[Cryptography] A TRNG review per day: Turbid

Clemens Ladisch clemens at ladisch.de
Tue Oct 28 17:28:40 EDT 2014

Bill Cox wrote:
> Turbid ideally uses a 24-bit sound card, though a 16-bit might work.  I see
> a Creative Labs Sound Blaster 24-bit audio card at New Egg.  Is this the
> sort of card recommended?

Creative builds many kinds of cards, good ones and somewhat cheap ones.

Turbid needs a sensitive input because its proof of the entropy lower
bound requires that the thermal noise of the resistor at the input
connector (assuming that such a resistor exists) can be measured.  Even
a bad sound card can have a high enough sensitivity if it amplifies its
input by a large enough factor (a bad sound card will add more noise,
but that does not matter for the proof).

24-bit cards do not need much amplification and should be good enough.

> On Mon, Oct 27, 2014 at 4:47 PM, Clemens Ladisch <clemens at ladisch.de> wrote:
>> Bill Cox wrote:
>>> Sound outputs will be correlated when sampled at high speed.
>> If the output contains _only_ white noise, there will be the same amount
>> of noise at all frequencies, so the sample rate would not matter.
> This is inaccurate.  White noise with energy in every frequency would have
> infinite energy and destroy the universe.

Thermal noise will go high enough for any sampling rate we can use.

> In this application, I believe the frequency of interest is the cutoff
> frequency of the anti-aliasing filter, which is somewhat lower than
> 1/2 the sample rate (Niquist frequency).

Sound cards do not have single anti-aliasing filter.

A typical ADC chip has a delta-sigma modulator running at about 6 MHz,
which requires an external analog filter that reduces noise at that
frequency.  The modulator is followed by a digital decimation filter
that goes very near the Nyquist frequency of the currently used sample
rate.  (There also is a high-pass filter to remove any DC offset from
the input.)

> If you sample at the maximum supported sample frequency, you will do a
> better job capturing the entropy that is there, but sampling at a rate
> beyond the anti-aliasing filter cut-off frequency ...

This cut-off frequency is not independent of the sample rate.

> Turbid, from what I read in the paper, does not adaptively estimate
> entropy, which makes it's health monitor fairly weak, IMO.

Does it monitor anything _at all_?  As far as I can see, it blindly
stuffs samples into the hash function and trusts the calibration (and
that nobody attenuated or muted the input, accidentally or not).


More information about the cryptography mailing list