We observed the best result overall with the \partno{PI3HDX12211} redriver, resulting in a rise time of
+\begin{figure}
+    \begin{center}
+        \begin{subfigure}{0.45\textwidth}
+            \centering
+            \includegraphics[width=\textwidth]{edge_sampling_pulse_scope.pdf}
+            \vspace*{-5mm}
+            \caption{Sampling pulse}
+            \label{fig_osc_risetime_samp}
+        \end{subfigure}
+        \unskip\begin{subfigure}{0.45\textwidth}
+            \centering
+            \includegraphics[width=\textwidth]{edge_stimulus_pulse_scope_normalized.pdf}
+            \vspace*{-5mm}
+            \caption{Stimulus pulse}
+            \label{fig_osc_risetime_stim}
+        \end{subfigure}
+    \end{center}
+    \vspace*{-5mm}
+    \caption[Pulse risetime oscilloscope measurements]{Oscilloscope measurements of the sampling pulse probed
+        differentially (left) and of the stimulus pulse probed single-ended and normalized (right). The 74LVC pulse is
+        plotted on the right Y axis in the left plot due to its large amplitude. In the right plot, it is not shown
+        since our measurement setup did not allow for a measurement of this amplitude.}
+    \label{fig_osc_risetime}
+\end{figure}
+
+Figure~\ref{fig_osc_risetime} shows the sampling and stimulus pulse edges measured using a Siglent SDS7404A
+\qty{4}{\giga\hertz} oscilloscope. The stimulus pulse was directly measured single-ended, and the sampaling pulse was
+measured differentially through a Siglent SAP2500D \qty{2.5}{\giga\hertz} active differential probe. These measurements
+support the conclusion from Figure~\ref{fig_spec_risetime} that in raw edge risetime, \partno{MAX3748} and
+\partno{TDP0604} perform fastest, with \partno{PI3HDX12211} being slightly slower. They also exhibit the large
+differences in amplitude that we expect cause the differences in actual measurement performance as shwon in
+Figure~\ref{fig_edge_risetime}. Note that due to the differences in measurement methodology, a direct comparison of the
+rise times is not possible between these plots. The spectrum measurements do not convey amplitude information and
+discard low-frequency content, but due to the very large bandwidth of the spectrum analyzer used, they will represent
+the true risetime the closest. In both the self-characterization and the oscilloscope measurements, the displayed
+risetime is contaminated by the measurement system. In case of the self-characterization, the stimmulus rise time is
+folded into the measurement result, leading in the displayed risetime being slower by a factor of $\sqrt{2}$. Similarly,
+in the oscilloscope measurements, the combined risetime of the oscilloscope frontend and active probe contaminate the
+results.
+
+We observed the best overall performance with the \partno{PI3HDX12211} redriver, resulting in a rise time of
 \qty{264}{\pico\second}. In this test specimen, we fed the pulse through the amplifier twice since we had two unused
 channels, and we used \qty{200}{\pico\second} clip lines on the amplifier's output for pulse shaping. We only used clip
 lines here and for \partno{TDP0604} since the other amplifiers' output did not contain sufficient harmonic content.
@@ -793,27 +848,27 @@ lines here and for \partno{TDP0604} since the other amplifiers' output did not c
             \qty{2.86}{\meter}&
             \qty{3.86}{\meter}\\
 
-            \textbf{Approximate Delay}&
+            \textbf{Approx. Delay}&
             \qty{7.1}{\nano\second}&
             \qty{13}{\nano\second}&
             \qty{19}{\nano\second}&
             \qty{26}{\nano\second}\\
         \end{tabular}
     \end{center}
-    \caption{Specifications of mesh test specimens used in the experiments in this chapter. Approximate signal delays
+    \caption[Mesh test specimen specifications]{Specifications of mesh test specimens used in the experiments in this
-        were calculated using wave velocity
+        chapter. Approximate signal delays were calculated using wave velocity
         $v=\frac{c}{\sqrt{\epsilon_r}}\approx\frac{c}{2}$~\cite{wheelerTransmissionLinePropertiesParallel1965} assuming
         $\epsilon_r\approx 4$~\cite{mumbyDielectricPropertiesFR41989} for the test specimens' \partno{FR-4} substrate.}
     \label{tab_mesh_spec}
 \end{table}
 
-To measure the practical performance of our prototype, we created a set of tamper sensing mesh test specimens. Each
+To measure the practical performance of our prototype, we created a set of tamper sensing mesh test specimens using the
-specimen contains four separate meshes with the same area. Table~\ref{tab_mesh_spec} shows the design specifications.
+algorithm described in Chapter~\ref{chapter-ihsm}. Each specimen contains four separate meshes with the same area.
-Each specimen contains four separate meshes on the outer layers of a four-layer, \qty{1.0}{\milli\meter} thickness PCB,
+Table~\ref{tab_mesh_spec} shows the design specifications. Each specimen contains four separate meshes on the outer
-two equal-size meshes on each side. The inner layers were used as ground. Figure\ \ref{fig_mesh_length} shows the
+layers of a four-layer, \qty{1.0}{\milli\meter} thickness PCB, two equal-size meshes on each side. The inner layers were
-results of a baseline measurement of each mesh using each design variant. The step response resulting from an edge
+used as ground. Figure\ \ref{fig_mesh_length} shows the results of a baseline measurement of each mesh using each design
-entering the mesh and its reflection arriving back at the start after traversing the mesh back and forth is clearly
+variant. The step response resulting from an edge entering the mesh and its reflection arriving back at the start after
-visible.
+traversing the mesh back and forth is clearly visible.
 
 We validated the results from Figure\ \ref{fig_mesh_length} by calculating speed of light in our mesh specimen's
 substrate based on them. The resulting measurements are shown in Table\ \ref{tab_speed_of_light}. All amplifier
@@ -837,9 +892,10 @@ switching.
         \includegraphics[width=.8\textwidth]{fig_mesh_length.pdf}
         \vspace*{-10mm}
     \end{center}
-    \caption{TDR responses captured by the microcontroller's internal ADCs with each of four candidate pulse amplifier
+    \caption[Sampling mesh monitor time-domain responses versus mesh length and amplifier]{TDR responses captured by the
-        ICs and four test meshes. The shown time range covers the primary reflection of the stimulus pulse's falling
+        microcontroller's internal ADCs with each of four candidate pulse amplifier ICs and four test meshes. The shown
-        edge. For clarity, only one channel of the differential response is shown.}
+        time range covers the primary reflection of the stimulus pulse's falling edge. For clarity, only one channel of
+        the differential response is shown.}
     \label{fig_mesh_length}
 \end{figure}
 
@@ -852,7 +908,7 @@ switching.
             2&
             3&
             4&
-            Calculated speed of light $c$
+            Calculated $c$
             \\\hline
 
             \partno{PI3HDX12211}&
@@ -884,8 +940,8 @@ switching.
             $\qty{1.59d8}{\meter\per\second}$\\
         \end{tabular}
     \end{center}
-    \caption{Speed of light and time offset calculated from delays read from the graphs in Figure\
+    \caption[Speed of light calculations]{Speed of light $c$ and time offset calculated from delays read from the graphs
-    \ref{fig_mesh_length}. $c$ is the speed of light determined by linear fit.}
+    in Figure\ \ref{fig_mesh_length}. $c$ is the speed of light determined by linear fit.}
     \label{tab_speed_of_light}
 \end{table}
 
@@ -985,8 +1041,9 @@ indicates good performance of our design, and increases the detection efficiency
         \includegraphics[width=\textwidth]{fig_covar_short_across_traces_p0.4.pdf}
         \caption{Both traces shorted, p=\qty{0.4}{\milli\meter}. FNR 0.0\% at 0.1\% FPR, CER=0\%.}
     \end{subfigure}
-    \caption{Similarity matrix of 10 intact and 10 modified meshes with two pitch sizes under two
+    \caption[Similarity matrices of modified meshes under different attack scenarios]{Similarity matrix of 10 intact and
-        different attack scenarios: An interrupted trace, and both mesh traces shorted.}
+        10 modified meshes with two pitch sizes under two different attack scenarios: An interrupted trace, and both
+        mesh traces shorted.}
     \label{fig_covar_basic_attacks}
 \end{figure}
 
@@ -999,8 +1056,8 @@ location of the reflected pulse edge, resulting in 0\% Crossover Error Rate.
 \begin{figure}
     \centering
     \includegraphics[width=0.33\textwidth,trim=0 5mm 0 5mm]{fig_covar_short_within_0.3.pdf}
-    \caption{Similarity matrix of several mesh specimens that have one trace shorted to an
+    \caption[Similarity matrix of shorted meshes]{Similarity matrix of several mesh specimens that have one trace
-        adjacent location on the same trace. Classification FNR 23\% at 0.1\% FPR, CER=22\%.}
+        shorted to an adjacent location on the same trace. Classification FNR 23\% at 0.1\% FPR, CER=22\%.}
     \label{fig_short_within}
 \end{figure}
 
@@ -1109,9 +1166,10 @@ distribution shifts.
         \vspace*{2mm}
         \label{fig_drill_mod_shape_pic}
     \end{subfigure}
-    \caption{The mesh response under a manipulation attack patching across a drill location for a 
+    \caption[Time-domain mesh response differences during manipulation attack]{The mesh response under a manipulation
-        \qty{300}{\micro\meter} drill, as captured by the microcontroller's ADCs. The mesh pitch is
+        attack patching across a drill location for a \qty{300}{\micro\meter} drill, as captured by the
-        \qty{300}{\micro\meter}. B-spline smoothing was applied for readability.}
+        microcontroller's ADCs. The mesh pitch is \qty{300}{\micro\meter}. B-spline smoothing was applied for
+        readability.}
     \label{fig_drill_mod_shape}
 \end{figure}
 
@@ -1141,8 +1199,8 @@ only benchmark a momentary snapshot after the patch was completed.
         \caption{\emph{maximum} classifier variant. FNR 51.1\% at 0.1\% FPR, CER=15\%.}
         \label{fig_patch_large_scale_minmax}
     \end{subfigure}
-    \caption{Classification performance in a larger-scale experiment using 10 measurements each of
+    \caption[Classification performance in a large-scale experiment]{Classification performance in a larger-scale
-        7 samples with traces patched through micro-soldering.}
+        experiment using 10 measurements each of 7 samples with traces patched through micro-soldering.}
     \label{fig_patch_large_scale}
 \end{figure}
 
@@ -1195,8 +1253,8 @@ domain based on a temperature measurement.
 \begin{figure}
     \centering
     \includegraphics[width=1.0\textwidth]{fig_tempco_edited.pdf}
-    \caption{The effect of heating on a time-domain trace. One of 12 channels shown. Gray: Raw data. Black: Relative
+    \caption[The effect of heating on a time-domain trace]{The effect of heating on a time-domain trace. One of 12
-    difference between hot and cool cases.}
+        channels shown. Gray: Raw data. Black: Relative difference between hot and cool cases.}
     \label{fig_tempco_time}
 \end{figure}
 
@@ -1214,9 +1272,9 @@ classification performance remaining approximately constant at 69.0\% FNR at 0.1
     % NOTE: not actually "tridelta" data, I'm just too lazy to rename these and fix up the notebook.
     \includegraphics[width=0.6\textwidth]{fig_covar_patch_repeat_tridelta_all_the_data_p0.3.pdf}
     \hspace*{2mm}
-    \caption{Classifier similarity scores of measurements in different environments, 10
+    \caption[Classifier similarity scores of measurements in different environments]{Classifier similarity scores of
-        measurements each. For scale, measurements from Figure~\ref{fig_patch_large_scale} are included on the
+        measurements in different environments, 10 measurements each. For scale, measurements from
-        bottom/right. FNR 69.0\% at 0.1\% FPR, CER=22\%.}~
+        Figure~\ref{fig_patch_large_scale} are included on the bottom/right. FNR 69.0\% at 0.1\% FPR, CER=22\%.}
     \label{fig_env_covar}
 \end{figure}
 

chapter-sampling-mesh-monitor/figures/sampling-mesh-monitor

@@ -1 +1 @@
-Subproject commit b4dc58286d039b1d0f70ea86f9e1f2cc538d8fbb
+Subproject commit cd33cff0e8b3284f26a4b87c9c9d40ae226dceed

chapter-smpc/chapter.tex

@@ -1,18 +1,43 @@
+\chapterquote{Moxie Marlinspike~\cite{marlinspikeWeShouldAll2013}, see also
+    \textcite{rogawayMoralCharacterCryptographic2015}}{
+    We can only desire based on what we know. It is our present experience of what we are and are not able to do that
+    largely determines our sense for what is possible. This is why same sex relationships, in violation of sodomy laws,
+    were a necessary precondition for the legalization of same sex marriage. This is also why those maintaining
+    positions of power will always encourage the freedom to talk about ideas, but never to act.}
 \chaptertitle{Case Study: Multiparty Computation in Scalable Hardware Security Modules}
+\label{chapter-smpc}
 
-\section{Fast MPC and Slow HSMs}
+Inertial Hardware Security Modules do not only support much larger payloads compared to conventional HSMs, they also
+support much higher power dissipation since they allow for direct air cooling of their payload. The tamper-sensing
+membrane of a conventional HSM must be continuous to provide security, so any heat dissipated by the payload must pass
+through it. Since the polymers used in tamper sensing membranes are poor conductors of heat, and since security benefits
+from a thicker tamper sensing assembly (cf.\ Chapter~\ref{chapter-survey}), power dissipation in conventional HSMs is
+limited~\cite{
+    petriePartIITechnical,
+    curetHardwareSecurityModule2025,
+    zhangTamperrespondentAssembliesPorous2023,
+    dragoneVentedTamperrespondentAssemblies2020}.
 
-Multiparty Computation (MPC) is a cryptographic construct that allows several networked parties to jointly perform a
+Because IHSMs rotate at high speed, IHSM meshes do not need to be contiguous to provide adequate security. While a
-computation in such a way that the inputs to the computation remain private to the parties providing them, and no single
+non-contiguous rotating mesh might theoretically allow a stationary attack tool to quickly penetrate, then retract
-party must be trusted for the computation to produce the correct result. Conceptually, MPC is similar to a secret
+through one of the mesh's gaps while the mesh is rotating, the time available for such an attack would be too short for
-sharing scheme that shares not just data, but computation between untrusted parties. The computation primitive MPC
+a practical attack (cf.\ Chapter~\ref{chapter-ihsm}). For a mesh with three vertical connecting segments (cf.\
-offers is a cryptographic answer to the question of how to bootstrap trust in a computing system. 
+Figure~\ref{fig_proto_mesh} in Chapter~\ref{chapter-ihsm}) rotating at \qty{1000}{\rpm}, this time would be in the order
+of \qty{20}{\milli\second}. Conventional HSM monitoring circuits would likely require a similar amount of time to react
+to an attack~\cite{obermaier2018}.
 
-%The most challenging scenarios in computing arise when multiple 
+Similar to how the increase in payload \emph{size} of IHSMs compared to conventional HSMs unlocks new applications such
-%parties such as manufacturers and operators, servers and clients, or sellers and buyers need to interact through
+as the Quantum Key Distribution relay use case we presented in Chapter~\ref{chapter-qkd}, the increase in sustainable
-%computation. In many practical situations, it is impossible to create a single computer that can be trusted by every
+power dissipation enabled by air cooling also unlocks a number of new applications. Especially applications that require
-%participant. MPC is a generic solution to a multitude of such scenarios reducing the problem of creating a single,
+large amounts of computing power benefit from IHSM technology, as their needs fundamentally cannot be met by
-%shared computer everyone can trust simultaneously to everyone creating their own computer that they only can trust.
+conventional HSMs.
+
+One such application that does not translate to conventional HSMs due to its need for large amounts of computing power
+is Multiparty Computation (MPC). MPC is a cryptographic construct that allows several networked parties to jointly
+perform a computation in such a way that the inputs to the computation remain private to the parties providing them, and
+no single party must be trusted for the computation to produce the correct result. Conceptually, MPC is similar to a
+secret sharing scheme that shares not just data, but computation between untrusted parties. The computation primitive
+MPC offers is a cryptographic tool for bootstrapping trust in a distributed computing system.
 
 We can deconstruct the problem of trust in computing into two largely disjunct parts: Establishing trust in a computing
 system during its creation is one, and maintaining this trust throughout its life is the other. For the second part of
@@ -26,35 +51,43 @@ they cannot target all systems simultaneously and we give them too little time t
 
 A limitation of both approaches is that in either case, while the party creating or acquiring the system can trust it,
 they cannot prove its trustworthiness to other parties. MPC solves this issue by allowing every party to contribute
-their trusted system to the protocol, cryptographically bootstrapping common trust in the computation and its
+their own trusted system to the protocol, cryptographically bootstrapping common trust in the computation and its
 output\footnote{
     In fact, MPC does more than just bootstrapping from each participant trusting their own system to a trusted shared
     computation. In an MPC protocol providing semi-honest or better security, MPC even \emph{relaxes} each party's trust
-    requirement from trusting their own system to trusting that any $n$-of-$k$ out of all systems contributing to the
+    requirement from trusting their own system to trusting any $n$-of-$k$ out of all systems contributing to the
     protocol.
 }.
 
-MPC is a uniquely powerful cryptographic primitive, yet it has still not found widespread practical adoption. This is
+\section{Fast MPC and Slow HSMs}
-because MPC is extremely resource-intensive to run. MPC protocols exist on a continuum trading off between extreme
-memory and bandwidth requirements on one end and intense computational requirements on the other end. At a first glance,
-MPC and Hardware Security Modules look like they would complement each other well, but HSMs cannot keep up with the
-intense computational requirements posed by MPC.
 
-Commercially available HSMs are quoted to perform between X and Y\todo{Look up number range} individual cryptographic
+MPC is a uniquely powerful cryptographic primitive, yet it has still not found widespread practical adoption. To a large
-operations per second. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to
+extent, this is because MPC is extremely resource-intensive to run. MPC protocols exist on a continuum trading off
-X\todo{look up numbers} logic gates or Y\todo{look up numbers} x86-64 instructions, requires
+between extreme memory and bandwidth requirements on one end and intense computational requirements on the other end. At
-\emph{millions}\todo{Validate and add citation} of cryptographic operations when performed in MPC. As a result, applying
+a first glance, MPC and Hardware Security Modules look like they would complement each other well, but HSMs cannot keep
-conventional HSMs to MPC at any practical scale is infeasible by multiple orders of magnitude.
+up with the computational requirements posed by MPC.
+
+Using P-256 curve ECC key generation as a benchmark, commercially available HSMs are quoted to perform between 3,500 and
+22,000 cryptographic operations per second~\cite{
+    kumarIBMZ16Performance2025,
+    ThalesLunaNetwork2024,
+    Utrust_GP_HSM_Se_Series_Datasheet_ENpdf,
+}. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to 7,000 logic
+gates~\cite{wangGlobalScaleSecureMultiparty2017}, requires tens of thousands of cryptographic operations when performed
+in MPC. As a result, applying conventional HSMs to MPC at any practical scale is infeasible by multiple orders of
+magnitude. Literature on MPC commonly uses server hardware as a platform for benchmarks, which has power dissipation and
+processing speeds well beyond that of conventional HSMs.
 
 HSMs are slow compared to contemporary computers because they are limited in their power dissipation, and power
 dissipation is largely proportional to processing speed. In the limited fields where HSMs have found commercial
-application, this limitation was never considered important and market forces pushing towards faster HSMs remain
+application, this limitation was never considered important and market forces pushing towards faster HSMs appear to
-light\todo{Can we find a citation here?}. Fundamentally, conventional HSMs must envelope the entire payload in a tamper
+remain light with the issue receiving little attention in either academic or manufacturer publications on the topic.
-sensing mesh to detect drilling attacks, but a tamper sensing mesh that is impermeable to a drill is also impermeable to
+Fundamentally, conventional HSMs must envelope the entire payload in a tamper sensing mesh to detect drilling attacks,
-air. As a result, any heat conducted from the HSMs processor to the outside world must pass through the mesh. At the
+but a tamper sensing mesh that is impermeable to a drill is also impermeable to air. As a result, any heat conducted
-same time, the mesh cannot be thinned either because thinning it would enable micro-drilling attacks. The result of
+from the HSMs processor to the outside world must pass through the mesh. At the same time, the mesh cannot be thinned
-these constraints is a high thermal resistance between the HSM's processor and an external heat sink, which limits
+either because thinning it would enable micro-drilling attacks. The result of these constraints is a high thermal
-maximum power dissipation to a fraction of what is achieved in modern CPUs or even GPUs.
+resistance between the HSM's processor and an external heat sink, which limits maximum power dissipation to a fraction
+of that of modern CPUs or even GPUs.
 
 A secondary limitation of conventional HSMs is that the highly specialized tamper sensing foils used in their
 construction often cannot be scaled to arbitray sizes without incurring unsustainable process yields due to the
@@ -66,10 +99,9 @@ components such as memory, power supplies and any internal heat spreading compon
 Inertial HSMs solve this issue since they allow their payload to be air cooled without compromising security, and they
 expand the feasible security boundary size from the several hundred milliliters offered by conventional HSMs to several
 liters and more, enabling the integration of standard, off-the-shelf server components such as mainboards, CPUs, CPU
-coolers, and power supplies. In this chapter, we will first provide a short overview of the theory of MPC before
+coolers, and power supplies. In this chapter, we will first provide a short overview illustrating a basic MPC protocol
-elaborating a design of an IHSM tailored to MPC tasks including performance calculations and unique design aspects. We
+for context before elaborating a design of an IHSM tailored to MPC tasks. We will conclude with an outlook of
-will conclude with an outlook of applications unlocked by our design as well as promising areas for future improvements
+applications unlocked by our design as well as promising areas for future improvements of our design. 
-of our design. 
 
 \section{The Fundamentals of Multiparty Computation}
 
@@ -96,7 +128,8 @@ real-world settings where parties do not have stable identities such as peer-to-
 mostly interesting as a research tool since protocols assuming a semi-honest adversary can often be upgraded to covert
 or malicious security at some performance tradeoff. In a practical setting, a semi-honest secure MPC protocol would not
 provide additional security over just having one party run the computation except in some situations where inadvertent
-side-channel leakage is a concern.
+side-channel leakage is a concern. Using HSMs to secure protocol participants' cryptographic computations complements
+both the covert and malicious security models.
 
 \subsection{Oblivious Transfer}
 
@@ -115,19 +148,17 @@ Transfer Extensions (OTe)\cite{ishaiExtendingObliviousTransfers2003}. Using OTe,
 base Oblivious Transfer instances can be extended into an arbitrarily large number of Oblivious Transfer instances using
 only invocations of a pseudo-random function (PRF) such as a cryptographic hash function.
 
-\subsection{Boolean MPC with Yao's Garbled Circuits}
+\subsection{A basic MPC protocol: Boolean MPC with Yao's Garbled Circuits}
-% Yao's Garbled Circuits
+
-Yao's Garbled Circuits (GC) protocol is one of the oldest Multiparty Computation protocols, dating back to the 1980ies.
+As a basic example of the approach taken by MPC protocols, we will give a brief overview of Yao's Garbled Circuits (GC)
-In Yao's GC, two parties jointly compute a function that is represented as a circuit of binary logic gates by evaluating
+protocol. Yao's GC is one of the oldest Multiparty Computation protocols, dating back to the 1980ies. In Yao's GC, two
-the circuit gate by gate. In Yao's GC, one party, generator, creates a random \emph{garbled} representation of the
+parties jointly compute a function that is represented as a circuit of binary logic gates by evaluating the circuit gate
-circuit and sends it to the other party, the evaluator, who computes its output. The core idea in Yao's GC is that every
+by gate. In Yao's GC, one party, generator, creates a random \emph{garbled} representation of the circuit and sends it
-wire $w_i$ in the circuit is assigned two random cryptographic secret keys $w_i^b$, called wire labels, one $w_i^0$ for
+to the other party, the evaluator, who computes its output. The core idea in Yao's GC is that every wire $w_i$ in the
-the logical value $0$ and one $w_i^1$ for the value $1$. The mapping from logic values to these keys is assigned
+circuit is assigned two random cryptographic secret keys $w_i^b$, called wire labels, one $w_i^0$ for the logical value
-randomly by the generator, and unknown to the evaluator~\cite{
+$0$ and one $w_i^1$ for the value $1$. The mapping from logic values to these keys is assigned randomly by the
-    yaoHowGenerateExchange1986,
+generator, and unknown to the
-    beaverComplexitySecureProtocols1990,
+evaluator~\cite{yaoHowGenerateExchange1986,beaverComplexitySecureProtocols1990,evansPragmaticIntroductionSecure}.
-    evansPragmaticIntroductionSecure
-}.
 
 Gates are represented in Yao's GC as truth tables with one row for every combination of input wire values. Each row of
 these truth tables contains the output wire label (i.e. secret key) corresponding to the gate's logical output value for
@@ -162,84 +193,56 @@ evaluations of a pseudorandom function such as a cryptographic hash or a cipher.
 Garbled Circuit is many times slower than performing it in the clear. Intuitively, each single-bit gate in the garbled
 circuit results in several cryptographic operations with input and output sizes of dozens or hundreds of bits.
 Practically useful functions such as AES encryption have circuit implementations measuring thousands or tens of
-thousands of gates, meaning these costs quickly escalate for practical problem sizes.
+thousands of gates, meaning these costs quickly escalate for practical problem
-\cite{
+sizes~\cite{boyarNewCombinationalLogic2010, songhoriTinyGarbleHighlyCompressed2015}.
-    boyarNewCombinationalLogic2010,
-    songhoriTinyGarbleHighlyCompressed2015
-}
-
-% FIXME This entire connecting section 
-
-%\subsection{Practical Application}
-%\subsubsection{Preprocessing and Online Phases}
-%\subsubsection{Constant-Round MPC}
-
-% \subsection{Performance}
-
-% zahurTwoHalvesMake2015,wangGlobalScaleSecureMultiparty2017,kellerMPSPDZVersatileFramework2020,dalskovFantasticFourHonestMajority
-
-% \subsection{Practical Deployments}
-
-% \subsection{Solutions}
-
-% \subsection{Hardware Security Applied to MPC}
-
-% Hardware security primitives can be applied in several roles in an MPC protocol.  
 
 \section{A High-Performance IHSM for MPC Applications}
 
 Multiparty Computation is at the verge of being practical in some applications, but is still too computationally
 expensive for others. While some attempts at GPU-accelerating MPC primitives exist, in practice it is commonly
-implemented using CPU processing. From the performance numbers given above\todo{Give performance numbers above} we can
+implemented using CPU processing. The technology comes with an unavoidable increase in computational complexity since
-see that a single, modern server-class CPU is sufficient for an useful amount of computation in MPC.
+each single plaintext computation or gate results in several cryptographic operations.
 
 A naive implementation might attempt to implement MPC using an HSM by simply offloading all cryptographic operations to
-the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs.
+the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs. In the near
-Conventional HSMs commonly use smartphone-class SoCs, which lag behind server CPUs in processing speed by several orders
+term, absent radical developments in either MPC theory or in the speed and power efficiency of processing hardware, the
-of magnitude.
+only feasible solution for HSM-protected MPC at any practical scale is to find a way to protect an entire server-class
-\todo{Cite some HSM/MPC papers here.}
+computer. IHSMs are a natural fit for this requirement since they allow for large, air-cooled payloads.
-
-In the near term, absent radical developments in either MPC theory or in the speed and power efficiency of processing
-hardware, the only feasible solution for HSM-protected MPC at any practical scale is to find a way to protect an entire
-server-class computer. As elaborated above, IHSMs are a natural fit for this requirement since they allow for large,
-air-cooled payloads.
-
-%\subsection{Hardware Requirements}
 
 As a baseline performance target, we consider a commodity server mainboard in CEB or ATX form factor, populated with a
 high-end server CPU and a large amount of RAM. As MPC systems do not usually require a great amount of storage, we can
-largely ignore storage for our size and power calculations.\todo{Refer to performance numbers from research above here}
+largely ignore storage for our size and power calculations. As a result, we end up with a total maximum power
-
+dissipation of approximately \qty{420}{\watt} as shown in Table~\ref{tab_power_budget}. Dissipating this amount of power
-As a result, we end up with a total maximum power dissipation of approximately \todo{Calculate, make table} XXX as shown
+using air cooling is within the capabilities of commodity server cooling
-in Table~\ref{tab_power_budget}. Dissipating this amount of power using air cooling is within the capabilities of
+components~\cite{coroamaPossibleFutureTrends2025}.
-commodity server cooling components\todo{Refer to datasheets}.
 
 \begin{table}
     \centering
     \begin{tabular}{r|l|r|r}
-    Count & Component & Maximum Power Dissipation Each & Total\\\hline
+        Count & Component & Power Dissipation (approx.) & Total\\\hline
-    1 & CPU: & &\\
+        1 & CPU & \qty{350}{\watt}~\cite{tropgen16YearsSPEC2024}&\qty{350}{\watt}\\
-    16 & DDR-4 Memory modules: & &\\
+        16 & Memory~\cite{kennedyDDR4DIMMsSystem2017} &\qty{2}{\watt}&\qty{32}{\watt}\\
-    1 & Mainboard: & &\\
+        1 & Losses & \qty{40}{\watt}&\qty{40}{\watt}\\
-    1 & Power Supply: & &\\
     \end{tabular}
-    \caption{Power budget of a modern mid-range server. Power supply power dissipation calculated at target load.}
+    \caption[Power budget of a modern mid-range server.]{Power budget of a modern mid-range server. Losses were
+        estimated at 10\%, consistent with mainboard losses plus losses from a 80plus platinum efficiency certified
+        power supply (~94\% at load).}
     \label{tab_power_budget}
 \end{table}
 
 A common type of side-channel attack on cryptographic systems are power analysis attacks. In such attacks, the supply
 current of the target processing system is measured at high speed while the target is performing cryptographic
 computations. By aggregating the results of a large number of the resulting power traces, it is often possible to infer
-the value of secret data such as cryptographic keys. To mitigate this type of attack, not only do we have to place the
+the value of secret data such as cryptographic keys. To mitigate this type of attack, we propose placing the system's
-CPU, mainboard, and memory inside of the HSM's tamper-sensing barrier, but also the power supply. A secondary benefit of
+power supply inside the IHSM envelope. A secondary benefit of placing the power supply inside the tamper-sensing barrier
-placing the power supply inside the tamper-sensing barrier is that it simplifies the power wiring between the outside of
+is that it simplifies the power wiring between the outside of the IHSM cage and the payload. Supplying the
-the IHSM cage and the payload. Supplying the \qty{12}{\volt} power rails that commodity mainboard commonly use requires
+\qty{12}{\volt} power rails that commodity mainboard commonly use requires tens of Ampere. To carry such high current,
-tens of Ampere. To carrie such high current, the wiring has to be sized accordingly. In an IHSM, even thick wires can
+the wiring has to be sized accordingly. In an IHSM, even thick wires can easily be passed through the mesh cage, but
-easily be passed through the mesh cage, but such wiring requires a large opening at the shaft on one end of the cage,
+such wiring requires a large opening at the shaft on one end of the cage, which creates a literal security gap. Placing
-which creates a literal security gap. Placing the power supply inside of the cage reduces the size of the wires needed
+the power supply inside of the cage reduces the size of the wires needed since the power supply steps down a lower
-since the power supply steps down a lower current \qty{240}{\volt} input to the system's high-current \qty{12}{\volt}
+current \qty{240}{\volt} input to the system's high-current \qty{12}{\volt} rails. Using DIN VDE 0298-4\todo{Citation?}
-rails. According to DIN VDE 0298-4\todo{Citation?}, a pair of \qty{1.5}{\milli\meter^2} conductors is sufficient for
+as a reference, a pair of \qty{1.5}{\milli\meter^2} conductors is sufficient for more than \qty{3}{\kilo\watt} of load
-more than \qty{3}{\kilo\watt} of load under worst-case conditions.
+under worst-case conditions.
 
 \subsection{Software Considerations}
 
@@ -261,29 +264,61 @@ software without effectively running a system emulation and incurring a massive
 Intel and AMD contain hardware features that provide transparent DRAM encryption. These hardware features would be
 necessary when securing an entire sever in an MPC setup with IHSMS technology.
 
-% \subsection{Fast Zeroization of Non-Customizable Memories}
-% Thermite experiements and paper
-
 \subsection{A Joint Cooling and IHSM Envelope Powertrain}
 
-We have determined that our requirements are an IHSM envelope large enough to fit a small server mainboard, and that
+In this section, we will present a sketch of a design for an IHSM envelope large enough to fit a small server mainboard,
-provides air cooling to the payload. In this section, we will sketch out a solution that solves the engineering issue of
+and that provides air cooling to the payload. Our sketch solves the engineering issue of moving such an IHSM envelope
-moving such an IHSM envelope while simultaneously providing cooling to the payload.
+while simultaneously providing cooling to the payload.
+
+\begin{figure}
+    \centering
+    \begin{subfigure}{0.45\textwidth}
+        \centering
+        \includegraphics[width=\textwidth]{setup_0001.jpg}
+        \caption{}
+        \label{fig_setup_left}
+    \end{subfigure}
+    \hspace*{5mm}
+    \begin{subfigure}{0.45\textwidth}
+        \centering
+        \includegraphics[width=\textwidth]{setup_0002.jpg}
+        \caption{}
+        \label{fig_setup_right}
+    \end{subfigure}
+    \caption{Conceptual demonstrator of the fan-driven IHSM primary mesh approach.}
+    \label{fig_setup}
+\end{figure}
 
-% FIXME picture!
 Our proposed design is based on the idea of using the cooling fans' airflow to power the rotation of the IHSM envelope.
-Using the basic cylindrical design, the IHSM envelope consists of two discs above and below the payload that are
+Figure~\ref{fig_setup} shows a conceptual demonstration of this approach. Using a basic cylindrical design, the IHSM
-connected through vertical struts containing part of the tamper-sensing mesh on the outside of the payload. We propose
+envelope consists of two discs above and below the payload that are connected through vertical struts on the outside of
-widening these vertical connecting struts, and angling them such that the entire envelope becomes a centrifugal
+the payload. We propose widening these vertical connecting struts, and angling them such that the entire envelope
-impeller. By letting air flow into the envelope from the side, and back out through its top and bottom, the envelope
+becomes a centrifugal impeller. By letting air flow into the envelope from the side, and back out through its top and
-assumes the same configuration used in centrifugal cooling fans. A secondary advantage of this concept is that we do not
+bottom, the envelope assumes the same configuration used in centrifugal cooling fans. Tamper sensing meshes are placed
-need a motor on the envelope's shaft, saving vertical space and one difficult to source part. Furthermore, the cooling
+inside the vertical struts as well as along the horizontal discs at the top and at the bottom.
-fans can be located on the outside of the envelope in an easily accessible location, and can be set up in a redundant
+
-way such that a failed cooling fan can be replaced while the system continues operation. The only disadvantage of this
+Laying out an IHSM this way has several advantages. First, we save some vertical space by removing the motor from the
-solution over a direct motor drive is noise. To achieve the speed necessary for sufficient security at the large
+shaft of the mesh. Second, on top of driving the mesh, the airflow also serves to cool the payload. Finally, this
-envelope diameter of an MPC accelerator application, high-airflow fans must be used, which are very noisy when at full
+approach eliminates the motor driving the mesh as a single point of failure. In a basic IHSM design as we introduced it
-speed. We consider this a valid tradeoff since such a system would be deployed in a datacenter where high noise levels
+in Chapter~\ref{chapter-ihsm}, this motor is a critical component as its failure would lead to the mesh accelerometer
-are acceptable.
+triggering the deceleration tamper alarm. Using a brushless motor type the number of wear components in this motor can
+be reduced to the motor's shaft bearings. A complication in the practical manufacturing of IHSMs at a small scale is
+that small-scale production does not allow for a custom-made motor. Limiting the selection to off-the-shelf brushless
+motors leads to an unpredictability of bearing life due to the cost of precision bearings. Complicating things, bearing
+specifications are not usually included in motor datasheets.
+
+Compared to the market for off-the-shelf small brushless motors, cooling fans are easier to shop for. A large selection
+of products with various form factors and specifications is available, and manufacturers usually give detailed
+information on both performance and lifetime. Industrial and server cooling fans are commonly rated for uninterrupted
+24/7 operation. The cooling fans can be located on the outside of the envelope in an easily accessible location. Like in
+many servers, they can be set up in a redundant way such that a failed cooling fan can be replaced while the system
+continues to operate.
+
+The main drawback of a fan-driven IHSM is the amount of airflow necessary. To maximize payload volume, the fan blades
+must be kept as narrow as possible. Narrow fan blades work best at high air speed, but high air speed requires the fan
+to have high airflow. Besides limiting fan selection and increasing power consumption, high airflow fans also are noisy.
+Despite these limitations, we consider fan-driven IHSMs a valid tradeoff since such a system would most likely be
+deployed in a datacenter where high noise levels are acceptable.
 
 \section{Outlook}
 

common-defs.tex

@@ -7,11 +7,13 @@
 \usepackage[
     backend=biber,
     style=numeric,
+    backref=true,
     natbib=true,
     url=false, 
     doi=true,
     eprint=false,
     refsegment=chapter,
+    date=iso,
     ]{biblatex}
 \addbibresource{main.bib}
 \DeclareSourcemap{
@@ -52,12 +54,20 @@
     \ifdefined\thesispreviewmode %
         (draft \texttt{\input{version.tex}\unskip}) %
     \fi %
-\leftmark}
+    \leftmark}
-\fancyhead[OL]{\footnotesize\rightmark}
+\fancyhead[OL]{\footnotesize%
+    \ifdefined\thesisoneside %
+        \leftmark%
+        \ifdefined\thesispreviewmode %
+            \\(draft \texttt{\input{version.tex}\unskip}) %
+        \fi %
+    \else%
+        \rightmark%
+    \fi}
 \fancyhead[EL,OR]{\thepage}
-
 \fancyfoot[LCR]{}
 
+\setlength{\headheight}{13.6pt}
 \fancypagestyle{plain}{%
     \fancyhf{}%
     \renewcommand{\headrulewidth}{0pt}%
@@ -149,21 +159,67 @@
 \DeclareRefcontext{patref}{labelprefix=P}
 \DeclareRefcontext{defref}{}
 \DeclareFieldFormat{labelprefix}{\textsuperscript{\sffamily#1}}
+\defbibfilter{webstuff}{
+    ( type=online or type=software or type=video )
+    and not keyword={preprint}
+}
 
 \newcommand{\chapterbibliography}{
     \FloatBarrier
     \addcontentsline{toc}{section}{References}
     \newrefcontext{webref}
-    \printbibliography[type={online},title={Web sources},heading=subbibliography,resetnumbers=false,segment=\therefsegment]
+    \printbibliography[filter={webstuff},title={Web sources},heading=subbibliography,resetnumbers=false,segment=\therefsegment]
     \newrefcontext{patref}
     \printbibliography[type={patent},title={Patent References},heading=subbibliography,resetnumbers=false,segment=\therefsegment]
     \newrefcontext{defref}
     \printbibliography[nottype={online},nottype={patent},heading=subbibliography,resetnumbers=false,segment=\therefsegment]
 }
 
+% Fix for random mixed date formats, generated with claude.ai
+% Redefine the date printing macro
+\renewbibmacro*{date}{%
+  \iffieldundef{year}
+    {}
+    {\printtext{%
+       \thefield{year}%
+       \iffieldundef{month}
+         {}
+         {-\mkdatezeros{\thefield{month}}%
+          \iffieldundef{day}
+            {}
+            {-\mkdatezeros{\thefield{day}}}}%
+     }}%
+}
+
+% Redefine urldate printing
+\renewbibmacro*{urldate}{%
+  \iffieldundef{urlyear}
+    {}
+    {\printtext[urldate]{%
+       \thefield{urlyear}%
+       \iffieldundef{urlmonth}
+         {}
+         {-\mkdatezeros{\thefield{urlmonth}}%
+          \iffieldundef{urlday}
+            {}
+            {-\mkdatezeros{\thefield{urlday}}}}%
+     }}%
+}
+% end fix
+
 \newrefcontext{defref}
 
 \hyphenation{a-me-na-ble}
 \hyphenation{da-ta-cen-ter}
+\hyphenation{Si-cher-heits-mo-du-l}
+\hyphenation{Si-cher-heits-mo-du-le}
+\babelhyphenation[ngerman]{Si-cher-heits-mo-dul}
 
 \setstretch{1.3}
+
+\DeclareUnicodeCharacter{2B24}{$\bullet$}
+\newcommand{\sampleno}[1]{\textsf{#1}}
+% Settings for tocloft as applied to minitoc
+%\setlength{\cftbeforesecskip}{-1pt}
+%\setlength{\cftbeforesubsecskip}{-1pt}
+

common-packages.tex

@@ -1,4 +1,4 @@
-\usepackage[ngerman, english]{babel}
+\usepackage[ngerman,english]{babel}
 \usepackage[utf8]{inputenc}
 \usepackage[T1]{fontenc}
 \usepackage{amssymb}
@@ -23,6 +23,9 @@
 \usepackage{commath}
 \usepackage{graphicx,color}
 \usepackage{ccicons}
+\usepackage{rotating}
+\usepackage{pdflscape}
+\usepackage{afterpage}
 \usepackage{subcaption}
 \usepackage{float}
 \usepackage{footmisc}
@@ -33,10 +36,17 @@
 \usepackage{pdfpages}
 \usepackage{etoolbox}
 \usepackage{catchfile}
-\usepackage{colortbl}
 \usepackage{rotating}
 \usepackage{placeins}
-\usepackage{minted} % pygmentized source code
+\usepackage{overpic}
+\usepackage{adjustbox}
+% FOr table formatting
+\usepackage{ragged2e}
+\usepackage{array}
+\usepackage{longtable}
+\usepackage{colortbl}
+% pygmentized source code
+\usepackage{minted}
 %\usepackage[pdftex]{graphicx,color}
 %\usepackage{showframe} % Useful for page layout debugging
 \usepackage{csquotes}

defence/pearson-corr-sample.tex

@@ -0,0 +1,21 @@
+\documentclass[convert={density=500}, border=2pt, varwidth=3in]{standalone}
+
+\usepackage{amsmath}
+\usepackage{amssymb}
+
+\begin{document}
+
+\begin{align*}
+r_{X, Y} &= \frac{
+\sum_{i=1}^n(x_i - \overline{x})(y_i - \overline{y})
+}{
+\sqrt{
+\sum_{i=1}^n(x_i-\overline{x})^2
+}
+\sqrt{
+\sum_{i=1}^n(y_i-\overline{y})^2
+}
+}
+\end{align*}
+
+\end{document}

defence/pearson-corr.tex

@@ -0,0 +1,12 @@
+\documentclass[convert={density=500}, border=2pt, varwidth=2in]{standalone}
+
+\usepackage{amsmath}
+\usepackage{amssymb}
+
+\begin{document}
+
+\begin{align*}
+\rho_{X,Y} &= \frac{\mathrm{cov}\left(X, Y\right)}{\sigma_X \sigma_Y}
+\end{align*}
+
+\end{document}

defence/phd defence pulse shaping.svg

@@ -0,0 +1,957 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="370mm"
+   height="130mm"
+   viewBox="0 0 370 130"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="phd defence pulse shaping.svg"
+   inkscape:export-filename="phd defence pulse shaping.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     showguides="true"
+     inkscape:zoom="0.76530729"
+     inkscape:cx="755.90551"
+     inkscape:cy="186.19972"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1">
+    <sodipodi:guide
+       position="248.21932,98.214501"
+       orientation="1,0"
+       id="guide87"
+       inkscape:locked="false" />
+  </sodipodi:namedview>
+  <defs
+     id="defs1">
+    <rect
+       x="953.65973"
+       y="610.6676"
+       width="100.02054"
+       height="89.777473"
+       id="rect80" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect21" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="227.89349"
+       height="103.19007"
+       id="rect52" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect53" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect60" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect61" />
+    <rect
+       x="953.65973"
+       y="610.6676"
+       width="100.02054"
+       height="89.777473"
+       id="rect81" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect101" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19-0" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122-8" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="171.10724"
+       height="119.79226"
+       id="rect127" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122-9" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect52-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect150" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect174" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="237.56361"
+       height="114.82543"
+       id="rect174-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19-7" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect21-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="446.81161"
+       height="78.359024"
+       id="rect203" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="237.56361"
+       height="114.82543"
+       id="rect255" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect52-1-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-4" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect256" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect257" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect258" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect259" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect260" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect262" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect263" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect264" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect60-2" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect266" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect267" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="322.63501"
+       height="112.18803"
+       id="rect271" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect21-8" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="322.63501"
+       height="112.18803"
+       id="rect271-3" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-5" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-5-5" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect21-8-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect89" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect90" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-52.874035,-113.01615)">
+    <rect
+       style="fill:#fff6d5;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:3, 3;stroke-dashoffset:0"
+       id="rect268"
+       width="42.333237"
+       height="66.035202"
+       x="342.47104"
+       y="145.78185" />
+    <rect
+       style="fill:#ffd5d5;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:3, 3;stroke-dashoffset:0"
+       id="rect18"
+       width="70.229004"
+       height="28.407305"
+       x="-272.7662"
+       y="162.84944"
+       transform="scale(-1,1)" />
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 251.1584,167.71079 v 19.77278 l 17.12372,-9.88639 -17.12372,-9.88639"
+       id="path10"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 209.28026,167.71079 v 19.77278 l 17.12372,-9.88639 -17.12372,-9.88639"
+       id="path12"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 251.1584,174.2632 H 220.62936"
+       id="path13" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 251.1584,180.93116 H 220.62936"
+       id="path14" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 209.28026,174.2632 H 178.75122"
+       id="path15" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 209.28026,180.93116 H 178.75122"
+       id="path16" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 311.97135,174.2632 H 262.5075"
+       id="path17"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 311.97135,180.93116 H 262.5075"
+       id="path18"
+       sodipodi:nodetypes="cc" />
+    <g
+       id="g39"
+       transform="translate(-13.828868,-2.4200519)" />
+    <g
+       id="g270"
+       transform="translate(86.653142,-178.07344)">
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,51.585057,220.89179)"
+         id="text60"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Source Sans Pro';-inkscape-font-specification:'Source Sans Pro';text-align:center;white-space:pre;shape-inside:url(#rect60);display:inline"><tspan
+           x="779.99356"
+           y="326.43329"
+           id="tspan3">BAT17-04W</tspan></text>
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,50.646671,229.58019)"
+         id="text61"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Source Sans Pro';-inkscape-font-specification:'Source Sans Pro';text-align:center;white-space:pre;shape-inside:url(#rect61);display:inline"><tspan
+           x="778.60694"
+           y="326.43329"
+           id="tspan4">RF Schottky</tspan></text>
+    </g>
+    <g
+       id="g68"
+       transform="translate(155.9321,-23.998135)">
+      <g
+         id="g59"
+         transform="rotate(-135,217.33697,188.46118)">
+        <rect
+           style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-dashoffset:0"
+           id="rect54"
+           width="20.126814"
+           height="20.126814"
+           x="202.02536"
+           y="163.96376" />
+        <g
+           id="use56"
+           transform="matrix(1,0,0,-1,2.73499,327.96666)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path90"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path91"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use91"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use57"
+           transform="matrix(1,0,0,-1,2.735,348.06531)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path92"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path93"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use93"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use58"
+           transform="rotate(90,200.68751,165.3609)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path94"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path97"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use97"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use59"
+           transform="rotate(90,210.75092,175.42431)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path98"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path99"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use99"
+             sodipodi:nodetypes="cccc" />
+        </g>
+      </g>
+      <g
+         id="use67">
+        <rect
+           style="fill:#ffffff;stroke:#000000;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-dashoffset:0"
+           id="rect100"
+           width="2.7993064"
+           height="6.9347825"
+           x="209.44197"
+           y="178.0285" />
+        <path
+           style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+           d="m 210.84162,188.1468 v -3.18352"
+           id="path100"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+           d="m 210.84162,178.0285 v -3.18352"
+           id="path101"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <use
+         x="0"
+         y="0"
+         xlink:href="#use67"
+         id="use68"
+         transform="translate(1.6482057e-6,41.765435)" />
+    </g>
+    <path
+       style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+       d="m 381.00554,178.32411 h 9.08403"
+       id="path76"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+       d="m 338.42306,178.38047 h 14.11886"
+       id="path79"
+       sodipodi:nodetypes="cc" />
+    <g
+       id="g117"
+       transform="matrix(0,1,1,0,86.037856,-9.6307419)">
+      <g
+         id="use116"
+         transform="translate(215.79323,-70.783667)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect102"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path102"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path103"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path110"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path112"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <g
+         id="use117"
+         transform="translate(222.46119,-70.859177)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect112"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path113"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path114"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path115"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path116"
+           sodipodi:nodetypes="cc" />
+      </g>
+    </g>
+    <rect
+       style="font-variation-settings:normal;opacity:1;fill:#e3d7f4;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect119"
+       width="68.967163"
+       height="41.859745"
+       x="64.002045"
+       y="156.69553" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,5.2759552,144.60139)"
+       id="text20"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect21-8);display:inline"><tspan
+         x="774.22896"
+         y="329.32216"
+         id="tspan5">Pulse Amplifier</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-126.52602,93.775442)"
+       id="text18-2"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect19-0);display:inline"><tspan
+         x="773.14281"
+         y="326.85384"
+         id="tspan6">STM32G474</tspan></text>
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 167.35324,167.73901 v 19.77279 l 17.12372,-9.8864 -17.12372,-9.88639"
+       id="path120-5"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 167.35324,177.62541 H 132.96921"
+       id="path16-0"
+       sodipodi:nodetypes="cc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-48.680475,116.45311)"
+       id="text121"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3);display:inline"><tspan
+         x="772.99958"
+         y="326.85384"
+         id="tspan7">74LVC2G157</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,12.7494,69.082544)"
+       id="text121-3"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3-5);display:inline"><tspan
+         x="772.28343"
+         y="326.85384"
+         id="tspan8">PI3HDX12211</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-49.475329,125.14987)"
+       id="text122"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect122-8);display:inline"><tspan
+         x="757.34809"
+         y="329.32216"
+         id="tspan9">Single-Ended
+</tspan><tspan
+         x="757.87804"
+         y="365.98879"
+         id="tspan10">to Differential </tspan><tspan
+         x="771.97893"
+         y="402.65542"
+         id="tspan11">Conversion</tspan></text>
+    <g
+       id="g271"
+       transform="translate(-345.1311,41.371294)">
+      <rect
+         style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+         id="rect123"
+         width="43.775135"
+         height="27.05452"
+         x="499.15863"
+         y="79.648224" />
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,300.87774,-0.17833149)"
+         id="text127"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect127);display:inline"><tspan
+           x="768.51196"
+           y="326.85384"
+           id="tspan12">Adjustable </tspan><tspan
+           x="786.47423"
+           y="360.18721"
+           id="tspan13">Voltage </tspan><tspan
+           x="774.55364"
+           y="393.52059"
+           id="tspan14">Regulator</tspan></text>
+    </g>
+    <g
+       id="use132"
+       transform="rotate(90,157.72608,367.98634)">
+      <rect
+         style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+         id="rect116"
+         width="4.5996766"
+         height="1.8177247"
+         x="-34.179646"
+         y="178.76157" />
+      <path
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m -31.879804,183.76281 v -3.18352"
+         id="path117"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m -31.879804,178.76156 v -3.18352"
+         id="path118"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+         d="m -34.179644,178.76156 h 4.599677"
+         id="path119"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+         d="m -34.179644,180.57929 h 4.599677"
+         id="path120"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <g
+       id="g143"
+       transform="matrix(0,1,1,0,170.92142,-9.6502219)">
+      <g
+         id="use142"
+         transform="translate(215.79323,-70.783667)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect120"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path121"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path122"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path123"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path124"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <g
+         id="use143"
+         transform="translate(222.46119,-70.859177)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect124"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path125"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path126"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path127"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path128"
+           sodipodi:nodetypes="cc" />
+      </g>
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-142.04825,144.60139)"
+       id="text270"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect271);display:inline"><tspan
+         x="803.32076"
+         y="329.32216"
+         id="tspan15">Microcontroller</tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 175.9151,172.6822 V 148.07404"
+       id="path73" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 154.02753,134.54678 H 98.485632 v 22.14876"
+       id="path77"
+       sodipodi:nodetypes="ccc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,103.29647,93.921487)"
+       id="text121-3-4"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3-5-5);display:inline"><tspan
+         x="819.5426"
+         y="326.85384"
+         id="tspan16">Input</tspan></text>
+    <g
+       id="g87"
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       transform="translate(10.878009,7.7533681)">
+      <path
+         id="path104"
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m 284.21784,205.97009 c -1e-5,0.70399 1.16966,1.27468 2.61252,1.27468 1.44285,0 2.61252,-0.57069 2.61251,-1.27468"
+         sodipodi:nodetypes="csc" />
+      <ellipse
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         id="ellipse104"
+         cx="-286.83035"
+         cy="179.00661"
+         rx="2.6125116"
+         ry="1.274675"
+         transform="scale(-1,1)" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 289.44287,179.00661 v 26.96348"
+         id="path105"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 284.21784,179.00661 v 26.96348"
+         id="path106"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,207.24477 v 4.57746"
+         id="path107" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="M 284.21784,205.97009 H 279.4833"
+         id="path108"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,178.98444 v -5.79542"
+         id="path109"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 281.60398,211.82223 h -4.24137"
+         id="path78"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 288.95104,211.82223 h -4.24137"
+         id="path111"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+         d="m 279.48329,205.97009 v 5.85214"
+         id="path87" />
+    </g>
+    <g
+       id="g87-2"
+       transform="matrix(1,0,0,-1,10.877997,347.45222)">
+      <path
+         id="path104-2"
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m 284.21784,205.97009 c -1e-5,0.70399 1.16966,1.27468 2.61252,1.27468 1.44285,0 2.61252,-0.57069 2.61251,-1.27468"
+         sodipodi:nodetypes="csc" />
+      <ellipse
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         id="ellipse104-6"
+         cx="-286.83035"
+         cy="179.00661"
+         rx="2.6125116"
+         ry="1.274675"
+         transform="scale(-1,1)" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 289.44287,179.00661 v 26.96348"
+         id="path105-1"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 284.21784,179.00661 v 26.96348"
+         id="path106-0"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,207.24477 v 4.57746"
+         id="path107-6" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="M 284.21784,205.97009 H 279.4833"
+         id="path108-1"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,178.98444 v -5.79542"
+         id="path109-5"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 281.60398,211.82223 h -4.24137"
+         id="path78-9"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 288.95104,211.82223 h -4.24137"
+         id="path111-4"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+         d="m 279.48329,205.97009 v 5.85214"
+         id="path87-9" />
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,61.195785,144.60139)"
+       id="text20-1"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect21-8-1);display:inline"><tspan
+         x="818.55834"
+         y="329.32216"
+         id="tspan17">Clip Line</tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="m 366.7737,150.84685 h -54.80235 v 0 23.41635"
+       id="path88" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 366.77373,205.9141 H 311.97135 V 180.93116"
+       id="path89"
+       sodipodi:nodetypes="ccc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,177.7178,93.921487)"
+       id="text89"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect89);display:inline"><tspan
+         x="808.53348"
+         y="326.85384"
+         id="tspan18">Output</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,130.52701,144.60139)"
+       id="text90"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect90);display:inline"><tspan
+         x="777.58052"
+         y="329.32216"
+         id="tspan19">Sampling Gate</tspan></text>
+  </g>
+</svg>

defence/phd defence tdr principle.svg

@@ -0,0 +1,376 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="100mm"
+   height="60mm"
+   viewBox="0 0 100 60"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="phd defence tdr principle.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1.6739708"
+     inkscape:cx="150.83896"
+     inkscape:cy="138.29393"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect12" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0-9" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0-0" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect25" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-63.811274,-50.604338)">
+    <g
+       id="g3"
+       transform="matrix(0.24012329,0,0,0.23457606,81.922797,65.216881)"
+       style="stroke-width:2.10674;stroke-dasharray:none">
+      <rect
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+         id="rect1"
+         width="52.476543"
+         height="40.305092"
+         x="74.212349"
+         y="54.643913" />
+      <g
+         id="g2"
+         transform="translate(-3.7859123,-1.9406318)"
+         style="stroke-width:2.10674;stroke-dasharray:none">
+        <path
+           style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+           d="M 123.31803,65.720385 85.155036,87.753797"
+           id="path1" />
+        <path
+           style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+           d="M 123.31803,87.753797 85.155036,65.720385"
+           id="path2" />
+      </g>
+    </g>
+    <g
+       id="g4"
+       transform="translate(31.446729,-5.2641985)">
+      <rect
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:0.5;stroke-linejoin:round;stroke-dasharray:none"
+         id="rect1-3"
+         width="12.600841"
+         height="9.4546099"
+         x="42.850857"
+         y="71.155426" />
+      <path
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 44.314411,78.24975 h 3.904353 v -5.010587 h 4.229716 v 5.010587 h 2.082322"
+         id="path3"
+         sodipodi:nodetypes="cccccc" />
+    </g>
+    <circle
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linejoin:round;stroke-dasharray:none"
+       id="path4"
+       cx="80.598007"
+       cy="91.641884"
+       r="6.5220127" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 112.40881,80.178084 h 9.96623"
+       id="path5"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 122.37504,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path6"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 129.26345,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path7"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 136.15186,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path8"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 143.04027,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path9"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 118.71556,72.618668 h 1.69044 c 0.8343,-0.02487 0.96416,-3.389326 1.59899,-3.225756 0.48905,0.126012 -0.0471,3.225756 0.82615,3.225756 h 1.84447"
+       id="path11"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g12"
+       transform="matrix(1.1890548,0,0,1.1890548,-20.775141,-10.295906)"
+       style="stroke-width:0.841004">
+      <text
+         xml:space="preserve"
+         transform="scale(0.26458333)"
+         id="text11"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan6"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan5">Z</tspan></tspan></text>
+      <text
+         xml:space="preserve"
+         transform="matrix(0.16085311,0,0,0.16085311,59.294945,33.617914)"
+         id="text12"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect12);display:inline;fill:none;stroke:#1a1612;stroke-width:2.61419;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan8"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan7">term</tspan></tspan></text>
+    </g>
+    <path
+       style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 149.92868,80.178084 v 4.324963"
+       id="path12" />
+    <g
+       id="g16"
+       transform="translate(9.0092604,4.3073374)">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 140.91941,88.369128 v 4.324963"
+         id="path13" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 142.94854,92.694091 h -4.05827"
+         id="path14"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 142.17512,93.79642 h -2.51145"
+         id="path15"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 141.45505,94.86319 h -1.0713"
+         id="path16"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <rect
+       style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       id="rect16"
+       width="3.2248845"
+       height="8.1734142"
+       x="148.31622"
+       y="84.503052" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-38.393695,-27.642884)"
+       id="text11-6"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+         x="551.65234"
+         y="317.93003"
+         id="tspan10"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan9">Mesh</tspan></tspan></text>
+    <g
+       id="g18"
+       transform="matrix(0.54818411,0,0,0.52713488,61.970729,38.534926)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18" />
+    </g>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 145.10975,83.740846 h -1.69044 c -0.8343,0.0249 -0.96416,3.38932 -1.59899,3.22575 -0.48905,-0.12601 0.0471,-3.22575 -0.82615,-3.22575 h -1.84447"
+       id="path19"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g21"
+       transform="matrix(-0.54818411,0,0,-0.52713488,201.85459,117.82459)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path20" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path21" />
+    </g>
+    <g
+       id="g18-1"
+       transform="matrix(0.54818411,0,0,0.52713488,32.981996,45.838032)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-8" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-7" />
+    </g>
+    <g
+       id="g18-3"
+       transform="matrix(-0.54818411,0,0,0.52713488,160.38558,54.563203)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-7" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-5" />
+    </g>
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 86.898427,70.618534 h 4.170574 v 9.558567 h 8.673909"
+       id="path22"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 99.74291,85.428682 h -8.780343 v 6.400233 h -3.845234"
+       id="path23" />
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 74.315839,91.552506 c 1.162887,-0.268434 1.677432,3.187804 2.134029,3.292669 0.844521,0.193958 1.315889,-6.385784 2.13403,-6.385784 1.183523,0 1.021225,6.385784 2.134029,6.385784 0.759208,0 1.363034,-6.385784 2.134029,-6.385784 1.018512,0 1.296598,6.890369 2.13403,6.385784 0.468664,-0.282388 0.82304,-4.114815 2.134029,-3.292669"
+       id="path24"
+       sodipodi:nodetypes="csssssc" />
+    <g
+       id="layer1-7"
+       transform="translate(-25.02147,9.3303218)">
+      <text
+         xml:space="preserve"
+         transform="matrix(0.31460408,0,0,0.31460408,-48.737596,-33.80712)"
+         id="text11-6-8"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0-9);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan12"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan11">Coupler</tspan></tspan></text>
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-102.80337,-40.812044)"
+       id="text11-6-1"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-align:center;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0-0);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       x="31.176607"
+       y="0"><tspan
+         x="569.15198"
+         y="317.93003"
+         id="tspan14"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan13">Pulse </tspan></tspan><tspan
+         x="557.78996"
+         y="328.67985"
+         id="tspan16"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan15">Generator</tspan></tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-102.80337,3.0114252)"
+       id="text25"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-align:center;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect25);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       x="31.176607"
+       y="0"><tspan
+         x="562.15716"
+         y="317.93003"
+         id="tspan18"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan17">Sampler</tspan></tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 89.5926,68.72123 h 1.69044 c 0.8343,-0.02487 0.96416,-3.389326 1.59899,-3.225756 0.48905,0.126012 -0.0471,3.225756 0.82615,3.225756 h 1.84447"
+       id="path11-1"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g18-5"
+       transform="matrix(0.54818411,0,0,0.52713488,32.847772,34.637488)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-5" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-4" />
+    </g>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 95.74733,94.005475 h -1.69044 c -0.8343,0.02487 -0.96416,3.389326 -1.59899,3.225756 -0.48905,-0.126012 0.0471,-3.225756 -0.82615,-3.225756 h -1.84447"
+       id="path25"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g27"
+       transform="matrix(-0.54818411,0,0,-0.52713488,152.49216,128.08922)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path26" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path27" />
+    </g>
+  </g>
+</svg>