Randomness, Quantum Mechanics - and Cryptography

John Denker jsd at av8n.com
Tue Sep 7 13:58:59 EDT 2010


On 09/07/2010 10:21 AM, Marsh Ray wrote:

>> If anybody can think of a practical attack against the randomness
>> of a thermal noise source, please let us know.  By "practical" I
>> mean to exclude attacks that use such stupendous resources that
>> it would be far easier to attack other elements of the system.
> 
> Blast it with RF for one.

1) This is not an argument in favor of quantum noise over
thermal noise, because the same attack would be at least
as effective against quantum noise.

2) You can shield things so as to make this attack very,
very difficult.

3) The attack is detectable long before it is effective,
whereupon you can shut down the RNG, so it is at best a
DoS attack.  And then you have to compare it against
other brute-force DoS attacks, such as shooting the
computer with an AK-47.

> Typically the natural thermal noise amounts to just a few millivolts,
> and so requires a relatively sensitive A/D converter. This makes it
> susceptible to injected "unnatural noise" overloading the conversion and
> changing most of the output bits to predictable values.

Even the cheapest of consumer-grade converters has 16 bits of
resolution, which is enough to resolve the thermal noise and
still have _two or three orders of magnitude_ of headroom.  If
you are really worried about this, studio-grade stuff is still
quite affordable, and has even more headroom and better shielding.

How much RF are we talking about here?  At some point you can
undoubtedly DoS the RNG ... but I suspect the same amount of
RF would fry most of the computers, phones, and ipods in the 
room.

Is the RF attack in any way preferable to the AK-47 attack?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list