[Cryptography] Random number generation influenced, HW RNG
iang at iang.org
Tue Sep 10 02:30:14 EDT 2013
On 10/09/13 06:29 AM, John Kelsey wrote:
> But I am not sure how much it helps against tampered chips. If I can tamper with the noise source in hardware to make it predictable, it seems like I should also be able to make it simulate the expected behavior. I expect this is more complicated than, say, breaking the noise source and the internal testing mechanisms so that the RNG outputs a predictable output stream, but I am not sure it is all that much more complicated. How expensive is a lightweight stream cipher keyed off the time and the CPU serial number or some such thing to generate pseudorandom bits? How much more to go from that to a simulation of the expectdd behavior, perhaps based on the same circutry used in the unhacked version to test the noise source outputs?
The question of whether one could simulate a raw physical source is
tantalising. I see diverse opinions as to whether it is plausible, and
thinking about it, I'm on the fence.
I'd say it might be an unstudied problem -- for us. It's sounding like
an interesting EE/CS project, masters or PhD level?
If anyone has studied it, I'd bet fair money that the NSA has.
More information about the cryptography