[Cryptography] A TRNG review per day: Turbid

Bill Cox waywardgeek at gmail.com
Wed Oct 29 07:13:48 EDT 2014

On Tue, Oct 28, 2014 at 5:28 PM, Clemens Ladisch <clemens at ladisch.de> wrote:

> > On Mon, Oct 27, 2014 at 4:47 PM, Clemens Ladisch <clemens at ladisch.de>
> wrote:
> >> Bill Cox wrote:
> >>> Sound outputs will be correlated when sampled at high speed.
> >>
> >> If the output contains _only_ white noise, there will be the same amount
> >> of noise at all frequencies, so the sample rate would not matter.
> >
> > This is inaccurate.  White noise with energy in every frequency would
> have
> > infinite energy and destroy the universe.
> :-)
> Thermal noise will go high enough for any sampling rate we can use.


> > In this application, I believe the frequency of interest is the cutoff
> > frequency of the anti-aliasing filter, which is somewhat lower than
> > 1/2 the sample rate (Niquist frequency).
> Sound cards do not have single anti-aliasing filter.
> A typical ADC chip has a delta-sigma modulator running at about 6 MHz,
> which requires an external analog filter that reduces noise at that
> frequency.  The modulator is followed by a digital decimation filter
> that goes very near the Nyquist frequency of the currently used sample
> rate.  (There also is a high-pass filter to remove any DC offset from
> the input.)

Duh... I was thinking of SAR ADCs, which would never go to 24 bits.  Of
course they're sigma-deltas.  The external filter is what I normally hear
called the anti-aliasing filter, even for SD-ADCs, but it's cut-off can be
much higher than the decimation filter's cut-off, so it is irrelevant for
calculation of thermal noise.  In that case it's the decimation filter
cut-off that counts.  That's typically 2X the highest audio frequency of
interest, isn't it?

There will still be significant correlation between samples.  There is
thermal noise in a band from 9X to 10X below the sample rate which will
turn into a significant short-term correlation between samples 10 away from
each other.  It's not a big deal, since the math works anyway, but it's

> > If you sample at the maximum supported sample frequency, you will do a
> > better job capturing the entropy that is there, but sampling at a rate
> > beyond the anti-aliasing filter cut-off frequency ...
> This cut-off frequency is not independent of the sample rate.
> > Turbid, from what I read in the paper, does not adaptively estimate
> > entropy, which makes it's health monitor fairly weak, IMO.
> Does it monitor anything _at all_?  As far as I can see, it blindly
> stuffs samples into the hash function and trusts the calibration (and
> that nobody attenuated or muted the input, accidentally or not).

It should at least do some basic tests...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141029/1cd02521/attachment.html>

More information about the cryptography mailing list