[Cryptography] TRNGs as open source design semiconductors
iang
iang at iang.org
Thu Sep 12 17:29:26 EDT 2019
On 11/09/2019 18:45, Ken McCall via cryptography wrote:
> I watch discussions on this list to learn more about cryptography and
> I find it very valuable. However, I am not a cryptographer myself.
> There was recent thread on TRNGs and I'd like to expound it into a
> slightly different tangent, if I may.
>
> It seems to me (at least in the cryptocurrency world) that there is a
> growing desire that hardware become more transparent (as in open
> source) just as software has been. I believe an open source chip could
> radically disrupt the existing TRNG chip market, forcing transparency.
> I’m also assuming this theoretical chip would be certified by one or
> more of the myriad certification authorities that all these
> manufacturers use as proof of their design integrity. Obviously there
> is a case to be made that a TRNG burned into a chip (and open source
> hardware design) results in a fixed attack surface. However, at least
> that attack surface, should it be breached, would be a known entity
> versus the proprietary chips on the market.
The concept of RNs (random numbers) is pretty vexing, and it doesn't
seem to bend to the normal security thinking. Even though an open
source chip might be better, it still presents a supply chain attack and
when it comes to actual production, chip manufacture is anything but
transparent.
Because of issues like this, thinking in RN generation ("true" or
pseudorandom or otherwise) has changed somewhat. In short, RNs should
be primarily directed in software, and the sources or seeds for this
should be diversified out to different producers. If there is a good
hardware source, use it. If there are several, use them all. The, the
software task reduces to combining/mixing many hopefully independent
sources.
Once that is accepted, the task is now different. In the hardware
sense, we don't care about a perfect TRNG any more, we now care about
many okRNGs, with the emphasis on independent not truethity.
Which leads to the notion that actually, a simple hardware design, or
many designs, could be a good thing. There is no particular reason why
hardware manufacturers couldn't add in a small RNG into the left over
0.1% of chip area.
Then software could XOR them all.
> To my knowledge there are no open source TRNG chips commercially
> available on the market. There are however, discrete component plans
> available, but not widely adopted (http://www.bitbabbler.org/).
Right. So if we have multiple sources into a software mixer, then all
that babbling disappears and any good-enough source becomes good enough.
>
> Also, there was one Crowdsupply failed attempt to create a chip:
> https://www.crowdsupply.com/onchip/open-v/updates/open-true-random-number-generator
>
> So, I wonder:
>
> * Might open source TRNG hardware (as a semiconductor chip) better
> support cryptography in general, or perhaps just for crypto
> currencies? Or, am I completely wrong in this belief, and the
> hardware designs are best left as proprietary?
>
Any source on a chip can support crypto as long as there are more than 1
source, and they get mixed in software. The more the merrier. The
slappier the sloppier, we'll take them all.
iang
ps old rant: https://iang.org/ssl/hard_truths_hard_random_numbers.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190912/9deaf37b/attachment.htm>
More information about the cryptography
mailing list