[Cryptography] Fun with hardware RNGS: the Infinite Noise Multiplier
James A. Donald
jamesd at echeque.com
Sat Dec 7 23:14:33 EST 2013
On 2013-12-08 07:33, Jonathan Thornburg wrote:
> On Sat, 7 Dec 2013, Bill Cox wrote:
>> Someone asked for some more detail about the design. I've created a simple
>> web page describing the Infinite Noise Multiplier here:
>>
>> http://dev.vinux-project.org/RNG/
>
> I have several (somewhat related) devil's-advocate comments:
> [These actually apply to just about any hardware RNG]
>
> [I should emphasize that I'm *not* trying to be irritating here, i.e.,
> these are meant as *constructive* comments and implicit suggestions for
> how the design might be made more robust.]
>
> (1)
> It's really good that you checked that coupling in a 1 MHz sine wave
> doesn't ruin the randomness. But what about other nonrandom signals
> coupled in from the environment? Most real-world environments have a
> lot of RF floating around (not to mention 50/60Hz hum), and it would
> be nice to check a wide range of possible signals and
> places-or-sets-of-places-in-the-circuit-to-couple.
>
> (2)
> Checking for couplings with a spice model is good... but can we be sure
> that the behavior of the actual physical circuit matches that of the
> spice model in this regard? E.g., does the spice model accurately model
> all the parasitic capacitances between different circuit elements? If
> not, is there some argument that it's ok to neglect these?
>
> (3)
> If you have multiple copies of the circuit in close proximity, (how)
> do they perturb each other's operation? Particularly given that they
> probably all share a common clock to avoid Buridan's paradox. Maybe
> we need some shielding around each circuit? Or at least some buffer
> amps in the clock tree?
>
> (4)
> Instead of xoring 80 mildly-random bits, why not output them all and
> let software [test them and then] run them through your favorite
> cryptographic hash fn?
Looks to me that if you peturb this circuit, you will get a different,
but equally random set of bits, for, no matter what the peturbation, any
noise in the system gets amplified to infinity, even if the enemy is
injecting a signal that is cleverly designed to mess with it.
More information about the cryptography
mailing list