( ESNUG 289 Item 9 ) ----------------------------------------------- [5/13/98]
Subject: ( ESNUG 287 #5 288 #1) "Crack VMC & Win $75,000" Is A Rigged Bet
> I think I agree that, if the compiled model DOES NOT CONTAIN the info
> which is needed to reconstruct the source to the level required by the
> contest, then this is not only a sucker bet but also a red herring. It's
> a sucker bet because, it's like having a contest to decompile a C program
> where you can't win unless you recreate the original variable names - and
> where the binary has been stripped so that information isn't available.
> ... It's rather disingenuous to imply that only decrypting information
> which doesn't even exist constitutes "breaking" the encryption!
>
> - Howard Landman
> Toshiba America Electronic Components
From: "Rob Dekker" <robd@gowebway.com>
Hi John,
I'm Rob Dekker. Used to be director of engineering at Exemplar. Now, I'm
an indepenant consultant.
With some free time on my hand, I decided to take a look at the VMC contest.
Without a simulator, I went for the real thing: try to get the RTL code
back. I boldly digged into the compiled code. After three days, I got the
feeling that I'm tricked into an impossible task. This is compiled code,
and it looks like the references to internal signal names are not there.
I can only find port names. So how can I recover the RTL source? Is it
even possible? Or should I try to recover just the behavior? (Which is,
by the way, already a big challenge).
- Rob Dekker
Gowebway
---- ---- ---- ---- ---- ---- ----
From: Moe Shahdad <mshahdad@Synopsys.COM>
John,
I am the product manager for VMC, and I believe that Howard has raised a
number of interesting issues ( ESNUG 288 Item 1 ):
1. VMC does not strip any information, rather it converts the information
to a protected compiled form. Therefore, it is mathematically possible
to recover the source. However, we believe that this is a very difficult
task as it should be, and that's why you can win a Humvee. The primary
reason for this difficulty is that, unlike encryption, there is not a
one-to-one mapping between the source and target, i.e., there may be
many source constructs that match a given object construct.
2. With regard to the $18,000 prize, again all the information is present
in the object. Furthermore, this is a less difficult task because you
don't have to generate the equivalent source. You can use the data
sheet, the behavior of the model, and whatever you can extract from the
object code to create the original IP. This is a doable task, but
difficult.
With regard to needing years to solve the problem, that is exactly our
point. It is preferable to need years to break up a VMC object, rather
than years to litigate in the courts to win damages for unauthorized use of
IP. Hopefully, by the time a VMC object is broken the IP has run its
normal life cycle, and the owner has had the time to create new ones.
- Moe Shahdad
Synopsys VMC Marketing
[ Editor's Note: Go to http://www.synopsys.com/secureip if you want to
try your own hand at this code cracking contest. - John ]
|
|
