[Cryptography] Whitening Algorithm
Bill Cox
waywardgeek at gmail.com
Mon Jul 27 10:21:04 EDT 2015
On Sun, Jul 26, 2015 at 10:53 AM, Rob Seward <robseward at gmail.com> wrote:
> 1) Background:
>
> I’m building an Arduino shield mainly for educational purposes. I’m trying
> to keep it as simple as possible so that its internal workings can be
> easily understood. While I’m not creating something for serious
> cryptographic use, the project is less compelling if it cannot create
> cryptographic-quality output.
>
My Infinite Noise TRNG is primarily meant as a means for educating the
world about this architecture of TRNG. If it is a good fit for your
project, feel free to copy the Eagle files and simply delete the USB
interface portion. It's all open hardware/software. This should make a
nice tiny shield if you can deal with 6 pins:
- VCC - 3.3V, though the components should handle 3V to 5V.
- GND - 0V
- CLK1 - a 300 KHz square wave
- CLK2 - the inverse of the 150 KHz square wave
- OUT1 - output channel 1: sample this on rising edge of CLK1
- OUT2 - output channel 2: sample this on rising edge of CLK2
> 2) What I’ve learned:
>
> 2d) Avalanche noise from transistors is subject to failure.
>
> Correct me if I’m wrong, but it looks like without a health check, both
> approaches (2b and 2c) will produce random output even if the transistor
> fails and outputs all 0s. One thing I liked about my (flawed) algorithm is
> that it would pass statistical tests if the noise source was healthy, and
> produce poor, detectable results if the noise source failed.
>
> With the above architectures, it seems some kind of internal health check
> would be needed. Running the stream through a Von Neumann filter might
> achieve this. Would a simple monobit test be a good (read: cheap) litmus
> test for the noise source’s health, or is something more sophisticated
> needed? Bill mentioned doing health checks on a host machine. Would this
> involve switching modes on the device? That is, stream unwhitened noise
> periodically to the host to check for health, and then switch back to
> encrypted output?
>
I prefer to do whitening on the host side, with a pre-whitening health
check. Whitening in the shield is an iffy thing to do, for the reason you
mention - you can't trust the data once it's whitened, if you have no way
to verify the source.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150727/53704c69/attachment.html>
More information about the cryptography
mailing list