[Cryptography] TRNGs as open source design semiconductors

iang iang at iang.org
Thu Sep 12 17:29:26 EDT 2019 

On 11/09/2019 18:45, Ken McCall via cryptography wrote:
> I watch discussions on this list to learn more about cryptography and 
> I find it very valuable. However, I am not a cryptographer myself. 
> There was recent thread on TRNGs and I'd like to expound it into a 
> slightly different tangent, if I may.
>
> It seems to me (at least in the cryptocurrency world) that there is a 
> growing desire that hardware become more transparent (as in open 
> source) just as software has been. I believe an open source chip could 
> radically disrupt the existing TRNG chip market, forcing transparency. 
> I’m also assuming this theoretical chip would  be certified by one or 
> more of the myriad certification authorities that all these 
> manufacturers use as proof of their design integrity. Obviously there 
> is a case to be made that a TRNG burned into a chip (and open source 
> hardware design) results in a fixed attack surface. However, at least 
> that attack surface, should it be breached, would be a known entity 
> versus the proprietary chips on the market.


The concept of RNs (random numbers) is pretty vexing, and it doesn't 
seem to bend to the normal security thinking.  Even though an open 
source chip might be better, it still presents a supply chain attack and 
when it comes to actual production, chip manufacture is anything but 
transparent.

Because of issues like this, thinking in RN generation ("true" or 
pseudorandom or otherwise) has changed somewhat.  In short, RNs should 
be primarily directed in software, and the sources or seeds for this 
should be diversified out to different producers.  If there is a good 
hardware source, use it.  If there are several, use them all.  The, the 
software task reduces to combining/mixing many hopefully independent 
sources.

Once that is accepted, the task is now different.  In the hardware 
sense, we don't care about a perfect TRNG any more, we now care about 
many okRNGs, with the emphasis on independent not truethity.

Which leads to the notion that actually, a simple hardware design, or 
many designs, could be a good thing.  There is no particular reason why 
hardware manufacturers couldn't add in a small RNG into the left over 
0.1% of chip area.

Then software could XOR them all.


> To my knowledge there are no open source TRNG chips commercially 
> available on the market. There are however, discrete component plans 
> available, but not widely adopted (http://www.bitbabbler.org/).


Right. So if we have multiple sources into a software mixer, then all 
that babbling disappears and any good-enough source becomes good enough.


>
> Also, there was one Crowdsupply failed attempt to create a chip:
> https://www.crowdsupply.com/onchip/open-v/updates/open-true-random-number-generator
>
> So, I wonder:
>
>   * Might open source TRNG hardware (as a semiconductor chip) better
>     support cryptography in general, or perhaps just for crypto
>     currencies? Or, am I completely wrong in this belief, and the
>     hardware designs are best left as proprietary?
>

Any source on a chip can support crypto as long as there are more than 1 
source, and they get mixed in software.  The more the merrier.  The 
slappier the sloppier, we'll take them all.

iang

ps old rant: https://iang.org/ssl/hard_truths_hard_random_numbers.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190912/9deaf37b/attachment.htm>

More information about the cryptography mailing list