\chapterquote{Meredith Whittaker~\cite{greenbergSignalMoreEncrypted2024}}{ It’s not for lack of ideas or possibilities. It’s that we actually have to start taking seriously the shifts that are going to be required to do this thing—to build tech that rejects surveillance and centralized control—whose necessity is now obvious to everyone. } \chaptertitle{Introduction} \label{chapter-intro} % New draft: % % Passionate statement about democracy and academic freedom % % We live in times of rising fascist and authoritarian sentiment worldwide. While computer science and cryptography are % often portrayed as politically neutral technologies, their practice is a political act and can have grave real-world % consequences. % maybe: Within mathematics and computer science, the field of cryptography is unique in that it smainstream views % link to cypherpunks, hackers % Hardware Security Modules (HSMs) are an example of such a political technology. The core function of HSMs is to % protect cryptographic secrets against \emph{any} physical attack. Even though they are widely used in finance and % business applications, in their design, they curiously embody the radical idiology of the cypherpunk and hacker % movements. % % We believe physically secure devices like HSMs can be a keystone technology in the creation of secure systems for % communication and computation in a free, democratic society. However, while current state-of-the art commercial % devices can be expected to resist a fascist police force or even some authoritarian states' secret services, their % physical security is still lacking due to misaligned ecosystem incentices. As Anderson put it, % todo cite: betrusted % % % Meanwhile in academia, % In this thesis, we aim to significantly advance the field of hardware security module construction. We publish all % designs, code and data as open source to create the groundwork for future research, and sow the seeds for a new % generation of secure hardware that will be able to resist a rising tide of fascist and authoritarian movements. % % % % Research questions: % 1. can hsm w/o proprietary mesh? % 2. how do meshes look like in practice? % 3. can we improve monitoring? % 4. can we solve power transfer issue % 5. applications % \emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. In modern cryptography, it is generally seen as best practice to have the least amount of parties possible involved in any computation. Most cryptographic problems are easily solved by involving a trusted third party (TTP). Yet, cryptographers have time and again vocally rejected attempts to involve third parties in cryptographic protocols~\cite{ abelsonRisksKeyRecovery1997, abelsonKeysDoormats2015, andersonSecurityEngineeringGuide2020, rogawayMoralCharacterCryptographic2015, }. Considerable research has been focused on creating a versatile set of tools to perform tasks as diverse as secure communication~\cite{ alwenDoubleRatchetSecurity2019, marlinspikeDoubleRatchetAlgorithm2025, dowlingFlexibleAuthenticatedConfidential2020, sasySoKMetadataProtectingCommunication2024}, oblivious database access~\cite{ chorPrivateInformationRetrieval, aguilar-melchorXPIRPrivateInformation2016, reichertMenhirObliviousDatabase2024}, and even general computation~\cite{ goosInformationTheoreticallySecure1999, aumannSecurityCovertAdversaries2010, chorPrivateInformationRetrieval} in a decentralized way that avoids trusted authorities. While politically, this blanket rejection of authority represents a fringe viewpoint, in cryptography it has a long tradition originating with the Cypherpunk and Hacker movements~\cite{ andersonCypherpunkEthicsRadical2022, hughesCypherpunksManifesto, jarvisCryptoWarsFight2020, marlinspikeWeShouldAll2013}, and extending throughout mainstream academic cryptography. While the aforementioned cryptographic tools enable a large gamut of use cases in theory, in practice cryptographic systems are still routinely compromised~\cite{ gellmanNSAInfiltratesLinks2013, goldmanUnrestrainedChineseCyberattackers2025, scott-railtonWhoseAuthorityPegasus2024, quintinSomethingRememberUs2024, marczakGraphiteCaughtFirst2025}. A fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even today, average computing hardware provides little physical security~\cite{ gotzfriedCacheAttacksIntel2017, Lipp2018meltdown, Kocher2018spectre, moghimiTPMFAILTPMMeets2020}. \emph{Hardware Security Modules} are a class of devices specifically designed to execute cryptographic algorithms while providing strict physical security guarantees, but these systems are expensive, and their physical security is often questionable (cf.~Chapter~\ref{chapter-survey})~\cite{ obermaier2018, andersonSecurityEngineeringGuide2020}. As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their security standards: % FIXME page numbers \begin{quote} Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker buying HSMs probably won’t be aware of the huge gap between FIPS\footnote{Anderson here refers to the US national HSM security standard FIPS 140~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002, usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}} level 3 and level 4, and understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance, and where real security clashes with operations it’s not surprising to see weaker standards designed to make compliance easier. \begin{flushright} \textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629} \end{flushright} \end{quote} In this thesis, we aim to fill this gap in easily obtainable, secure hardware and extend the level of protection afforded by cryptographic protocol design down the technology stack to the hardware level. We propose a new HSM design that unlike existing designs can be manufactured at low cost and without access to specialized tools. % Go into drawbacks of existing HSMs We publish our design fully open source, including all detials necessary for replication. A fundamental principle in cryptographic engineering is Kerckhoffs' principle\footnote{ \textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source, as well as a translation of the cited part from French. The original source is \textcite{kerckhoffsCryptographieMilitaire1883}. }, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By publishing all details of our research into HSMs and their components, we provide the foundation for future independent research. Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design should be transparent and not include any hidden components or opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be replicated from standard components and eliminates this issue. \section{Research Questions and Contributions} Based on the current state of the field of hardware security, we deduce three overarching research questions for this thesis that progress from theory to practical deployment. \begin{enumerate} \item Can we achieve physical security without relying on conventional tamper-sensing meshes? \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar measurement? \item Can we create the support components necessary to integrate a system that provides a practical security guarantee? \end{enumerate} To answer our first research question, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that extends the high level of protection offered by the modern cryptographic software stack down to the hardware level, enabling secure computation in insecure places. To answer our second question, we propose improvements to the state of the art in HSM tamper sensors such as the use of low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that can even be applied to conventional HSMs. Finally, we answer our last research question by showing in two case studies how an end-to-end design of an IHSM-secured data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD) networks. As part of this effort we provide a solution adapting and improving upon the state of the art in wireless power transfer to supply a rotating inertial HSM with a clean, stable power supply. We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure computation in insecure places even to small organizations such as university research departments, NGOs and small businesses. %\section{Cryptographic Principles and Physical Reality} %Let's take a basic videoconferencing system as an example. In our example system's deployment, users log on to a central %conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video %streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would %have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed %architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access %system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to %the proper function of the videoconference system. %In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the %practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern %open-source software, practical deployments usually are vulnerable to physical attacks. Computer hardware generally is %not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully %prevent them---such attacks usually can only be detected, or at best slowed down. As a result, commonplace attacks %against modern software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted %(E2EE) communication systems can be compromised if one of the encrypted channel's endpoints can be physically %compromised. Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available %as a turnkey solution on the market. \section{Inertial Hardware Security Modules} In this thesis, we propose Inertial Hardware Security Modules (IHSMs) to fill the gap of protecting systems that handle highly sensitive data but that cannot use conventional HSMs for cost or performance reasons. In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic approach of a HSM is to combine a secure software stack with tamper sensors connected to a fast self-destruct mechanism. The tamper sensors are tasked with detecting any physical attack an attacker could mount on the device. Common classes of such sensors include environmental sensors such as temperature or radiation sensors that detect attempts at causing controllable faults in the HSM by heating, cooling or irradiating it. Building on the basic protection offered by such sensors, \emph{tamper-sensing meshes} are often employed. These \emph{meshes} are flexible foils containing circuit traces that are attached to the HSM's enclosure to detect attempts at penetrating the shell of the device with probes. Tamper-sensing meshes usually are the primary line of defense against most physical attacks. They are very effective at mitigating a large variety of physical attacks, but they are difficult to construct securely as they usually require bespoke manufacturing processes. As a result, they are currently only used in niche applications, and even there not every realization is equally secure. The self-destruct mechanism can be hardware or software that quickly and securely destroys all cryptographic secrets, thereby rendering the device worthless to an attacker. IHSMs are a new design approach that utilizes mechanical motion to create secure tamper-sensing meshes from simple components. IHSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to validate its path of motion. IHSMs enable the protection of much larger payloads compared to conventional mesh designs, and they can support larger power dissipation. Combined with their low cost, this enables the implementation of high-level hardware security in applications that previously would not have been possible to secure. IHSMs are the first fully open source HSM with advanced tamper sensing features. Across application domains, IHSMs can be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used because of cost, computing power or implementation effort. Where conventional HSMs come as fully integrated devices that only expose limited APIs to their users, IHSMs at their core are just an enclosure that the user can put whatever hardware they need into, adapting the tamper response to their application's needs. Since the simpler tamper-sensing mesh construction of IHSMs scales to larger payload volumes, entire servers can be protected---something that is impossible with conventional HSMs. Since the mesh in an IHSM is constantly moving, unlike a mesh in a conventional HSM, it does not have to entirely cover the payload. Instead, it can have gaps that allow for air flow between outside and inside, enabling active cooling of the IHSM's payload. This cooling capability sharply increases computing power by increasing feasible payload power dissipation by two orders of magnitude. \section{Conclusion} Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions promising easy hardware security, clearly there is still a lack of solutions that provide the adaptability necessary for some real use cases at low enough cost. By publishing the tamper-sensing technology we developed during the making of this thesis as open source hardware designs, we aim to provide this missing building block to provide high-level hardware security in real-world applications. Our hardware designs can be adapted to devices ranging from Single-Board Computers (SBCs) to servers, they are compatible with non-computing applications like Quantum Key Distribution (QKD) and their design approaches can even be integrated into existing HSM designs to provide better security at little additional cost.