[Cryptography] Fun with hardware RNGS: the Infinite Noise Multiplier

Jonathan Thornburg jthorn at astro.indiana.edu
Sat Dec 7 16:33:59 EST 2013 

On Sat, 7 Dec 2013, Bill Cox wrote:
> Someone asked for some more detail about the design.  I've created a simple
> web page describing the Infinite Noise Multiplier here:
> 
> http://dev.vinux-project.org/RNG/

I have several (somewhat related) devil's-advocate comments:
[These actually apply to just about any hardware RNG]

[I should emphasize that I'm *not* trying to be irritating here, i.e.,
these are meant as *constructive* comments and implicit suggestions for
how the design might be made more robust.]

(1)
It's really good that you checked that coupling in a 1 MHz sine wave
doesn't ruin the randomness.  But what about other nonrandom signals
coupled in from the environment?  Most real-world environments have a
lot of RF floating around (not to mention 50/60Hz hum), and it would
be nice to check a wide range of possible signals and
places-or-sets-of-places-in-the-circuit-to-couple.

(2)
Checking for couplings with a spice model is good... but can we be sure
that the behavior of the actual physical circuit matches that of the
spice model in this regard?  E.g., does the spice model accurately model
all the parasitic capacitances between different circuit elements?  If
not, is there some argument that it's ok to neglect these?

(3)
If you have multiple copies of the circuit in close proximity, (how)
do they perturb each other's operation?  Particularly given that they
probably all share a common clock to avoid Buridan's paradox.  Maybe
we need some shielding around each circuit?  Or at least some buffer
amps in the clock tree?

(4)
Instead of xoring 80 mildly-random bits, why not output them all and
let software [test them and then] run them through your favorite
cryptographic hash fn?

The underlying problem in (1), (2), and (3) is that this circuit is --
by design -- very sensitive to tiny amounts of noise... so we have be
very paranoid that that "noise" isn't a nonrandom parasitic coupling
from somewhere else.

ciao,

-- 
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list