[onerng talk] The world's (other) most secure TRNG

[Bill Cox]

On Mon, Sep 29, 2014 at 4:43 PM, Paul Campbell <paul at taniwha.com> wrote:

> I guess my main argument here was mostly practical - I'm not sure how you
> can
> spice this if you are depending on  'spice-noise' as your random source -
> that's sort of the place in spice where you throw your hands in the air
> knowing it's not real :-)  ...


Actually, I trust my Python and C simulations rather than spice to confirm
he concept, and these simulations worked out nicely, though the code is
still hackish.


> really I think you need to breadboard it and
> get some samples working (you may already have, I just couldn't see it in
> your
> web pages) -


I've been trying to bread-board it.  The freaking surface mount parts are
holding me back at the moment.  I've got a $100 purchase of Digikey parts
mounted on Proto Advantage adapters, but it's expensive and slow!


> if you need help finding cheap and easy ways to build prototype
> boards I can help point you at cheap stuff in China - or we could spin a
> version of my board with your RNG on it as a proof-of-concept.
>

I would love to know how to get stuff built cheaply!  Please let me know.
I was about to start Googling Arduino projects to see if I could find out
what's the best way now days.

I built a zener-noise TRNG back in 1998, with reverse Vbe breakdown of a
2N2222, and fed it into a 40MHz 8-bit A/D converter, and used a Lattice
FPGA to whiten the output.  The A/D converter was my first ever experience
with surface mount parts, and I've mostly given up on prototyping since.

I would be very happy to work with you on a proof-of-concept built on your
board.  That would be awesome.


> BTW: as a sometime logic designer (I'm a verilog monkey,  used to build
> CPUs
> and graphics engines, I'm not really a gate designer) I'm also a bit leery
> of
> your 'cmos' implementation - basically analog in a cmos process is usually
> a
> bad idea - you're likely to get supply rail noise from  partly turned on
> gates
> dominating your shot noise. where are your caps? externally? if so you
> probably need to also model pin inductance ....
>

This was designed for Triad Semiconductor's 0.35u mixed signal ASICs.  They
have capacitor arrays and transistor arrays, and the whole thing is
configured with one via layer.  I think the mixed-signal ASIC guys in
general would disagree that analog in CMOS is a bad idea... however, it is
in an analog process.

Noise is good.  Power supply noise, shot noise, 1/f noise, thermal noise,
and even Mallory's external RF signal injection are all welcome!  They all
get mashed together and add to entropy, rather than overriding it.  That's
what happens when we amplify with modular multiplication rather than
saturating multiplication.


> Over and above that the cost of providing a fast USB interface kind of
> dominates everything else - we're building a dual RNG system based on a
> cheap
> TI USB-zigbee chip that gives us RF noise (LSBs of data sniffed from a
> random
> freq hopping RF source) and an avalanche source - the RF source is more
> random
> than the avalanche source, largely because the analog avalanche source is
> being sampled in the analog domain and getting a perfect sample means
> choosing
> a sampling point and that likely means hand tweaking resistors in the
> manufacturing process - instead we just accept that we get 7.5 bits of
> entropy/byte and 'whiten' it through a CRC.
>

That's the right approach, IMO.  Just feed unpredictable state into your
entropy pool and generate as much data from it as you need.


> You can't get around having an RF shield here, even if you have a design
> that's immune to external signals you don't want other people to be able to
> sniff your data (one downside of your initial design BTW is that the
> sampling
> clock is visible - if you're sampling random analog data inside a chip  and
> encouraging a little bit of metastability in the process I think you're
> better
> off).
>

Hmm... I hadn't thought of using an RF shield to keep my noise *in*.  Good
point.


> Besides that these designs are not ones one normally builds, after years
> of building stuff to discourage noise actually making it on purpose, and
> then
> trying to contain it means that you are by definition going to have FCC
> issues
> - I think you need an RF shield no matter what you do.
>

I agree.  I'll need to keep the EMI where it belongs - on the inside of the
USB stick.  By the way, while I may need to tweak the design after playing
with real hardware, the architecture will work.  Here's the unfinished list
of parts with their cost that I have so far:

  Quad analog switch 1.3566 1000 1 1.3566  Quad op-amp 1.8 1000 1 1.8  384-LUT
FPGA $1.31 1000 1 $1.31  USB interface IC $1.58 1000 1 $1.58  .1uF bypass
cap 0.0405 1000 1 0.0405  100pF chip cap 0.022 1000 2 0.044  120 Ohm 5%
resistor 0.01566 1000 2 0.03132  Quad 8.2K 5% resistors 0.01568 1000 1
0.01568  Quad 10K 5% resistors 0.01568 1000 1 0.01568



6.18878
I'm checking this file and an infnoise.parlist file under git on github, so
it's all available if you want to check it out.  I just found a nice quad
op-amp from TI for this project this morning, so it's quite early in the
process.  These are Digikey prices in 1,000 unit volumes.  This is all in
the infnoise.partlist file.  I still need a connector, some more cheap
passives and fuse for the USB interface, housing with shielding, and I have
no idea what PCB and assembly cost are now days.  I also don't know if I'm
shooting myself in the foot trying to use 4-resistor chips vs having
place/route flexibility going with singles.  I'm really more of an IC guy
than a board-level guy.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20140929/e6c59b27/attachment.html>