[Cryptography] A TRNG review per day: Turbid
clemens at ladisch.de
Tue Oct 28 17:28:40 EDT 2014
Bill Cox wrote:
> Turbid ideally uses a 24-bit sound card, though a 16-bit might work. I see
> a Creative Labs Sound Blaster 24-bit audio card at New Egg. Is this the
> sort of card recommended?
Creative builds many kinds of cards, good ones and somewhat cheap ones.
Turbid needs a sensitive input because its proof of the entropy lower
bound requires that the thermal noise of the resistor at the input
connector (assuming that such a resistor exists) can be measured. Even
a bad sound card can have a high enough sensitivity if it amplifies its
input by a large enough factor (a bad sound card will add more noise,
but that does not matter for the proof).
24-bit cards do not need much amplification and should be good enough.
> On Mon, Oct 27, 2014 at 4:47 PM, Clemens Ladisch <clemens at ladisch.de> wrote:
>> Bill Cox wrote:
>>> Sound outputs will be correlated when sampled at high speed.
>> If the output contains _only_ white noise, there will be the same amount
>> of noise at all frequencies, so the sample rate would not matter.
> This is inaccurate. White noise with energy in every frequency would have
> infinite energy and destroy the universe.
Thermal noise will go high enough for any sampling rate we can use.
> In this application, I believe the frequency of interest is the cutoff
> frequency of the anti-aliasing filter, which is somewhat lower than
> 1/2 the sample rate (Niquist frequency).
Sound cards do not have single anti-aliasing filter.
A typical ADC chip has a delta-sigma modulator running at about 6 MHz,
which requires an external analog filter that reduces noise at that
frequency. The modulator is followed by a digital decimation filter
that goes very near the Nyquist frequency of the currently used sample
rate. (There also is a high-pass filter to remove any DC offset from
> If you sample at the maximum supported sample frequency, you will do a
> better job capturing the entropy that is there, but sampling at a rate
> beyond the anti-aliasing filter cut-off frequency ...
This cut-off frequency is not independent of the sample rate.
> Turbid, from what I read in the paper, does not adaptively estimate
> entropy, which makes it's health monitor fairly weak, IMO.
Does it monitor anything _at all_? As far as I can see, it blindly
stuffs samples into the hash function and trusts the calibration (and
that nobody attenuated or muted the input, accidentally or not).
More information about the cryptography