[Cryptography] Random number generation influenced, HW RNG

ianG iang at iang.org
Tue Sep 10 02:30:14 EDT 2013

On 10/09/13 06:29 AM, John Kelsey wrote:
>   But I am not sure how much it helps against tampered chips.  If I can tamper with the noise source in hardware to make it predictable, it seems like I should also be able to make it simulate the expected behavior.  I expect this is more complicated than, say, breaking the noise source and the internal testing mechanisms so that the RNG outputs a predictable output stream, but I am not sure it is all that much more complicated.  How expensive is a lightweight stream cipher keyed off the time and the CPU serial number or some such thing to generate pseudorandom bits?  How much more to go from that to a simulation of the expectdd behavior, perhaps based on the same circutry used in the unhacked version to test the noise source outputs?

The question of whether one could simulate a raw physical source is 
tantalising.  I see diverse opinions as to whether it is plausible, and 
thinking about it, I'm on the fence.

I'd say it might be an unstudied problem -- for us.  It's sounding like 
an interesting EE/CS project, masters or PhD level?

If anyone has studied it, I'd bet fair money that the NSA has.


More information about the cryptography mailing list