Computers with provable immunity against hacking

I am the designer of the Dauug | 36 open-source minicomputer for critical infrastructure, where the end user has the final say in all design and manufacturing aspects of the hardware.

Unlike contemporary computers that contain non-inspectable, proprietary semiconductor complex logic such as microprocessors, FPGAs, PLDs, and ASICs, the Dauug | 36 architecture is built using surface-mount technology using only simple, generic components with dependable characteristics. Inside its security perimeter, a Dauug | 36 contains only these logic elements:

• buffer
• inverter
• AND
• OR
• NAND
• NOR
• XOR
• D flip-flop
• SRAM

It is this last component, synchronous static RAM or SRAM, that makes Dauug | 36 a competitive machine for many of today's applications. The architecture is entirely open-source, and physical inspection of an assembled system requires only millimeter-scale visual observation and continuity testing. Only maker-scale assembly tools are necessary, allowing the builder to use hot air hand soldering with tweezers, a reflow oven with a small pick-and-place machine, or any combination. Neither a semiconductor foundry nor purchased VLSI complex logic are involved in sourcing the minicomputer.

Dauug | 36 security benefits

Dauug | 36 was designed from scratch to exclude exploitable hardware defects, whether they originate in longstanding custom (e.g. arithmetic wraparound), undue complexity (e.g. RowHammer, Spectre, Meltdown), or intentional backdoors (e.g. Clipper). There is no dependence on foreign countries—regardless of where you are—or semiconductor companies for trustworthiness, because the system owner's own soldering and firmware determines the logical connectivity and operation of the computer. There isn't a microprocessor or anything like one anywhere in the design.

Compare the following Dauug | 36 characteristics to any other computer architecture on the planet, and decide for yourself.

• Sticky, consistent overrange flag for arithmetic
• Stratified opcodes for heterogeneous register signedness
• No privilege escalation via stack
• No access to stack except via CALL and RETURN variants
• Code and stack memory inaccessible via LD and STO opcodes
• No branch to addresses not hardcoded in CALL or JUMP
• Faultless paged virtual memory without overcommit
• No privilege escalation via CPU
• No DRAM or DRAM-associated vulnerabilities
• No VLSI complex logic except in attached peripherals
• Every peripheral isolated to its own bus and buffer memory
• No CPU persistent state except for one firmware IC
• No MEMS oscillator for age- and frequency-selected attacks
• No firmware modification without physical access
• No parts that can’t be hand-soldered and probed afterward
• No secret functionality
• No unexplainable S-box constants
• No vendor lock-in
• No encrypted or closed-source firmware
• No license fees to build, use, or modify
• No purpose-of-use limitations
• No planned obsolescence
• No right-to-repair infringements

Because Dauug | 36 is built at human-visible scale, the speed of light and capability of the underlying components produce a different kind of computer than any other on the planet. Compared to recent single-board computers, a Dauug | 36 minicomputer is larger (about 25 x 25 cm), more costly ($1,000 - $2,000), slower (about 16 million instructions per second, or MIPS), offers less primary storage (4Mi x 36 bits code + 8Mi x 36 bits data), and requires more power (10 watts anticipated). Moreover, Dauug | 36 breaks compatibility with every prior computer on the planet so that its design can be correct. But for applications where these drawbacks are acceptable (and there are more than most people realize), provable immunity to hacking makes this architecture very attractive.

Present status and progress toward availability

• An electrical simulation of the circuit board works for some 190 opcodes.
• The maximum simulated speed is 16.729 MIPS across −40 °C to +85 °C.
• Paged virtual memory and preemptive multitasking work correctly.
• Paravirtualized I/O is available via the simulation.
• A boot loader, several sample programs, and dozens of regression tests work.
• An operating system kernel is written, working, and documented.
• The design still needs an I/O subsystem and a firmware loader. These tasks are up next.
• A clock skew concern also remains to be addressed.
• I will build a physical prototype once I am satisfied with the hardware design.

System documentation is available here.

Once the prototype is working, anyone who downloads the hardware design and firmware will be able to replicate the machine.

Ways to get involved

Are you passionate about funding projects that support global stability, civil rights, critical infrastructure protection, and the rule of law? I'd love to hear about your portfolio.

Are you a formal or informal journalist? Let's get the word out that we can democratize our computer hardware as never before.

Do you like to lurk around geeky documentation for unusual systems? Try my 460-page dissertation, and drop me a line if you're so inclined.

Are you a parser for a noteworthy academic electronic index? I would appreciate a timely metadata update for this preprint.

If you're in a position to donate defect-free code, contributions such as the following would be most welcome:

• Support for integer division
• Floating point like IEEE 754-2019, but with 36- and 72-bit formats
• Floating point for compatibility (32- and 64-bit formats)
• More assembler features
• Lightweight operating system
• Lightweight scripting language
• Lightweight programming language
• Minimalist toolchain that can be audited
• I/O device drivers
• TCP/IP stack
• TLS 1.3
• New block cipher to leverage architecture
• Formal verification (similar to seL4 or INTEGRITY-178B)

For more information

Are you looking for a softcopy of a booklet I mailed you? Download the preprint.

• Dissertation on “solder-defined” computers that can't be hacked
• Dauug | 36 system documentation
• Preprint for an open journal (above two resources updated and combined, and then shortened)
• Podcast: “Apocalypse not: Practical security against state-sponsored shenanigans”

Micro-CV

• B.S., Engineering and Applied Science, Caltech, 1991.
• Ph.D., Computer Science and Engineering, Wright State University, 2022.