[Cryptography] A TRNG review per day: Turbid

Bill Cox waywardgeek at gmail.com
Wed Oct 29 09:22:26 EDT 2014


On Wed, Oct 29, 2014 at 8:55 AM, Clemens Ladisch <clemens at ladisch.de> wrote:

> Bill Cox wrote:
> > On Tue, Oct 28, 2014 at 5:28 PM, Clemens Ladisch <clemens at ladisch.de>
> wrote:
> > > A typical ADC chip has a delta-sigma modulator running at about 6 MHz,
> > > which requires an external analog filter that reduces noise at that
> > > frequency.  The modulator is followed by a digital decimation filter
> > > that goes very near the Nyquist frequency of the currently used sample
> > > rate.  (There also is a high-pass filter to remove any DC offset from
> > > the input.)
> >
> > [...] In that case it's the decimation filter cut-off that counts.
> > That's typically 2X the highest audio frequency of interest, isn't it?
>
> Yes, if with "2X" you mean what I'd call "half".  For example, the
> CS5381 datasheet says:
>   Passband (-0.1 dB): from 0 Fs to 0.47 Fs
>   Stopband (-95 dB): from 0.58 Fs
>
> This filter and the HPF will attenuate extremly high and low frequencies;
> what remains is usable white noise over almost the entire frequency
> range.
>
> > There will still be significant correlation between samples.  There is
> > thermal noise in a band from 9X to 10X below the sample rate
>
> Why are you singling out this band?
>
> > which will turn into a significant short-term correlation between
> > samples 10 away from each other.
>
> The noise in all the other bands will cancel out these correlations.
>
>
>
Not in my experience, but that is somewhat limited.  A simple test would be
seeing if the zero crossings are correlated between adjacent samples.  My
guess is they are highly correlated, as in I have a 70% chance of guessing
if your next sample is greater or less than zero if you tell me the full
value of the previous sample.  If you send me some typical Turbid maximum
sample rate sound samples, I'd be happy to do that test.

However, this does not invalidate Turbid's entropy estimate in any way.
Feeding every sample, even if there is some correlation, into the hash
function is the right thing to do to collect all that entropy.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141029/5879e288/attachment.html>


More information about the cryptography mailing list