[Cryptography] High volume thermal entropy from an iPhone
Max Skibinsky
max at skibinsky.com
Sat Dec 16 14:57:52 EST 2017
> I can sort of get behind this if you *add* the sources of entropy instead
> of *replacing* them. The one nice thing about entropy is that it sums
> easily, and you need to spectacularly mess up to have a bad source
> actually hurt you.
part of the reasons for choosing Von Neumann was high speed: VN is
just a huge lookup table. After precalculating VN values, the
extraction is just converting incoming sequence into an index in a
giant table, and appending bits from table to the buffer. Efficiency
itself. Nonetheless, even with VN processing 2mb frames on iPhone CPU
is about 5 sec. Just thermal noise alone is ~0.2 sec per frame.
Performance considerations was one of our top concerns to try to keep
bandwidth as high as possible.
After reading suggestions coming from various forums about what we can
do to manage various aspects (correlations etc) it is clear writing
this kind of pre-processing will slow down extraction a lot. So I'm
coming to conclusion that additive entropy via hashing or XOR as an
extra source is a way to go - running independent extractor is just
waste of CPU. With that in mind proper setup of "thermal RNG channel"
would be roughly as following:
1) Get any iPhone with security enclave (internal HRNG for boot)
2) Hard factory reset, delete all apps, update to latest iOS via USB
from secure laptop.
3) Airplane mode, wifi only
4) Install "thermal entropy" extractor from source code
5) If you trust iOS security: write hashed thermal entropy bits into
/dev/urandom, read final bytes from /dev/urandom. most trival to
implement: just provide different (write to /dev/urandom instead of
VN) implemenaton of this interface:
https://github.com/vault12/TrueEntropy/blob/master/TrueEntropy/Extractor.swift#L6
6) If you do not trust iOS stack: compile Yarrow from source, feed 2
sources: thermal entropy + iOS /dev/urandom
7) Use or upload final output via our NaCl channel to final destination.
Beside leveraging common hardware, the main advantage i see is that
iPhone is small & portable mini-computer fully under owner *physical
control*. Even with NSA-level resources, i don't see obvious attack
vectors. First of, how you locate that one phone feeding my farm it if
it's disconnected from cell networks in the first place - among
billions of others? It might be in storage box half country away. It
might be in my closet in Tahoe. Entropy is fed via zax relays (RPi in
other storage box), so phone private IP is never exposed to
destination services. How you corrupt firmware of that phone if it
never installs any apps and iOS always updated manually? Getting into
iPhone storage/state/sandboxed app over wifi? no known exploits afaik,
iPhone is ridiculously secure vs external over the wire attack.
- Max
More information about the cryptography
mailing list