Should we discontinue EVMs?

[Pranav]

Nor is there any denial of these allegations.

Printed microstrip antenna, or coiled antenna. Battery issues, power consumption in sleep state - that has all been clarified. The modified PCBs would be installed during the maintenance process by the EC-chosen maintenance contractors.

There is absolutely no proof, or even credible allegation that the EVMS are given out for maintenance my a contractor.

The ONLY mention of this is a single speech by a BJP legislator, which is NEVER repeated anywhere or anyone else. So, this is not a valid point.

[Pranav]

Machines would be pre-arranged in the desired order, and pulled out accordingly.

Also, the machines in a district are kept at the District HQ. There are roughly 550 constituencies and roughly 650 districts. Some districts containing large urban areas may have multiple constituencies, but generally there is one constituency per district. So the first level randomization becomes vacuous.

What would happen is that the serial numbers would be entered into the system, which would give out the allotments.

An opposition candidate might be satisfied if he were given the opportunity to pull out the machines one by one - that would amount to another level of randomization. But the the question arises as to which candidate should be given that right. So, even if any pulling out was being done, it would be done by EC appointees, which is far from satisfactory.

It is not humanly possible to selectively pull the machines in sequence without referring to a list and comparing the serial number. Since the process is done in view by everyone, this refer/verify can not be done.

Hence, the randomization process can not be corrupted.

[Pranav]

I am not saying it would be undetectable, but that the EC will not give any neutral party the opportunity to detect it. That accounts for their obsessively protective behaviour, going so far as to tell ridiculous lies about paper trails.

Printed microstrip antenna, or coiled antenna. Battery issues, power consumption in sleep state - that has all been clarified. The modified PCBs would be installed during the maintenance process by the EC-chosen maintenance contractors.

Pranav,

Regardless of whichever of the above tech. you use, it is pretty darn impossible to hide it on the PCB in such a way that the human eye cannot discern it. And sleep state does not mean pulling 0 amps - it is of the order of micro-amps hence, easily detectable.

In fact, if RM is able to come up with this tech, he can become a very rich man indeed (not that he is not one, now!).

[Dileep]

Nor is there any denial of these allegations.

Because it never came into the mainstream media.

[Dileep]

Machines would be pre-arranged in the desired order, and pulled out accordingly.

Also, the machines in a district are kept at the District HQ. There are roughly 550 constituencies and roughly 650 districts. Some districts containing large urban areas may have multiple constituencies, but generally there is one constituency per district. So the first level randomization becomes vacuous.

Impossible to sequence, unless the machines are kept in a single line.

The randomization is still done because the machines are batched into assembly consittuencies.

[Pranav]

Impossible to sequence, unless the machines are kept in a single line.

The randomization is still done because the machines are batched into assembly consittuencies.

EVMs would be kept on shelves in a systematic manner. Yes, there are multiple assembly constituencies per district, but the 1st level randomization becomes vacuous for most Lok Sabha constituencies.

[Pranav]

Nor is there any denial of these allegations.

Because it never came into the mainstream media.

It did - a mainstream newspaper report was posted.

[Dileep]

EVMs would be kept on shelves in a systematic manner. Yes, there are multiple assembly constituencies per district, but the 1st level randomization becomes vacuous for most Lok Sabha constituencies.

No. They are stacked 6 high. There is an instruction to that effect. I got is somewhere in my archive.

[Dileep]

It did - a mainstream newspaper report was posted.

Where? Can you re-post it?

Can't find anything on google either.

Added, after a lot of search.

OK, found it. Bangalore Mirror had one story, in which a BJP guy was claimed to be alleging that. But there is no other reference anywhere else. No such issue was raised by the BJP when they challenged the EC either.

I fail to see any reason why the Ec should respond to this.

[Pranav]

EVMs would be kept on shelves in a systematic manner. Yes, there are multiple assembly constituencies per district, but the 1st level randomization becomes vacuous for most Lok Sabha constituencies.

No. They are stacked 6 high. There is an instruction to that effect. I got is somewhere in my archive.

Still, it would easy remove them from the stacks in order.

In any case, for Lok Sabha elections, with 650 districts and 550 constituencies, the first level randomization becomes vacuous for most constituencies.

So, we can first focus on what can be done at the District HQ.

Later, we will look at transportation issues, then at the constituency-level strong room, and finally at the polling booth.

[Dileep]

So, we can first focus on what can be done at the District HQ.

Later, we will look at transportation issues, then at the constituency-level strong room, and finally at the polling booth.

Deal. Let us assume that the district has only one LS constituency. All the machines are kept in a warehouse under seal.

Then?

[Sachin]

Deal. Let us assume that the district has only one LS constituency. All the machines are kept in a warehouse under seal.

I have to say this. You seem to have completely read the Training Manual/Regulation manual for the Presiding Officers/Polling officers etc. You could actually any one of them at election time .

[Dileep]

Deal. Let us assume that the district has only one LS constituency. All the machines are kept in a warehouse under seal.

I have to say this. You seem to have completely read the Training Manual/Regulation manual for the Presiding Officers/Polling officers etc. You could actually any one of them at election time .

You got to do that when you deal with people like RM, who would sidestep a whole issue, but won't hesitate to call you a liar if you misquote one sentence.

No, I haven't read the complete manual, but I read everything that got to deal with the EVMs.

[Raja Bose]

Speaking of RM, where is he? - he ducked out once more after getting asked some tough questions - has he no concern of our post counts and quest for Oldie status?

[Dileep]

Speaking of RM, where is he? - he ducked out once more after getting asked some tough questions - has he no concern of our post counts and quest for Oldie status?

He must be doing what the politicians do best "Go to the people!"

[Rahul Mehta]

Speaking of RM, where is he? - he ducked out once more after getting asked some tough questions - has he no concern of our post counts and quest for Oldie status?

He must be doing what the politicians do best "Go to the people!"

Yes. For example, today, I am planning to distribute some pamphlets at Lal Darwaza Bus Stand etc. I have political life outside BR, and more often that takes precedence. I have counter-arguments against your arguments and will post them soon.

[Dileep]

When you are at it, please post how you arrived at the Rs200-700 rent payment theory on the Neta-Babu thread.

[Pranav]

So, we can first focus on what can be done at the District HQ.

Later, we will look at transportation issues, then at the constituency-level strong room, and finally at the polling booth.

Deal. Let us assume that the district has only one LS constituency. All the machines are kept in a warehouse under seal.

Then?

The machines are not under seal when kept in storage at the District HQ. If you have any information to the contrary, please post.

[Dileep]

Till the election process begins, the storage is under control of the DEO only. After the election process begins, they are double sealed by the DEO and the observers from EC, till the "preparation and commissioning" stage. After the preparation stage they are under seal by the candidates.

[Pranav]

Till the election process begins, the storage is under control of the DEO only. After the election process begins, they are double sealed by the DEO and the observers from EC, till the "preparation and commissioning" stage. After the preparation stage they are under seal by the candidates.

Right. So, after the last date for withdrawal of candidature, the DEO can enter the storage room at the District HQ with a battery and a key-pad, plug-in the control units one by one, and activate them. A specific area of the non-volatile memory (that is normally used for recording votes) is designated for activation data. Activation data includes start time for miscounting, end time for miscounting, the key to be favoured, and maybe a flag to indicate availability of activation data. When the machine is powered-on, it first checks the designated area to see if activation data is present.

[Pranav]

Very good powerpoint presentation on EVMs by Kirit Somayya of the BJP: http://www.kiritsomaiya.com/downloads/E ... 013.30.ppt

[vera_k]

Ouch. The pattern in Rellivalasa village booth 73 looks damning.

[Dileep]

Right. So, after the last date for withdrawal of candidature, the DEO can enter the storage room at the District HQ with a battery and a key-pad, plug-in the control units one by one, and activate them.

No. The godown gets sealed at the start of the election process, ie before nomination process starts. To be precise, they gets sealed by the observers when they visit the DEO to set things in motion.

A specific area of the non-volatile memory (that is normally used for recording votes) is designated for activation data. Activation data includes start time for miscounting, end time for miscounting, the key to be favoured, and maybe a flag to indicate availability of activation data. When the machine is powered-on, it first checks the designated area to see if activation data is present.

Deterrents:

1. Godown is sealed and double locked by the DEO and the observer, so both keys needed to open
2. Election process has started, so people will be suspicious of the movements.

And you assume that the EVMS have rigged code, which is conclusively proven to be impossible.

[Pranav]

No. The godown gets sealed at the start of the election process, ie before nomination process starts. To be precise, they gets sealed by the observers when they visit the DEO to set things in motion.

Please provide reference.

Deterrents:

1. Godown is sealed and double locked by the DEO and the observer, so both keys needed to open
2. Election process has started, so people will be suspicious of the movements.

And you assume that the EVMS have rigged code, which is conclusively proven to be impossible.

Is this the EC observer that you are talking about? That is not a deterrent. The EC observer can easily give a copy of his key to the DEO.

As regards rigged code, there is nothing impossible about it. But let us not get side-tracked here.

[Dileep]

Please provide reference.

Posted previously.

Is this the EC observer that you are talking about? That is not a deterrent. The EC observer can easily give a copy of his key to the DEO.

Increases the number of people involved, hence the deterrent.

Do you maintain that the DEO (district collector himself) walks in into the godown to do the modification?

What would be the burocratic system at the district HQ for the control of the godown?

As regards rigged code, there is nothing impossible about it. But let us not get side-tracked here.

OK. Let us take the single case of activation in the godown, under following conditions:

1. There is only one constituency under the DEO
2. The activation to happen before the "commissioning" stage, at which the godown gets publicly sealed.

Deal?

[Pranav]

Please provide reference.

Posted previously.

What page it is on?

Is this the EC observer that you are talking about? That is not a deterrent. The EC observer can easily give a copy of his key to the DEO.

Increases the number of people involved, hence the deterrent.

Do you maintain that the DEO (district collector himself) walks in into the godown to do the modification?

What would be the burocratic system at the district HQ for the control of the godown?

The EC is already compromised. The DEO is also appointed by the EC/Government. So this so-called deterrent is not much of a deterrent. In all likelihood, DEO will facilitate entry of an EC agent, rather than going himself.

Let us be clear that the the Government and EC is thoroughly corrupt. The political High Command was/is an asset of foreign intelligence agencies (http://www.boloji.com/myword/mw042.htm). India is one of the most corrupt countries in the world. So having a child-like trust in these entities or in any of their appointees is like asking the the fox to guard the hen-house.

2. The activation to happen before the "commissioning" stage, at which the godown gets publicly sealed.

Deal?

Activation will happen after the so-called "sealing".

[Dileep]

What page it is on?

Find out yourself.

The EC is already compromised. The DEO is also appointed by the EC/Government. So this so-called deterrent is not much of a deterrent. In all likelihood, DEO will facilitate entry of an EC agent, rather than going himself.

Answer the question. What is the system of control of the godown at the district HQ? And how will that be compromised?

Let us be clear that the the Government and EC is thoroughly corrupt.

Yes, but let us also be clear that among the govt employees (Chief Secretary to the sweeper) who run the system, there are a mix of corrupt and honest people, and also almost everyone have affiliation to a party, or are independent.

That balances things out.

The political High Command was/is an asset of foreign intelligence agencies (http://www.boloji.com/myword/mw042.htm).
India is one of the most corrupt countries in the world. So having a child-like trust in these entities or in any of their appointees is like asking the the fox to guard the hen-house.

That is Rhetoric, and will not be considered part of the debate.

Activation will happen after the so-called "sealing".

Be specific. When?

[ArmenT]

What page it is on?

Page 3 of this thread. Check the link to the handbook of procedures (chapters XII and XIII). There is a pretty good explanation of the randomization procedure as well.

[Dileep]

ArmenT, do you think Pranav is really interested in finding out which page it is? I know he had read the handbook, because he had quoted from that in the past. He is just playing a game by posting one liners, and I am playing along on the same line.

Serves the purpose of post_count++, no?

If the question was genuine, I would have given all the references needed right here.

[Rahul Mehta]

Dileep,

Adding random bytes at the end of the code is a well accepted standard practice. The manual you showed not just advices but insists to the coders that they should add random bytes. You may claim that zero-padding is better option, but that does not prove anything.

Essentially, I have to show that with 8-10 people in BEL, tempered code can be inserted. So BEL Chief, EVM Software Head and EVM team lead are the only three people I need to insert the tempered code. The tempered code is encrypted and added after the actual code. The encrypted code is posed as random bytes during peer review and unsuspecting eyes will not even notice. And since adding random bytes is a standard practice, this will pass.

Now the logic to decrypt and execute the additional code hidden in random bytes is in microcode. So Hitachi send two boxes.

1. Box-A has actual chip and

2. Box-B has same chip with same code in ROM, but the microcode (gate layout) in Box-B chips have logic to decode the encrypt bytes and execute the tempered code.

Now in production round, Box-A is tested to death and nothing will come out as Box-A has untempered chips. After testing, when chips go to PCB unit, the boxes are replaced by BEL chief and store employees. Once the chip goes on PCB, no one will open the chip and do gate level examination. After that, only functional testings are done.

So I need BEL Chief, EVM Software Head, EVM Coding Team lead and 2-3 persons in-charge of stores, and no one else. With these people, tempered code is now inside the chip and kicking.

======

Also, whole of the trojan can be implemented in microcode. In such case, BEL chief has to only ensure that the box gets replaced after testing. So he needs only 2-4 people in storage units. So whole testing is done with real chips. And right before they are to go in PCB making units, these chips are replaced by tempered chips. The tempered chips have same ROM code but different microcode. And since no one opens a chip after PCB is made, no one will notice that chip is different. So requirement further decreases. I need ZERO person in software team. I need BEL chief and I need key people in store area to replace chips.

=====

Attn Pranav,

EC gives a testing script to all DCs to test all EVMs. DCs pass this script to Talati level people. The script requires Talaties to punch in some keys and then note down the results. And these results must match with what is shown in the script. So we can assume that Talaties will be dutifully punching the keys as mentioned in the script, except some stray mistakes. This script, if different for different Constituencies, can have required trojan inputs for each Constituency. And it is possible that script is sent AFTER candidate number is issued. In such case, the testing script can be the trojan input. So no seal needs to be broken, no voter needs to be sent to booth and no one needs to break in the room to punch in the trojan's input.

[Pranav]

What page it is on?

Find out yourself.

Dileep, one does not have an unlimited amount of time. So, if you are making use of any sources, it will help if you cite the reference (with specific page number, in case of multi-page document).

Answer the question. What is the system of control of the godown at the district HQ? And how will that be compromised?

Any procedure can be compromised, and is routinely compromised in a corrupt country like India. If you can provide the procedure (together with proper reference - no hypothetical systems please), I will show how it can be compromised.

Yes, but let us also be clear that among the govt employees (Chief Secretary to the sweeper) who run the system, there are a mix of corrupt and honest people, and also almost everyone have affiliation to a party, or are independent.

That balances things out.

The point is that the government controls all appointments and transfers, and puts its own people in all the sensitive positions. That is why people like Manmohan Singh are still running free, despite the innumerable scams. Do you think Manmohan is not complicit in covering up humongous scams?

Activation will happen after the so-called "sealing".

Be specific. When?

Any time between the fixing of the candidates by the major parties and the checking of the EVMs.

[Pranav]

What page it is on?

Page 3 of this thread. Check the link to the handbook of procedures (chapters XII and XIII). There is a pretty good explanation of the randomization procedure as well.

Are you talking about the handbook for returning officers? I did not find what Dileep was mentioning in a quick scan.

[Dileep]

Adding random bytes at the end of the code is a well accepted standard practice. The manual you showed not just advices but insists to the coders that they should add random bytes. You may claim that zero-padding is better option, but that does not prove anything.

Show some reference for the random bytes padding.

OTOH, below are several links that specifically discuss what to do with the unused space, and why.

Link1
Link2
Link3
Link4
Link5
Link6
Link7
Link8
Link9

It clearly shows that RANDOM bytes are NEVER a valid option.

If someone claims that random bytes are needed, he can not provide even one valid reason for the use, so it is not going to fly.

Essentially, I have to show that with 8-10 people in BEL, tempered code can be inserted. So BEL Chief, EVM Software Head and EVM team lead are the only three people I need to insert the tempered code.

No. If the team lead specifies random bytes fill, that is going to be questioned on the basis of being a reliability and security hazard, as mentioned in the links above.

The tempered code is encrypted and added after the actual code. The encrypted code is posed as random bytes during peer review and unsuspecting eyes will not even notice. And since adding random bytes is a standard practice, this will pass.

Random Bytes is NOT standard practice. In fact it is dangerous practice.

Now the logic to decrypt and execute the additional code hidden in random bytes is in microcode. So Hitachi send two boxes.

1. Box-A has actual chip and

2. Box-B has same chip with same code in ROM, but the microcode (gate layout) in Box-B chips have logic to decode the encrypt bytes and execute the tempered code.

The quantity of chips ordered, shipped and consumed should be consistent everywhere, in all records. So, shipping duplicate chips is IMPOSSIBLE.

Now in production round, Box-A is tested to death and nothing will come out as Box-A has untempered chips. After testing, when chips go to PCB unit, the boxes are replaced by BEL chief and store employees. Once the chip goes on PCB, no one will open the chip and do gate level examination. After that, only functional testings are done.

It is IMPOSSIBLE to ship duplicate quantities of chips into BEL, because the quantity records go through the entire logistics process.

So I need BEL Chief, EVM Software Head, EVM Coding Team lead and 2-3 persons in-charge of stores, and no one else. With these people, tempered code is now inside the chip and kicking.

Refer to the process. See how many people are responsible to do what you allege. Count them and specify them here by designation.

Also, whole of the trojan can be implemented in microcode. In such case, BEL chief has to only ensure that the box gets replaced after testing. So he needs only 2-4 people in storage units. So whole testing is done with real chips. And right before they are to go in PCB making units, these chips are replaced by tempered chips. The tempered chips have same ROM code but different microcode. And since no one opens a chip after PCB is made, no one will notice that chip is different. So requirement further decreases. I need ZERO person in software team. I need BEL chief and I need key people in store area to replace chips.

It is IMPOSSIBLE to get duplicate quantities of chips into the system, as the quantity paperwork pass through the entire logistics chain.

Count the people involved and specify by designation here.

EC gives a testing script to all DCs to test all EVMs. DCs pass this script to Talati level people. The script requires Talaties to punch in some keys and then note down the results. And these results must match with what is shown in the script. So we can assume that Talaties will be dutifully punching the keys as mentioned in the script, except some stray mistakes. This script, if different for different Constituencies, can have required trojan inputs for each Constituency. And it is possible that script is sent AFTER candidate number is issued. In such case, the testing script can be the trojan input. So no seal needs to be broken, no voter needs to be sent to booth and no one needs to break in the room to punch in the trojan's input.

There is no such action done by the election officials. Anything that got to be done on the election system, not only the EVM, not everything else, come as an order from the EC.

Also, by the procedure, anything that needs to be done with the EVM should be done in the presence of the reps of the candidate.

[Raja Bose]

Adding random bytes at the end of the code is a well accepted standard practice.

Really? You amaze me, sir. Please show us which all companies follow this well-accepted standard practice since I am yet to come across one which follows the above?

The manual you showed not just advices but insists to the coders that they should add random bytes. You may claim that zero-padding is better option, but that does not prove anything.

Please post the link in the manual where it says the above.

[Dileep]

Dileep, one does not have an unlimited amount of time. So, if you are making use of any sources, it will help if you cite the reference (with specific page number, in case of multi-page document).

Ask nicely, and you shall receive..

Compendium of instructions vol 1 http://eci.nic.in/ElectoralLaws/compendium/vol1.pdf
Instruction Sl 61, page 161. There is also an older instruction on page 141.

Any procedure can be compromised, and is routinely compromised in a corrupt country like India. If you can provide the procedure (together with proper reference - no hypothetical systems please), I will show how it can be compromised.

The govt offices use the office management manual, which is based on the Tottenham system. According to that, the godown will be managed by a chain of Collector->ADC->ASO->Clark->Peon. there will be log book and a file for the godown.

The point is that the government controls all appointments and transfers, and puts its own people in all the sensitive positions. That is why people like Manmohan Singh are still running free, despite the innumerable scams. Do you think Manmohan is not complicit in covering up humongous scams?

Rhetoric doesn't answer questions.

Any time between the fixing of the candidates by the major parties and the checking of the EVMs.

OK. So, it is after the observer seals the godown, but before the machines are taken for check. Fine.

Then?

[Dileep]

RB, the Atmel manual does say the following:

When using the encryption array, one important factor needs to be considered. If a byte has the
value FFh, verifying the byte will produce the encryption byte value. If a large block (>64 bytes)
of code is left unprogrammed, a verification routine will display the content of the encryption
array. For this reason all the unused code bytes should be programmed with random values.
This will ensure program protection.

Obviously this is written by someone who did not think it through. In this particular scenario, programming with '0' should be the recommended action, because it will satisfy all needs.

[Raja Bose]

^^^ It is interesting that someone has written that in a manual (and it has survived)....I have never seen random bytes being used for this purpose ever.

[Rahul Mehta]

^^^ It is interesting that someone has written that in a manual (and it has survived)....I have never seen random bytes being used for this purpose ever.

RB,

Just because you have never seen it, does not mean that nobody in industry does it. The manual is written by person with years of experience and manuals go thru several reviewers and 1000s of readers.

So BEL coder can cite the manual and justify adding random bytes at the end of the code. Given that BEL software unit head is also part of the operation, there will not be any problem.

===

Dileep, RB,

BEL ordered 100k CPUs from Hitachi. So Hitachi or CIA or anyone can get 100k CPUs which are copy except that

1. microcode is superset and entire modulo-5 trojan in it OR

2. microcode is superset and has code to decode the encrypted trojan in random-looking bytes.

The Hitachi or CIA will not deliver data of duplicate CPUs to BEL. Thats would like Telgi putting "this stamp paper is duplicate" stamp. Now at the time of verification of gate level design of the chip (if at all BEL did take such a step), original CPU chips were used. And once gate level testing was finished, boxes were replaced. So PCB unit got tempered chips which were functionally same as original chips. And no one checks the chip after they go on PCB.

Btw, I have friends who worked for ASIC making company in Ahmedabad. I asked if their clients ever check gate level design of the chips they send. Their opinion is that clients confine to power/functional testing. No one except may be hackers would bother to examine chip's gate level design and all the connections at gate level with some raw equipment. AFAITK, none of their clients ever checked chips at gate level. So your assumption that BEL checked gate level design of the chip is way outside standard industry processes.

So in case (1), I dont need any person in software division of BEL or even hardware level. i just need 3-4 key people in storage area to swap the boxes after testing and before PCB making starts.

So in case (2), I need 2 person in software division of BEL, none in HW division, none in testing, none in PCB unit. I just need 3-4 key people in storage area to swap the boxes.

[Dileep]

Just because you have never seen it, does not mean that nobody in industry does it. The manual is written by person with years of experience and manuals go thru several reviewers and 1000s of readers.

All you got is one manual (not an application note). I have posted BOOKS of reference that clearly specify why the fill should be done certain way, with the technical explanation.

So BEL coder can cite the manual and justify adding random bytes at the end of the code. Given that BEL software unit head is also part of the operation, there will not be any problem.

The code is reviewed at multiple levels, not only at BEL, but also cross review by ECIL and BEL.

It is IMPOSSIBLE to argue for it and win.
[/quote]

BEL ordered 100k CPUs from Hitachi. So Hitachi or CIA or anyone can get 100k CPUs which are copy except that

1. microcode is superset and entire modulo-5 trojan in it OR

2. microcode is superset and has code to decode the encrypted trojan in random-looking bytes.

The Hitachi or CIA will not deliver data of duplicate CPUs to BEL.
Thats would like Telgi putting "this stamp paper is duplicate" stamp. Now at the time of verification of gate level design of the chip (if at all BEL did take such a step), original CPU chips were used. And once gate level testing was finished, boxes were replaced. So PCB unit got tempered chips which were functionally same as original chips. And no one checks the chip after they go on PCB.

If BEL has ordered 100K chips, how can you send 100K good chips and 100K tampered chips? You can send only 100K chips in total. Quantities are always checked at multiple levels in the logistics chain, so shipping double the quantity is IMPOSSIBLE.

Btw, I have friends who worked for ASIC making company in Ahmedabad. I asked if their clients ever check gate level design of the chips they send. Their opinion is that clients confine to power/functional testing. No one except may be hackers would bother to examine chip's gate level design and all the connections at gate level with some raw equipment. AFAITK, none of their clients ever checked chips at gate level. So your assumption that BEL checked gate level design of the chip is way outside standard industry processes.

The argument was, it is possible to verify it any time, if needed.

Thank you VERY MUCH for admitting that POWER is tested. Any additional circuitry on the chip is going to increase the current draw and fail the test. You had sidestepped this earlier.

So in case (1), I dont need any person in software division of BEL or even hardware level. i just need 3-4 key people in storage area to swap the boxes after testing and before PCB making starts.

So in case (2), I need 2 person in software division of BEL, none in HW division, none in testing, none in PCB unit. I just need 3-4 key people in storage area to swap the boxes.

First, explain how twice the number of chips will be shipped in.

Second, specify the 3-4 people by designation.

[Rahul Mehta]

The code is reviewed at multiple levels, not only at BEL, but also cross review by ECIL and BEL. It is IMPOSSIBLE to argue for it and win.

BEL says that only 3-5 people know the code. Also, code review would mostly involve source code review and not the compiled code and surely not the random bytes.

If BEL has ordered 100K chips, how can you send 100K good chips and 100K tampered chips? You can send only 100K chips in total. Quantities are always checked at multiple levels in the logistics chain, so shipping double the quantity is IMPOSSIBLE.

errr ... the 100k tempered chips are sent "off the record". I did not say that Hitachi sent two boxes marked as "good chip - to be used for testing" and "tempered chip - to be used in PCBs". And the tempered are not sent directly to BEL but sent to BEL chief. And later he got actual boxes replaced with tempered chips with the help of key people in the store area. Only 3-4 people are needed here. The people in store are wont even notice which boxes go and come, as long as they have gate passes.

Rahul Mehta: Btw, I have friends who worked for ASIC making company in Ahmedabad. I asked if their clients ever check gate level design of the chips they send. Their opinion is that clients confine to power/functional testing. No one except may be hackers would bother to examine chip's gate level design and all the connections at gate level with some raw equipment. AFAITK, none of their clients ever checked chips at gate level. So your assumption that BEL checked gate level design of the chip is way outside standard industry processes.

Dileep: The argument was, it is possible to verify it any time, if needed.

Possible? Pls get Supreme Court order to examine some 10000 EVMs' gate level design. Is that possible for you?

Thank you VERY MUCH for admitting that POWER is tested. Any additional circuitry on the chip is going to increase the current draw and fail the test. You had sidestepped this earlier.

Power is tested during chip testing and NOT after PCB is made. After PCB is made, there are too many components that draw power and so unless something is way too much off, no one will bother. And also, power testing is done, but if addition in circuit is just 1%, then increase in power will be also just 1% and will pass within tolerable limits. So unless gate level design was tested, power test will not give any indications.

1. First, explain how twice the number of chips will be shipped in.

2. Second, specify the 3-4 people by designation.

1. ??? CIA made duplicate chips and sent them to BEL chief. Big deal !!

2. In the process babal you posted, you have not posted people in-charge of store area. Also, you have only mentioned titles and salaries, not given job descriptions. Essentially, the person in storage area have to change the boxes. I dont know the exact designations BEL uses for them

======

Once again, I want to re-confirm : Do chips have serial numbers inside them?