[Cryptography] TRNGs as open source design semiconductors

Ray Dillinger bear at sonic.net
Fri Sep 13 19:25:15 EDT 2019 

On Thu, 2019-09-12 at 23:29 +0200, iang wrote:
> 
> 
> The concept of RNs (random numbers) is pretty vexing, and it doesn't
> seem to bend to the normal security thinking.  Even though an open
> source chip might be better, it still presents a supply chain attack
> and when it comes to actual production, chip manufacture is anything
> but transparent.

I still talk about "random" numbers when talking to people who are
depending on the standard nomenclature for comprehension, but these
days I explain that what I really mean is "unpredictable" numbers.
Randomness is philosophical, and sort of defies a proper definition.  

But when we ask whether any attackers can predict the sequence, That
puts it better into the context of security thinking, because what we
immediately have there is a relatively normal security question.  It
has an attacker or set of attackers, and it is evaluating the
capabilities of that set of attackers with respect to a stream of
numbers.  

And I still talk about "entropy" when talking to people who are
depending on the standard nomenclature for comprehension, but these
days I explain that what I mean is how many bits do we have stored,
that we have good reasons to believe no potential attacker can predict.
Again, what that does is reduce it to a relatively standard security
question; is there any possible attacker who might be able to guess any
of these bits with any likelihood greater than 50%? That's a qestion
that can be evaluated, with a definite answer, with respect to a
specific set of attackers and a specific set of bits.

The concepts of "randomness" and "entropy" as qualities of numbers,
independent of any attacker, are in fact problematic, and contribute to
some faint and fuzzy thinking. 

Anyway, this is why standard design combines many sources, in such a
way that for every set of attackers who might possibly be able to
predict one source assuming whatever skulduggery and conspiracy would
be needed to subvert it, there exists at least one source which that
attacker can't predict. 

Bear

More information about the cryptography mailing list