# [Cryptography] Whitening Algorithm

Rob Seward robseward at gmail.com
Sun Jul 26 13:53:30 EDT 2015

```Wow, there’s so much useful feedback here. Thank you, everyone!

I’d like to respond with the following: 1) Some background on the project.
2) A reiteration of what I’ve gleaned from the conversation. 3) Next steps.

1) Background:

I’m building an Arduino shield mainly for educational purposes. I’m trying
to keep it as simple as possible so that its internal workings can be
easily understood. While I’m not creating something for serious
cryptographic use, the project is less compelling if it cannot create
cryptographic-quality output.

2) What I’ve learned:

2a) My algorithm isn’t doing what I think it’s doing.

I algebraically expanded the steps of the algorithm and saw that a lot of
the XOR operations were canceling each other out, confirming in my own mind
what a lot of others caught on to quickly here.

Bill showed that the algorithm can be reversed by guessing bytes that are
hidden, which can be used to decrypt the whole stream.

2b) One solution is to encrypt or hash the output

This will result in a decrease in throughput and add complexity to the
project. Options include AES-CBC-MAC, Cha-cha, Blake, etc.

2c) Another option is to seed a CSPRNG, generate a pseudo random stream,
and if I like, mix it with the raw stream from the diode. This would keep
the throughput up, but add complexity.

2d) Avalanche noise from transistors is subject to failure.

Correct me if I’m wrong, but it looks like without a health check, both
approaches (2b and 2c) will produce random output even if the transistor
fails and outputs all 0s. One thing I liked about my (flawed) algorithm is
that it would pass statistical tests if the noise source was healthy, and
produce poor, detectable results if the noise source failed.

With the above architectures, it seems some kind of internal health check
would be needed. Running the stream through a Von Neumann filter might
achieve this. Would a simple monobit test be a good (read: cheap) litmus
test for the noise source’s health, or is something more sophisticated
needed? Bill mentioned doing health checks on a host machine. Would this
involve switching modes on the device? That is, stream unwhitened noise
periodically to the host to check for health, and then switch back to
encrypted output?

2e)
I’ve diagrammed two approaches <http://i.imgur.com/1HdwjYr.png> here to
help me understand.

3) Next Steps

Rhys Weatherly has implemented a lot of these cryptographic algorithms for
Arduino <http://rweather.github.io/arduinolibs/crypto.html> and measured
their performance. I’m going to try to implement one of the above
architectures. Hopefully I can find something that the Arduino can handle
that can be abstracted to such a degree that the code is easy to read.

Thanks again everyone!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150726/e3d7fa0f/attachment.html>
```