[Cryptography] A TRNG review per day: Turbid
Bill Cox
waywardgeek at gmail.com
Wed Oct 29 07:13:48 EDT 2014
On Tue, Oct 28, 2014 at 5:28 PM, Clemens Ladisch <clemens at ladisch.de> wrote:
> > On Mon, Oct 27, 2014 at 4:47 PM, Clemens Ladisch <clemens at ladisch.de>
> wrote:
> >> Bill Cox wrote:
> >>> Sound outputs will be correlated when sampled at high speed.
> >>
> >> If the output contains _only_ white noise, there will be the same amount
> >> of noise at all frequencies, so the sample rate would not matter.
> >
> > This is inaccurate. White noise with energy in every frequency would
> have
> > infinite energy and destroy the universe.
>
> :-)
> Thermal noise will go high enough for any sampling rate we can use.
>
Agreed.
> > In this application, I believe the frequency of interest is the cutoff
> > frequency of the anti-aliasing filter, which is somewhat lower than
> > 1/2 the sample rate (Niquist frequency).
>
> Sound cards do not have single anti-aliasing filter.
>
> A typical ADC chip has a delta-sigma modulator running at about 6 MHz,
> which requires an external analog filter that reduces noise at that
> frequency. The modulator is followed by a digital decimation filter
> that goes very near the Nyquist frequency of the currently used sample
> rate. (There also is a high-pass filter to remove any DC offset from
> the input.)
>
Duh... I was thinking of SAR ADCs, which would never go to 24 bits. Of
course they're sigma-deltas. The external filter is what I normally hear
called the anti-aliasing filter, even for SD-ADCs, but it's cut-off can be
much higher than the decimation filter's cut-off, so it is irrelevant for
calculation of thermal noise. In that case it's the decimation filter
cut-off that counts. That's typically 2X the highest audio frequency of
interest, isn't it?
There will still be significant correlation between samples. There is
thermal noise in a band from 9X to 10X below the sample rate which will
turn into a significant short-term correlation between samples 10 away from
each other. It's not a big deal, since the math works anyway, but it's
there.
>
> > If you sample at the maximum supported sample frequency, you will do a
> > better job capturing the entropy that is there, but sampling at a rate
> > beyond the anti-aliasing filter cut-off frequency ...
>
> This cut-off frequency is not independent of the sample rate.
>
> > Turbid, from what I read in the paper, does not adaptively estimate
> > entropy, which makes it's health monitor fairly weak, IMO.
>
> Does it monitor anything _at all_? As far as I can see, it blindly
> stuffs samples into the hash function and trusts the calibration (and
> that nobody attenuated or muted the input, accidentally or not).
>
It should at least do some basic tests...
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141029/1cd02521/attachment.html>
More information about the cryptography
mailing list