[Cryptography] TRNG review: Arduino based TRNGs
Bill Cox
waywardgeek at gmail.com
Tue Jan 12 12:38:15 EST 2016
On Tue, Jan 12, 2016 at 9:15 AM, Stephen Wood <smwood4 at gmail.com> wrote:
> Thanks, Bill. This is a fun write-up.
>
> > The most popular technique for generating true random data is to do
> what TrueRandom does, and drive a voltage onto pin 0, and measure it with
> the 8-bit ADC. While sometimes this generates unpredictable data, the
> scatter plots show scary correlations, and the one thing we know it is not
> measuring is thermal noise.
>
> Is there any way you could mitigate this by diversifying board pins, for
> example read from pin 0 and 5 and XOR the data together?
>
I think that would be similar to doing more reads from pin 0. It might be
possible with 2 or 3 passive external components to make this work with
thermal noise. The trick would be to have the DC voltage on pin 0 right on
a boundary between two counts of the 8-bit ADC. A resistor and capacitor
could generate this voltage with the PWM. Another resistor from the cap to
pin 0 should provide the isolation needed to get reasonable levels of
thermal noise on pin 0. Then, you'd need some feedback loop in the sketch
where you change the PWM output a bit every time you read a 1 or a 0, and
try to keep the average 1's and 0's the same.
This would still have issues when an attacker might control noise on the
power rails, but running off a battery with clean code, it should work OK.
This design would be similar to Intel's DRNG.
Without any external components, I think the thermal drift of the timers is
the only reliable source of entropy, but it is very low speed.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160112/8e2baf17/attachment.html>
More information about the cryptography
mailing list