[Cryptography] TRNG review: Arduino based TRNGs

Ron Garret ron at flownet.com
Fri Jan 15 20:23:34 EST 2016


On Jan 15, 2016, at 4:24 PM, Bill Cox <waywardgeek at gmail.com> wrote:

> On Fri, Jan 15, 2016 at 9:05 AM, Ron Garret <ron at flownet.com> wrote:
> 
> 
> Even in that case why not give yourself a comfortable safety margin?  Are there really applications that require you to squeeze every last bit of entropy out of a noise source?
> 
> rg
> 
> 
> It's not the rate of entropy collection, but whether there is _any_ entropy coming from the source.  A 256 bit key is going to be pretty weak if is a single 8-bit constant repeated 32 times.  If the input on A0 is consistently in the center of a 2mV range that is output as the same constant on each read, that's what you'll get.

Well, yeah, obviously.  But the point I’m trying to make is that things like this:

On Jan 13, 2016, at 5:08 PM, Jonathan Thornburg <jthorn at astro.indiana.edu> wrote:

> On Wed, Jan 13, 2016 at 02:09:03PM -0800, Bill Cox wrote:
>> As for the minimum required hardware for an Arduino, I have not built it,
>> but I suspect we could do it with 1 cap and 2 resistors, using the 10-bit
>> ADC, assuming we could use the PWM to force A0 to a value that keeps
>> randomly flipping between 0x200 and 0x1FF, by using an RC filter on the PWM
>> connected through a resistor to A0.  [[...]]
> 
> How do we know that this value *randomly* flips, as opposed to (say)
> flipping in phase with residual 50/60Hz noise from the power supply?

are overthinking the problem.  You shouldn’t even try to engineer something that will “randomly flip” between two values.  Just run a noise source directly into the ADC, sample it 1000 times or so over the course of a second, and shove the whole bucket o' bits through SHA3.  For extra safety, check that the mean and variance of the signal look reasonable. For extra extra safety, check the FFT and make sure it’s not too peaky.  For extra extra extra safety take two successive FFTs and make sure they’re different.  No need to do a lot of fancy shmancy electrical engineering.  In fact, you can probably get pretty reasonable results with no circuitry at all and just letting the ADC pin float (I’ve tried this on a Teensy3 and it actually works quite well).

rg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160115/f114eba7/attachment.html>


More information about the cryptography mailing list