[Cryptography] True RNG: elementary particle noise sensed with surprisingly simple electronics
David Johnston
dj at deadhat.com
Sun Sep 18 19:25:15 EDT 2016
On 9/18/16 12:55 PM, sebastien riou wrote:
> "Shrinking entropy sources comes from (a) better circuits and (b) better
> extractor theory"
>
> Could you point to some literature ?
>
This paper
http://www.deadhat.com/papers/uRNG.pdf is one we built, based on a
circuit we developed and a paper I found.
It was and may still be the smallest, most efficient secure RNG in terms
of joules per bit and bits/s/W. It started with this youtube video:
https://www.youtube.com/watch?v=ZzsFb-6wvoE (skip to minutes 41-42)
leading to the paper:
http://www.boazbarak.org/Papers/msamples.pdf
which itself has lots of references worth following.
The circuit was described here:
http://ftp.ece.villanova.edu/perry/cyber-sec/references/IEEE-VLSI-Circuits-2010-Random.pdf
Since then there have been lots more papers on extractor theory, some of
which express efficient structures, some don't. Most are unreadable to
non mathematicians and this has limited the rate of adoption. Here's one
- I defy you to find the extractor in there in under 5 minutes and then
describe it in actual operations on bits and bytes:
http://research.microsoft.com/en-us/um/people/yael/publications/2009-2-source.pdf
This pair of papers made the news in 2015, but I never could work out
what the actual algorithm was. It reads like they proved a function
exists, but don't define any specifics. It's on my list of papers to
decode. We've had good (by my definition of good) 2 source extractors
since 2006 and I don't know what makes these better:
http://eccc.hpi-web.de/report/2015/119/
https://arxiv.org/pdf/1508.01115.pdf
I'm not asserting that the improved extractors are recently described,
I'm saying it took a good decade for anyone to notice, decrypt the terse
descriptions and start building them in silicon.
I suspect the largely useless Von Neumann whitener and the related Yuval
Perez whitener were so often used and used wrongly (E.G. with serially
correlated sources) because the algorithms in the papers were
comprehensible to engineers, but the preconditions were not.
DJ
More information about the cryptography
mailing list