[onerng talk] The world's (other) most secure TRNG

Paul Campbell paul at taniwha.com
Mon Sep 29 21:43:29 BST 2014 

On Tue, 30 Sep 2014 08:15:11 waywardgeek wrote:
> Hi, guys.  I'd rather work with you guys than alone on my own!  I'm trying
> to convince people to stop using saturating amplification (multiplication)
> to amplify their noise sources, and instead to use modular
> multiplication.  That's the whole idea behind an Infinite Noise Multiplier.

> You just take any source of noise, like a zener or thermal, and as you
> amplify it, compare the signal to Vref, and if it's too big, subtract out
> Vref, or some fraction of it.  Since noise may have to be amplified by a
> factor of a millon or even a billion, this comparison and modulo operation
> have to be done man times.  I do it with two back-to-back sample-and-hold
> circuits with a 2X multiplier in between so I can use the same amplifier as
> many times as needed to amplify the noise source.  If you imagine a string
> of them unrolled, maybe 30 or so of them, each multiplying by 2, and
> subtracting out Vref if needed, you can see out it works.

I guess my main argument here was mostly practical - I'm not sure how you can 
spice this if you are depending on  'spice-noise' as your random source - 
that's sort of the place in spice where you throw your hands in the air 
knowing it's not real :-)  ... really I think you need to breadboard it and 
get some samples working (you may already have, I just couldn't see it in your 
web pages) - if you need help finding cheap and easy ways to build prototype 
boards I can help point you at cheap stuff in China - or we could spin a 
version of my board with your RNG on it as a proof-of-concept.

BTW: as a sometime logic designer (I'm a verilog monkey,  used to build CPUs 
and graphics engines, I'm not really a gate designer) I'm also a bit leery of 
your 'cmos' implementation - basically analog in a cmos process is usually a 
bad idea - you're likely to get supply rail noise from  partly turned on gates  
dominating your shot noise. where are your caps? externally? if so you 
probably need to also model pin inductance .... 

Over and above that the cost of providing a fast USB interface kind of 
dominates everything else - we're building a dual RNG system based on a cheap 
TI USB-zigbee chip that gives us RF noise (LSBs of data sniffed from a random 
freq hopping RF source) and an avalanche source - the RF source is more random 
than the avalanche source, largely because the analog avalanche source is 
being sampled in the analog domain and getting a perfect sample means choosing 
a sampling point and that likely means hand tweaking resistors in the 
manufacturing process - instead we just accept that we get 7.5 bits of 
entropy/byte and 'whiten' it through a CRC.

You can't get around having an RF shield here, even if you have a design 
that's immune to external signals you don't want other people to be able to 
sniff your data (one downside of your initial design BTW is that the sampling 
clock is visible - if you're sampling random analog data inside a chip  and 
encouraging a little bit of metastability in the process I think you're better 
off). Besides that these designs are not ones one normally builds, after years 
of building stuff to discourage noise actually making it on purpose, and then 
trying to contain it means that you are by definition going to have FCC issues 
- I think you need an RF shield no matter what you do.

	Paul

More information about the Discuss mailing list