[Cryptography] TRNG review: Arduino based TRNGs

Bill Cox waywardgeek at gmail.com
Mon Jan 18 09:02:58 EST 2016


On Mon, Jan 18, 2016 at 5:45 AM, Arnold Reinhold <agr at me.com> wrote:

>
> One thought I had was for situations where a string of random bits is
> required at first startup, say to initialize a key pair: One could measure
> the internal temperature and use the timers to record when the LSB changes
> as the chip warms up. Core temperature rises by about 3.5 deg C in the
> first minute of operation.  The timers are free running and have quite high
> resolution available, so the recorded times should have lots of entropy. Of
> course someone with physical possession of the device could try to game
> this, say be keeping the chip cold, but I think there are many applications
> where one might not worry about this threat. Also the thermal resistance
> between the chip and package could pose difficulty.
>
> Arnold Reinhold


Very cool!  I had a similar idea related to using the ADC on A0.  Everyone
seems to just let it float, but most pins on most boards float to a
specific voltage, often 0V, but it depends on the chip and sometimes the
board.  We could run a simple test to see what happens when we drive A0
high, and then let it float.  Assuming it decays to 0V, it will have to
cross all 1024 thresholds between count values, and while crossing them, we
can record thermal noise as the ADC jumps randomly between two adjacent
values.  If we just run the ADC rapidly for the whole voltage decay time,
we might be able to ensure there is enough entropy for use in crypto.

One nice thing about this approach is it should be somewhat resistant to
external influence, such as power-supply noise.  A "health monitor" routine
could check that the voltage decay happens at roughly the expected rate,
and without more variation than expected.  Toggling between adjacent ADC
input counts is expected from a 10-bit A/D.  Jumping from one value to a
far away value would be unexpected.  We could also compute the minimum
expected entropy contribution from thermal noise.  I suspect it will be
enough.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160118/37768f69/attachment.html>


More information about the cryptography mailing list