Send in your ideas. Deadline October 1, 2024
Internet Relay Chat (IRC)
More info available :
Theme fund: Internet Hardening Fund
Start: 2017-02
End: 2019-05


Open hardware for compartmentalizing key material and cryptographic operations

The PITCHFORK is a free/libre hardware device for compartmentalizing key material and cryptographic operations in a small and durable USB device. It uses a minimalist Cortex-M3 processor and stores all keys in the CPU flash memory. The PITCHFORK has an embedded radio interface over which it can do secure key exchanges with other devices, including "post-quantum" cryptography. Over USB it can send and receive messages using various modern low-level crypto protocols, providing different aspects of overall security.

Why does this actually matter to end users?

As we store more of our lives in our computers, and make our businesses, public and private life dependent on technology, we need cryptography to protect ourselves. A mere password is not really enough, if you think about the billions of camera's that can capture you entering a password - from mobile phone to hidden CCTV - after which it is trivial to reconstruct it.

Cryptography basically means using math complexity to keep others from looking at the digital things you care about. Cryptography works with digital "keys" that allow you to hide information in plain sight: the original bits are replaced by scrambled bits, which are meaningless unless you have the keys. If you choose your cryptographic methods wisely someone will have to spend an inordinate amount of time trying to recreate the unencrypted object - even if they have the most powerful computers on the planet working day and night.

Once a computer device you own is compromised, any cryptographic material on the device itself becomes available to the attacker to gain access to wherever that material can give access to - making your secrets as safe as the devices you use. Obviously, in consumer devices like mobile phones or laptops that protection is often very limited indeed - and unfortunately stored in plain text. That means someone can just crack open the device (or sometimes just boot it in a different way) and bypass any protections and passwords on the device itself. Once someone takes out the keys, they gain access to any confidential data. And if they went about carefully, how would you know?

In a PITCHFORK device, the cryptographic material your security depends on is stored in isolated hardware which has been especially designed for that task. Its sole purpose is to protect cryptographic key material, no matter how advanced the threats you are facing. It provides the safest possible key container, and gives full transparency and control.

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.