[Cryptography] Duh, why aren't most embedded TRNGs designed this way?

[Ondrej Mikle]

On 2021-04-22 20:23, Bill Cox wrote:
> In short, use just 2 ring oscillators in an FPGA or ASIC, clocking 2 counters,
> one binary and one gray code, and use some clever software to (hopefully)
> securely estimate the entropy collected, avoiding the most common reasons for
> TRNG failures in embedded systems.

This question has plaugued me for decades. I never understood the design,
rationales and why the companies hidden the designs. (Well I acutally understood
why they hid the designs.)

Though there was a very outstanding lecture in CARDIS 2018 (I guess) that
explained all the intricacies on how to make a TRNG that will not fail.

The system is called Hector Project (https://cordis.europa.eu/project/id/644052
- not sure if this is the best link, there used to be direct link to project).

Though the lecture was fairly long, they covered the important issues like "how
do you known when your RNG goes bad?" (There is a full recording somewhere)

I am no expert in RNG, but the part of "how do you make it so it does not fuck
itself up" was the most crucial part.

Given, this was several years ago, so my memory is not so good on details,
nevertheless it was the best RNG design I have seen.

They have models, implementations, measures, go check that out.

But overall, this made me seem to think that that was the one best TRNG I have seen.

OM