SM: You can gage a key from power consumption?
PK: Yes. This is one of our biggest business areas. At the lowest level you have transistors, which are just voltage-controlled gates. When the connectivity of the substrate changes, electrons flow. What happens in the whole chip is basically the sum of the power consumption and the current going through all of the transistors.
SM: And you can decode that at the granular level?
PK: The trick is to measure a bunch of different operations with the same key. Then you can make a hypothesis about what a piece or function of that key might be, and test it by checking whether that prediction is correlated to the data set. It is a technique we call Differential Power Analysis. It is really powerful. You can do signal processing or error correction type analysis. No matter how noisy the data is, if you have enough data you can pull the key out. It is a nightmare for designers who used to think, “Here is the mathematical problem” and would expect product implementers to just put it in the product. Suddenly you have analog properties in your chip that are ruining the mathematical security of the algorithm. It used to be that the cryptographers would never talk to the hardware engineers, much less the guys who were worried about the cell libraries and the underlying electrical properties of the chip being produced. Traditional compartmentalization meant that this problem did not get noticed for much longer than it should have.
Josh, the first guy we hired, had a background in radio astronomy, which involves pulling tiny signals out from noise. I had written a paper that looked at timing measurements based on cache hits to determine cryptographic keys. Some of these techniques and some other things combined to discover this problem.
We did a research project to fix that problem and ultimately filed a bunch of patents that we are now making a big licensing business out of. It has taken nearly ten years for that business to be profitable. Venture capitalists would not have had the patience for that.
SM: IP licensing in general is not a venture capitalist model. A few have tried.
PK: The IP licensing business model is also getting more expensive to do. We did one litigation, which was against Visa, and we settled that recently. However, you end up sinking millions of dollars into this process. It is very expensive. It is not fun. You don’t wake up and think, “I want to go sue somebody”. You have to at times; it is part of the business.
SM: I do like your model of creating a body of intellectual property and letting somebody else do the legwork.
PK: With law firms, if you throw money at the problem you can get a good outcome. We have a really strong general counsel, Joseph Yang. He founded and led the IP transactions at Skadden, Arps, Slate, Meagher & Flom, which is one of the world’s preeminent law firms. He is very well known in the Valley. He originally filed the patents, and he guided the litigation.
Historically, people have followed a model where the research is handed off to the implementer, who hands it off to the product marketing folks to see if there is a business. The approach I have always liked is when we try to get continuity. When people have ideas I like to see them stick with it all the way through the process. With the power analysis work, Josh and I have done the technical work all the way through.
SM: Are there anchor clients you work with on the power analysis work?
PK: We have announced a bunch of licenses. The two top manufacturers are both licensees, and they make a billion chips a year on our license. Anywhere you are trying to build a chip that keeps its keys, if it falls into the wrong hands is an ideal case for our solution. There is a new US government standard coming into effect early next year which defines the standard for any cryptographic gear the government buys, and it requires these countermeasures in those products. There are a whole new group of companies out there that we will be dealing with, that we will start to deal with as they find ways to meet these requirements. The adoption of the countermeasures is being driven by the standards of the purchasers.