[Cryptography] Fun with hardware RNGS: the Infinite Noise Multiplier

James A. Donald jamesd at echeque.com
Sat Dec 7 23:14:33 EST 2013 

On 2013-12-08 07:33, Jonathan Thornburg wrote:
> On Sat, 7 Dec 2013, Bill Cox wrote:
>> Someone asked for some more detail about the design.  I've created a simple
>> web page describing the Infinite Noise Multiplier here:
>>
>> http://dev.vinux-project.org/RNG/
>
> I have several (somewhat related) devil's-advocate comments:
> [These actually apply to just about any hardware RNG]
>
> [I should emphasize that I'm *not* trying to be irritating here, i.e.,
> these are meant as *constructive* comments and implicit suggestions for
> how the design might be made more robust.]
>
> (1)
> It's really good that you checked that coupling in a 1 MHz sine wave
> doesn't ruin the randomness.  But what about other nonrandom signals
> coupled in from the environment?  Most real-world environments have a
> lot of RF floating around (not to mention 50/60Hz hum), and it would
> be nice to check a wide range of possible signals and
> places-or-sets-of-places-in-the-circuit-to-couple.
>
> (2)
> Checking for couplings with a spice model is good... but can we be sure
> that the behavior of the actual physical circuit matches that of the
> spice model in this regard?  E.g., does the spice model accurately model
> all the parasitic capacitances between different circuit elements?  If
> not, is there some argument that it's ok to neglect these?
>
> (3)
> If you have multiple copies of the circuit in close proximity, (how)
> do they perturb each other's operation?  Particularly given that they
> probably all share a common clock to avoid Buridan's paradox.  Maybe
> we need some shielding around each circuit?  Or at least some buffer
> amps in the clock tree?
>
> (4)
> Instead of xoring 80 mildly-random bits, why not output them all and
> let software [test them and then] run them through your favorite
> cryptographic hash fn?


Looks to me that if you peturb this circuit, you will get a different, 
but equally random set of bits, for, no matter what the peturbation, any 
noise in the system gets amplified to infinity, even if the enemy is 
injecting a signal that is cleverly designed to mess with it.

More information about the cryptography mailing list