[Cryptography] True RNG: elementary particle noise sensed with surprisingly simple electronics

Ray Dillinger bear at sonic.net
Thu Sep 15 22:54:57 EDT 2016 


On 09/15/2016 12:34 PM, Thierry Moreau wrote:

> Obviously the evil is in the details, and some refinements are desirable
> since a) the noise sensing application is better served with a larger
> signal amplification, and b) the confidence in the noise sampling
> approach is (presumably) raised if noise sources other than current
> noise are reduced with appropriate circuit design techniques. But none
> of this is rocket science (e.g. compared with other elementary physics
> noise sampling such as so-called quantum noise generators).
> 
> Unavoidable current noise source:
>  - thermal noise
>  - excess current noise caused by the above resistor material construction
> Noise sources to be reduced (as a matter of sampling approach coherency)
>  - electrostatic ...
>  - electromagnetic ...

> Any thoughts?

One small-ish problem with electromagnetic noise is that it can
also be described using the word "radio."  If somebody points a
microwave antenna (or for that matter a tightly-focused transmitter)
at the device, would they be able to predict what "random" bits
it produces?

Still, whatever can be done with radio, they remain unpredictable
to anyone who isn't doing an expensive attack that requires human
time and attention (and risk) to monitor a single target.  That's
valuable.

***

I think that, rather than building a complex device that
people then have to trust, we should be building very
simple devices whose entire functionality (and therefore
trustworthiness) can be determined by visual inspection.

Start with an RFC or a standard, that specifies a wire-
level serial interface for devices that generate "random"
bits.

And the wire-level protocol should be so simple that it
requires nothing on the board to be capable of running any
code and is easily within reach of a hobbyist to build.
That is, IMO, an IMPORTANT property.  If a paranoid is
supposed to trust the device, then either it will be
because s/he built it him/herself, or because an electronics
buff is able to tell from visual inspection of the components
alone everything that the device does.  Code is not evident
to visual inspection of the components and therefore must
not be a requirement for any part of the device.

Then you can publish schematics for a simple device
that meets that protocol and produces unpredictable bits,
and a dozen or so people can write device drivers for
their favorite operating systems that deal with any
device meeting that dead simple serial protocol.

Somebody else can publish schematics for a *different*
simple device implementing the same standard wire protocol
but producing unpredictable bits in a different way,
and the same device drivers would work for it.

Paranoids and hobbyists can build their own and know that
there is no backdoor.  Entrepreneurs can construct the
circuits on acrylic boards and then cast more acrylic
around them for durability, and people can inspect the
fully transparent devices they built to make sure they
used the same parts in the same arrangement as shown
in the schematic.

A different entrepreneur can do the same thing but embed
glitter in the acrylic, and sell a device that scans
the glitter to make sure it does the same thing to a laser
light that the glitter in the original module did.
Then people can be "reasonably" more certain that the
device they have is the same device they had last week
(ie, nobody switched it) and hasn't been dissolved or cut
and then recast (ie, nobody tampered with it).

A third entrepreneur might build an "enhanced" device
with a USB interface and an arduino or something on board,
and a camera that you're supposed to point at a lava lamp
or goldfish tank or something. The exact functionality of
this "enhanced" device couldn't be audited by visual
inspection alone so paranoids wouldn't buy it, but other
people would.  As long as it meets the dog-simple serial
interface spec, a device driver on the system doesn't
care how the thing at the other end of the bus does it.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160915/b7597e68/attachment.sig>

More information about the cryptography mailing list