[onerng talk] The world's (other) most secure TRNG
Paul Campbell
paul at taniwha.com
Mon Sep 29 21:43:29 BST 2014
On Tue, 30 Sep 2014 08:15:11 waywardgeek wrote:
> Hi, guys. I'd rather work with you guys than alone on my own! I'm trying
> to convince people to stop using saturating amplification (multiplication)
> to amplify their noise sources, and instead to use modular
> multiplication. That's the whole idea behind an Infinite Noise Multiplier.
> You just take any source of noise, like a zener or thermal, and as you
> amplify it, compare the signal to Vref, and if it's too big, subtract out
> Vref, or some fraction of it. Since noise may have to be amplified by a
> factor of a millon or even a billion, this comparison and modulo operation
> have to be done man times. I do it with two back-to-back sample-and-hold
> circuits with a 2X multiplier in between so I can use the same amplifier as
> many times as needed to amplify the noise source. If you imagine a string
> of them unrolled, maybe 30 or so of them, each multiplying by 2, and
> subtracting out Vref if needed, you can see out it works.
I guess my main argument here was mostly practical - I'm not sure how you can
spice this if you are depending on 'spice-noise' as your random source -
that's sort of the place in spice where you throw your hands in the air
knowing it's not real :-) ... really I think you need to breadboard it and
get some samples working (you may already have, I just couldn't see it in your
web pages) - if you need help finding cheap and easy ways to build prototype
boards I can help point you at cheap stuff in China - or we could spin a
version of my board with your RNG on it as a proof-of-concept.
BTW: as a sometime logic designer (I'm a verilog monkey, used to build CPUs
and graphics engines, I'm not really a gate designer) I'm also a bit leery of
your 'cmos' implementation - basically analog in a cmos process is usually a
bad idea - you're likely to get supply rail noise from partly turned on gates
dominating your shot noise. where are your caps? externally? if so you
probably need to also model pin inductance ....
Over and above that the cost of providing a fast USB interface kind of
dominates everything else - we're building a dual RNG system based on a cheap
TI USB-zigbee chip that gives us RF noise (LSBs of data sniffed from a random
freq hopping RF source) and an avalanche source - the RF source is more random
than the avalanche source, largely because the analog avalanche source is
being sampled in the analog domain and getting a perfect sample means choosing
a sampling point and that likely means hand tweaking resistors in the
manufacturing process - instead we just accept that we get 7.5 bits of
entropy/byte and 'whiten' it through a CRC.
You can't get around having an RF shield here, even if you have a design
that's immune to external signals you don't want other people to be able to
sniff your data (one downside of your initial design BTW is that the sampling
clock is visible - if you're sampling random analog data inside a chip and
encouraging a little bit of metastability in the process I think you're better
off). Besides that these designs are not ones one normally builds, after years
of building stuff to discourage noise actually making it on purpose, and then
trying to contain it means that you are by definition going to have FCC issues
- I think you need an RF shield no matter what you do.
Paul
More information about the Discuss
mailing list