[MaraDNS list] MaraDNS now has funding

Sun Apr 1 21:33:00 EDT 2012

On 04-01 20:17, david sevilla wrote:
> HOLY cow, congratulations and keep up the good work.
> 
> -----Original Message-----
> 
> From: Sam Trenholme
> Sent: 2 Apr 2012 00:17:15 GMT
> To: MaraDNS support mailing list
> Subject: [MaraDNS list] MaraDNS now has funding
> 
> MaraDNS now has funding
> I am very pleased to let the community of MaraDNS users know that I
> have gotten a $1,048,576 USD grant from an anonymous donor. In light
> of this, I will be able to implement some features I have been meaning
> to implement in MaraDNS.
> 

I just skiped this part, and didn't notice this ridiculus amount of
money. I was thinkig more like $ 1,048.57 USD, which may be resonable.

> == DNSSEC and DNSCurve ==
> 
> First of all, this funding will give me a chance to fully implement
> DNSSEC and DNSCurve. Due to the amount of code that needs to be
> written, I will hire Dan Kaminsky to help me implement the DNSSEC
> code, as well has contracting Daniel J. Bernstein to write the
> DNSCurve code.
> 

EE? Really? Wow.

> The code will be in separate modules and I hope it will be possible to
> compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at
> the same time; this is a logistical issue we will work out.
> 
> == Random number generator ==
> 
> In addition to contracting Daniel J. Bernstein to write the DNSCurve
> code, I will also bring in Guido Bertoni, Joan Daemen, Michael
> Peeters, and Gilles Van Assche who will work with Bernstein in
> implementing a high-speed cryptographic block cipher with a 1024-bit
> block size on 32-bit platforms, a 2048-bit block size on 64-bit
> platforms,

why different ones?

> a 4096-bit block size on 128-bit platforms, as well as a
> 1152-bit block size on 36-bit platforms for our substantial number of
> users who run MaraDNS and Deadwood on PDP-10s.
> 

very funny. Then I checked begining. What? 1M$ ? Ah, 1st April. :)

> This block cipher primitive will be used in a sponge mode of operation
> as a pseudo-random number generator for Deadwood.

It takes years to create safe crypto primities, and then use them (look
at SHA-3, it takes few years to just review and choice already existing
algorithms!), and 1M$ would not be enough to make this process any faster.

> 
> We will also research making a hash compression primitive for 32-bit,
> 36-bit, 64-bit, and 128-bit platforms which is both very fast and
> cryptographically secure from collisions as long as our attacker
> doesn't know the primitive's randomly generated secret number.
> 
> == Other plans ==
> 
> I was hoping to be able to implement a 20nm 128-bit version of the
> 6502 processor with memory management and protected mode, as well as a
> series of op codes to make processing DNS packets faster (such as
> FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the
> $5 billion grant needed to implement this processor until our team
> successfully implements DNSSEC, DNSCurve, as well as the
> large-block-size cipher, not to mention the secure hash compressor.
> 
>

Actually implementing such things should cost way below 1M$. You can
prototype such things on FPGA, and actually create ASIC relativly
cheaply, especially when cooperating with some univeristy.

Of course if you want, because I dubt it will bring any significant speedup.

> This should all be done within a year, and I will then be able to get
> a larger grant. I will let people know what that grant will let us do
> a year from today, on Monday, April 1, 2013.

-- 
Witold Baryluk
JID: witold.baryluk // jabster.pl