Use of TPM chip for RNG?

Anne & Lynn Wheeler lynn at garlic.com
Wed Jul 5 14:26:20 EDT 2006 

Peter Gutmann wrote:
> Exactly.  The FIPS 140 (strictly speaking X9.17/X9.31 PRNG) tests test a
> generator's determinism, not its nondeterminism.  In other word they generate
> a set of input/output pairs from a known-good generator and then make sure
> that the generator being certified produces the same output.  Actually getting
> nondeterminism into the process is quite tricky, and involves extremely
> careful and creative reinterpretation of the "DT vector" (date-and-time)
> input.  The non-creatively-interpreted generator depends for its strength
> entirely on the key chosen for the PRNG.  If it's constant across all devices,
> it'll pass the certification but its strength will be close to zero.

i.e. you have to actually understand what is being tested; fips, common 
criteria, etc. there was a presentation a couple years ago on common 
criteria certification for the same EAL4 level ... supposedly something 
like 64 certifications had been done to the same protection profile ... 
but in the fine print, something like sixty (of the 64) evaluations had 
some sort of (unspecified) deviations ... so you didn't even know that 
two "things" evaluated to the same level with supposedly the same 
protection profile ... were in any way comparable (assuming you actually 
have access to protection profiles that being used for the evaluations).

i believe some of the earlier mention chips
http://www.garlic.com/~lynn/aadsm24.htm#19 Use of TPM chip for RNG?

had been FIPS140 evaluated ... even tho that the 64k power on/off tests 
followed by RNG were found to have something like 30percent of the 
values repeat of some previous generated value.

we started seriously looking at aads chip strawman
http://www.garlic.com/~lynn/x959.html#aads

around '98 ... in part, support x9.59 transactions ... and mandated both 
on-chip keygen as well as EC/DSA ... both operations requiring fairly 
high integrity RNG. However, at the time, I somewhat facetiously claimed 
that we were going to take a $500 milspec part, cost reduce it by better 
than two orders of magnitude and at the same time improving its 
security/integrity. In any case, significantly higher RNG assurance was 
requiren that what was normally found in most chips.

I made somewhat the same claim in an assurance panel at spring 2001 IDF 
in the TPM track ... somewhat chiding the TPM people in the audience.

Another aspect of evaluation certification was that a lot of chips were 
evaluated straight out of the fab ... based on the characteristic of the 
chip at that moment. after that the appications and crypto were loaded 
onto the chip (so even for chips that might have some RNG capability, 
since the applications that might expose any RNG characteristics weren't 
yet loaded ... RNG wasn't part of the chip evaluation).

What we ran into with aads chip strawman ... was that key-gen and ec/dsa 
was built into the manufactored chip as it came from the fab. As a 
result key-gen and ec/dsa became part of the chip evaluation ... and 
formal definition of same, limited the evaluation level. this was even 
tho that other uses of very similar chips were able to claim much higher 
certification levels (since they were able to certify prior to loading 
various crypto and RNG related applications ... aka there were 
significant differences in the protection profiles that the 
certifications were based on).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list