[Cryptography] Crowd Supply announces Infinite Noise TRNG

Sun Aug 12 15:41:37 EDT 2018

On Thu, Aug 9, 2018 at 9:23 AM Patrick Chkoreff <pc at fexl.com> wrote:

> Crowd Supply announces the availability of the Infinite Noise TRNG, for
> the low-low price of $35:
>
> https://www.crowdsupply.com/13-37/infinite-noise-trng
>
> (Includes slick video.)
>
> Someone's been listening to the Wayward Geek Bill Cox, who may soon be
> scoping out real estate in Deer Valley!
>

This guy has my full support.  He did a great job on this hardware.  He
even had it UL tested.  He sent me one for free, which is more that enough
compensation for me :)  Anyone is welcome to freely clone any of my
open-source projects (including open hardware), for fun and profit.  I also
support OneRNG, but 1) this is better, and 2) more open-source TRNGs is a
good thing.  Hopefully there will be enough folks out there buying both of
these to encourage new versions in the future, as well as robust software
support.

That said, here's a ridiculously simple TRNG architecture that you cant
use, IIUC (highly unlikely: IANAL), due to a-holes patenting security:

Use a flawed ring-oscillator with an _even_ number of inverters (actually
you want 4*n + 2 inverters).  Useless, right?  Now take two inverters at
opposite sides of the ring, and turn them into 2-input NAND gates, which
creates 2 enable inputs, which you tie together.  When enable is low, the
ring is stable, with the other NAND-gate inputs being high.  When enable
goes high, two edges chase each other around the ring until they collide
and annihilate each other.  Count how many times an edge goes around the
ring and wait for the counter to be stable.  The low bits of the counter
are generally reasonably random.  The counter values form a Poisson
distribution when noise in the ring is consistent, which your
health-checker should verify before using the TRNG output.

The criteria I look for in a good TRNG architecture include:

- Freely available design (open-source), without IP ownership issues.
- Clean physical model, enabling good health-checking
- Continues working well over changes in process, temperature, voltage,
age, etc
- Resistant to radio and supply voltage attacks
- Difficult to screw up
- Cheap, even if that makes it run slowly: we only need 256 bits of entropy
to seed a CPRNG

This simple almost-ring-oscillator checks all the boxes, except the first
and most important one.  One day, this architecture will be free for all to
use, and at that time, I'll start recommending it.  Until then, at least
for a USB form-factor, I recommend this guy's new Infinite Noise TRNG.  It
checks all the boxes.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180812/49fc9258/attachment.html>