[Cryptography] Whitening Algorithm

Bill Cox waywardgeek at gmail.com
Mon Jul 27 10:21:04 EDT 2015 

On Sun, Jul 26, 2015 at 10:53 AM, Rob Seward <robseward at gmail.com> wrote:

> 1) Background:
>
> I’m building an Arduino shield mainly for educational purposes. I’m trying
> to keep it as simple as possible so that its internal workings can be
> easily understood. While I’m not creating something for serious
> cryptographic use, the project is less compelling if it cannot create
> cryptographic-quality output.
>

My Infinite Noise TRNG is primarily meant as a means for educating the
world about this architecture of TRNG.  If it is a good fit for your
project, feel free to copy the Eagle files and simply delete the USB
interface portion.  It's all open hardware/software.  This should make a
nice tiny shield if you can deal with 6 pins:

- VCC - 3.3V, though the components should handle 3V to 5V.
- GND - 0V
- CLK1 - a 300 KHz square wave
- CLK2 - the inverse of the 150 KHz square wave
- OUT1 - output channel 1: sample this on rising edge of CLK1
- OUT2 - output channel 2: sample this on rising edge of CLK2


> 2) What I’ve learned:
>
> 2d) Avalanche noise from transistors is subject to failure.
>
> Correct me if I’m wrong, but it looks like without a health check, both
> approaches (2b and 2c) will produce random output even if the transistor
> fails and outputs all 0s. One thing I liked about my (flawed) algorithm is
> that it would pass statistical tests if the noise source was healthy, and
> produce poor, detectable results if the noise source failed.
>
> With the above architectures, it seems some kind of internal health check
> would be needed. Running the stream through a Von Neumann filter might
> achieve this. Would a simple monobit test be a good (read: cheap) litmus
> test for the noise source’s health, or is something more sophisticated
> needed? Bill mentioned doing health checks on a host machine. Would this
> involve switching modes on the device? That is, stream unwhitened noise
> periodically to the host to check for health, and then switch back to
> encrypted output?
>

I prefer to do whitening on the host side, with a pre-whitening health
check.  Whitening in the shield is an iffy thing to do, for the reason you
mention - you can't trust the data once it's whitened, if you have no way
to verify the source.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150727/53704c69/attachment.html>

More information about the cryptography mailing list