[Cryptography] TRNG review: Arduino based TRNGs

Bill Cox waywardgeek at gmail.com
Wed Jan 13 17:09:03 EST 2016 

On Wed, Jan 13, 2016 at 1:46 PM, Stephen Wood <smwood4 at gmail.com> wrote:


> How much entropy is needed to properly seed a CSPRNG? This[0]
> stack-exchange question suggests at it being ~128 bits. Going from known
> state --> 16 bytes of honest-to-goodness random data --> CSPRNG would open
> up the Arduino to a lot of interesting applications.
>

Yep.  If you are happy with 128-bit AES, I see no reason to be unhappy with
128-bit seeds for CSPRNGs.  I would feel better with 256-bit for both
encryption and random number seeds, but clearly the world seems to run OK
currently on 128 bits.


> I agree and have wondered out loud why we have no such device! Bill
> himself makes an inexpensive TRNG[1] (that's currently in stock!), there's
> also the OneRNG which I own and use. Both of these devices target linux
> hosts and not IoT.
>

Well, it wont be in stock for long now that you've plugged it!  Actually, I
prefer to keep it fairly quite, since these things take 29 placements
(including USB pins) to make.  I'm more interested in having a device using
modular entropy multiplication simply being available than actually selling
them.  That's one reason I moved to a hacker-style board without a normal
USB key enclosure and proper connector.


> Maybe someone with better electronics experience can chime in, but I'm
> very curious about the minimum amount of hardware required to build a TRNG
> for IoT devices such as the Arduino.
>

Adding a TRNG to an IC design requires < $0.001 worth of silicon.  For some
reason, almost all the devices I've seen that have TRNGs do not make it
possible to read the raw data from the entropy source.  I think this is a
significant mistake made almost universally in the semiconductor industry,
which generally is very secretive.  Worse, when I do get access to raw data
(such as from probably_random), I more often than not find that the
engineering was not quite done properly (it is apparently somewhat hard to
do), and the result is that the output bits are less random than
advertised.  The marketing claims that devices include "high quality" TRNGs
makes me cringe.  Just give us access to the entropy source, and let us
determine that for ourselves!

The OneRNG designers put in the effort to get the engineering right, and
remains my recommended solution for anyone in need of a USB key TRNG.

As for the minimum required hardware for an Arduino, I have not built it,
but I suspect we could do it with 1 cap and 2 resistors, using the 10-bit
ADC, assuming we could use the PWM to force A0 to a value that keeps
randomly flipping between 0x200 and 0x1FF, by using an RC filter on the PWM
connected through a resistor to A0.  Should cost about $0.03 in components,
though placing a $0.01 resistor often costs $0.25, at least here in the USA.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160113/24094459/attachment.html>

More information about the cryptography mailing list