[Cryptography] Fun with hardware RNGS: the Infinite Noise Multiplier

[Viktor Dukhovni]

On Sun, Dec 08, 2013 at 02:14:33PM +1000, James A. Donald wrote:

> Looks to me that if you peturb this circuit, you will get a
> different, but equally random set of bits, for, no matter what the
> peturbation, any noise in the system gets amplified to infinity,
> even if the enemy is injecting a signal that is cleverly designed to
> mess with it.

That would be true of the mathematically ideal circuit.  Yes, the
baker's transformation is ergodic.  However, the physical circuit
has finite sensitivity.  Noise below a certain threshold or above
certain frequencies may not elicit any response.

Given sufficiently little noise, if the circuit ever chances on an
output sufficiently close to zero, it may output zeros forever
after.  In any case, with sufficiently little noise a discrete
system with finite sensitivity becomes deterministic.  If the system
can be in N states, then the period of doubling mod N is at best
phi(N).

Counting the number states of a thermal system and estimating noise
brings us right back to physical entropy.  What's special about
this particular circuit is the ergodicity and rapid diffusion of
the ideal classical dynamics.  Claims that the classical model
matches the real behaviour to infinite precision are rather suspect.
One needs to assume sufficiently linear response to the ambient
thermal noise in the presence of whatever signal the adversary can
super-impose.

If super-imposed signals can reduce sensitivity to the noise, or
the noise is too weak in the first place (sufficient cooling?),
the ideal model may fail to be a good match for reality.

-- 
	Viktor.