Open and quantum-safe RISC-V security chip OpenTitan for Chromebooks
The Taiwanese chip manufacturer Nuvoton is now mass-producing the open source security chip OpenTitan. It uses the quantum-safe (PQC) algorithm Sphincs+.
The OpenTitan security chip "Earlgrey" is located on the lowRISC Voyager-1 developer board.
(Image: lowRISC)
Series production of the independent OpenTitan implementation"Earlgrey" is underway. An industry consortium led by Google, lowRISC, Western Digital and Giesecke+Devrient has been developing the open security controller OpenTitan since 2018. The chip production partner is the Taiwanese company Nuvoton, a former division of Winbond, which operates its own chip fabs in Taiwan and Singapore.
Google announced the start of production on its own blog. The chips are to be used as hardware Root of Trust (RoT) in new Chromebooks, which are planned for later this year in 2025. Google also wants to use them in servers for its own data centers.
Quantum-safe algorithm PQC
The OpenTitan "Earlgrey" is one of the first available security chips to use a quantum-safe algorithm: Post Quantum Cryptography, PQC. They protect their own firmware (secure boot) with Sphincs+, which NIST standardized in 2024 as FIPS-205 or Stateless Hash-based Digital Signature Algorithm (SLH-DSA). This should enable secure updates to be made to long-lasting devices even if quantum computers are eventually able to crack the cryptographic processes used to date.
In 2022, Infineon announced the Optiga SLB 9672 Trusted Platform Module (TPM) with the Extended Merkle Signature Scheme (XMSS) signature method as a quantum-safe alternative. Recently, the BSI certified an Infineon chip for smart cards that implements FIPS-203 alias ML-KEM (Module Lattice-Based Key-Encapsulation Mechanism).
Videos by heise
Open source and RISC-V for trust
Google has been using different security chips from the Titan family in its own Pixel smartphones, Chromebooks and key storage devices for two-factor authentication for years. The stand-alone chips (Earlgrey) and integrated controllers (Darjeeling) of the OpenTitan series are said to enjoy a particularly high level of trust thanks to their disclosed hardware and software.
The OpenTitan's 32-bit Ibex microcontroller computing core is also disclosed. Its RV32IMCB design comes from RISC-V developers at ETH Zurich and is supported by the non-profit company lowRISC in Cambridge.
However, even the most secure and open security chip cannot solve the problem that sovereignty over the chain of trust lies in the hands of the owner of the root certificate.
Listen to the Bit-Rauschen podcast, episode 2023/23, "Digital key authority":
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Podcast (Podigee GmbH) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Podigee GmbH) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(ciw)
