<div dir="ltr"><div>What's the best TRNG architecture now days for a USB TRNG, just in case there is a OneRNG2?</div><div><br></div>It is almost certainly not a "quantum" TRNG. I'll leave it at that. Here's what IMO is the best TRNG architecture for both USB sticks and on-chip applications. No, it actually isn't my Infinite Noise multiplier :)<div><br></div><div>The best TRNG architecture, IMO, is a simple digital circuit that you can implement in any cheap configurable logic device, even a PAL. Here's the PALASM/Verilog-like equations for the logic:</div><div><br></div><div>n1 = !(n10 & en);</div><div>n2 = !n1;</div><div>n3 = !n2;</div><div>n4 = !n3;</div><div>n5 = !n4;</div><div>n6 = !(n5 & en);</div><div>n7 = !n6;</div><div>n8 = !n7;</div><div>n9 = !n8;</div><div>n10 = !n9;</div><div><br></div><div>This is a ring oscillator with an *even* number of inverters. Have two inverters at maximum distance from each other be NAND gates instead, so you can halt the oscillator. When the "en" signal goes high, there are now two edges in the ring oscillator that will chase each other like children running around a kitchen island. Eventually, due to unpredictable noise, one edge will catch the other, and the ring oscillator will stop oscillating. Write code or use digital logic to detect when the oscillator halts. The unpredictable output is the time it takes to halt. Measure this with a microcontroller timer, or a free-running counter.</div><div><br></div><div>These raw counter values should be the output of the TRNG. They need to be accessible for health testing on all platforms that use such a TRNG. Many runs should in theory form a <a href="https://en.wikipedia.org/wiki/Poisson_distribution">Poisson distribution</a>. The health checker should verify this, which gives a good indication that the TRNG is healthy and can be trusted to generate secret keys.</div><div><br></div><div>To generate secret keys, simply initialize a CPRNG with enough unpredictable bits. For example, use ChaCha20, or just SHA256 over-and-over, where the output is the SHA256 of one of the SHA256 chain values. This faster than the TRNG, and more secure, so long as you initialize the CPRNG with enough counter values from the TRNG. The number of counter values needed is easy to compute from the Poisson distribution formed during the health check.</div><div><br></div><div>Virtually all TRNGs should eventually migrate to this architecture, unless a better one is discovered, IMO.</div><div><br></div><div>WARNING: I am not allowed by my employer to search for patents covering ideas like this. The fact that almost no one uses this architecture leads me to believe that patents covering this area likely exist. This is why I say most TRNGs should *eventually* use this architecture. It has to eventually be free for all to use.</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 11, 2018 at 5:49 PM, Jim Cheetham <span dir="ltr"><<a href="mailto:jim@gonzul.net" target="_blank">jim@gonzul.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div color="#333333" bgcolor="#ffffff" style="background:rgb(255,255,255);color:rgb(102,115,102);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:16px;line-height:20px;margin:0px">
<span id="gmail-m_-965408069584393740gs-content-email-layout-preheader" style="background:rgb(255,255,255);color:rgb(255,255,255);display:none;font-size:1px">
</span>
<div id="gmail-m_-965408069584393740gs-content-email-layout-prebody" style="padding:0px 10px">
</div>
<table align="center" border="0" cellpadding="0" cellspacing="0" height="100%" width="100%" color="#333333" id="gmail-m_-965408069584393740gs-content-email-layout" style="background-color:transparent;border:none;border-collapse:collapse;margin:0px;max-width:100%;padding:0px">
<tbody><tr>
<td align="center" valign="middle" width="100%" id="gmail-m_-965408069584393740toparea" style="background:rgb(85,102,119);border-bottom:6px solid rgb(166,179,191);height:24px;margin:0px;padding:0px" height="24">
<center>
<table cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%" class="gmail-m_-965408069584393740fluid-table"><tbody><tr>
<td valign="top" id="gmail-m_-965408069584393740titlebar" style="margin:0px;padding:0px;text-align:left" align="left">
<table cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%"><tbody><tr>
<td style="margin:0px;padding:0px">
<a id="gmail-m_-965408069584393740titlebar-home-link" href="http://lists.onerng.info" style="border:none;color:rgb(85,102,119);display:block;line-height:20px;max-width:600px;text-decoration:none;white-space:nowrap" target="_blank"><span class="gmail-m_-965408069584393740logo" style="display:none"> </span>
<span class="gmail-m_-965408069584393740site" style="color:rgb(255,255,255);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:20px;font-weight:bold;line-height:20px">OneRNG</span></a>
</td>
</tr></tbody></table>
</td>
</tr></tbody></table>
</center>
</td>
</tr>
<tr>
<td align="center" valign="top" width="100%" id="gmail-m_-965408069584393740gs-content-email-layout-body" style="border-collapse:separate;margin:0px;padding:0px;table-layout:fixed">
<center>
<table cellpadding="0" cellspacing="0" width="100%" class="gmail-m_-965408069584393740fluid-table" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px"><tbody><tr>
<td valign="top" style="margin:0px;padding:0px">
<table cellpadding="0" cellspacing="0" width="100%" id="gmail-m_-965408069584393740gs-content-email-layout-fluid-body" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px"><tbody><tr>
<td id="gmail-m_-965408069584393740bodyblock" bgcolor="#FFFFFF" style="background:rgb(255,255,252);margin:0px;padding:20px 10px;text-align:left" align="left">
<div id="gmail-m_-965408069584393740gs-group-list-email-html">
<table id="gmail-m_-965408069584393740gs-group-list-email-html-prologue" align="center" valign="top" border="0" cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px"><tbody><tr>
<td id="gmail-m_-965408069584393740gs-group-list-email-html-prologue-photo" valign="top" width="60" height="60" style="margin:0px;padding:0px">
<a href="http://lists.onerng.info/p/jimc" title="Photo of Jim Cheetham" style="color:rgb(85,102,119);text-decoration:none" target="_blank">
<img src="http://lists.onerng.info/p/jimc/gs-profile-image-square/60" border="0" alt="Photo of Jim Cheetham" height="auto" width="auto" style="border: 0px; height: auto; max-width: 100%; vertical-align: middle; width: auto;" valign="middle"></a>
</td>
<td id="gmail-m_-965408069584393740gs-group-list-email-html-prologue-metadata" valign="top" style="margin:0px;padding:0px">
<table style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px">
<tbody><tr>
<td style="margin:0px;padding:0px 0px 0px 10px">
<a href="http://lists.onerng.info/r/topic/22XdQEFuX7qKcrRLNrMq9k" style="color:rgb(85,102,119);text-decoration:none" target="_blank"><b>The NIST QMRNG</b></a>
</td>
</tr>
<tr>
<td style="margin:0px;padding:0px 0px 0px 10px">
<span class="gmail-m_-965408069584393740muted" style="color:rgb(140,141,141)">by </span>
<a href="http://lists.onerng.info/p/jimc" style="color:rgb(85,102,119);text-decoration:none" target="_blank"><b>Jim Cheetham</b>
</a>
</td>
</tr>
<tr>
<td style="margin:0px;padding:0px 0px 0px 10px">
<span class="gmail-m_-965408069584393740muted" style="color:rgb(140,141,141)">in </span>
<a href="http://lists.onerng.info/groups/onerng-talk" class="gmail-m_-965408069584393740group" style="color:rgb(85,102,119);text-decoration:none" target="_blank">
<b>OneRNG Talk</b></a>
</td>
</tr>
</tbody></table>
</td>
</tr></tbody></table>
<table id="gmail-m_-965408069584393740gs-group-list-email-html-body" align="left" valign="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px">
<tbody><tr>
<td style="margin:0px;padding:0px"><hr style="border-width:3px 0px 1px;border-right-style:initial;border-left-style:initial;border-right-color:initial;border-left-color:initial;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);border-top-style:none;border-top-color:initial;margin:0px;padding:9px 0px 0px"></td>
</tr>
<tr>
<td id="gmail-m_-965408069584393740gs-group-list-email-html-body-main" align="left" style="margin:0px;padding:10px 0px 0px">
<span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">I just came across an article discussing NIST's recent work on a</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">"guaranteed random" generation mechanism.</span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%"><a class="gmail-m_-965408069584393740small" href="https://www.theregister.co.uk/2018/04/11/nist_random_numbers_quantum_mechanics/" style="color:rgb(85,102,119);font-size:12px;line-height:20px;text-decoration:underline" target="_blank">https://<b>www.theregister</b>.co.<wbr>uk/2018/04/11/nist_<wbr>random_numbers_quantum_<wbr>mechanics/</a></span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">The paper is published in Nature, 11 April 2018:</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%"><a href="https://www.nature.com/articles/s41586-018-0019-0" style="color:rgb(85,102,119);text-decoration:underline" target="_blank">https://<b>www.nature.com</b>/<wbr>articles/s41586-018-0019-0</a></span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">The idea seems to be that entangled photon can have their polarisation</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">states measured in such a way that violates the usual expectation that</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">"experimental outcomes are governed by pre-existing local attributes</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">of particles being measured"</span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">This apparently leaves us with a randomised state that is not</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">dependent on pre-existing conditions; i.e. one that is actually</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">random, rather than the standard that we usually use, which is "the</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">state is predictable but we don't have sufficient measurements to be</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">able to do the prediction".</span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">It's easy to see how tossing a coin or a die could be predicted given</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">sufficient information about how the toss was performed, for example.</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">In a similar way, the thermal and electrical properties of OneRNGs</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">diodes might be predictable - although I've not heard anyone suggest</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">that this is a practical procedure, except in the extreme case of</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">malfunctions.</span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">But NIST's approach might be significantly 'better', except that with</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">the current implementation you'd need the USB stick to be a triangle</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">over 100m on each side, which isn't exactly going to fit in the post</span><br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">from China ...</span><br>
<br><span class="gmail-m_-965408069584393740line" style="display:inline-block;max-width:580px;overflow:hidden;text-overflow:ellipsis;white-space:pre-wrap;width:100%" width="100%">-jim</span><br>
</td>
</tr>
</tbody></table>
<table id="gmail-m_-965408069584393740gs-group-list-email-html-links" align="center" valign="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:0px;max-width:100%;padding:0px">
<tbody><tr>
<td style="margin:0px;padding:20px 0px 0px"><hr style="border-width:3px 0px 1px;border-right-style:initial;border-left-style:initial;border-right-color:initial;border-left-color:initial;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);border-top-style:none;border-top-color:initial;margin:0px;padding:9px 0px 0px"></td>
</tr>
<tr id="gmail-m_-965408069584393740gs-group-list-email-html-links-view">
<td style="margin:0px;padding:20px 0px 0px">
<a id="gmail-m_-965408069584393740gs-group-list-email-html-links-view-reply" href="mailto:onerng-talk@lists.onerng.info?subject=Re%3A%20The%20NIST%20QMRNG" title="Reply to this email" class="gmail-m_-965408069584393740btn" style="background-color:rgb(85,102,119);background-image:none;background-repeat:repeat-x;border-width:1px;border-style:solid;border-color:rgba(102,153,0,0.1) rgba(102,153,0,0.1) rgba(102,153,0,0.25);border-radius:4px;color:rgb(255,255,255);display:inline-block;font-size:16px;line-height:20px;margin-bottom:0px;padding:4px 12px;text-align:center;text-decoration:none;vertical-align:middle" bgcolor="#556677" align="center" valign="middle" target="_blank">⮪ Reply</a>
<a id="gmail-m_-965408069584393740gs-group-list-email-html-links-view-new" href="mailto:onerng-talk@lists.onerng.info" title="Start a new topic by email" class="gmail-m_-965408069584393740btn" style="background-color:rgb(85,102,119);background-image:none;background-repeat:repeat-x;border-width:1px;border-style:solid;border-color:rgba(102,153,0,0.1) rgba(102,153,0,0.1) rgba(102,153,0,0.25);border-radius:4px;color:rgb(255,255,255);display:inline-block;font-size:16px;line-height:20px;margin-bottom:0px;padding:4px 12px;text-align:center;text-decoration:none;vertical-align:middle" bgcolor="#556677" align="center" valign="middle" target="_blank">🖂 New topic</a>
<a id="gmail-m_-965408069584393740gs-group-list-email-html-links-view-topic" class="gmail-m_-965408069584393740btn" href="http://lists.onerng.info/r/topic/22XdQEFuX7qKcrRLNrMq9k" title="View this post within the topic on the web" style="background-color:rgb(85,102,119);background-image:none;background-repeat:repeat-x;border-width:1px;border-style:solid;border-color:rgba(102,153,0,0.1) rgba(102,153,0,0.1) rgba(102,153,0,0.25);border-radius:4px;color:rgb(255,255,255);display:inline-block;font-size:16px;line-height:20px;margin-bottom:0px;padding:4px 12px;text-align:center;text-decoration:none;vertical-align:middle" bgcolor="#556677" align="center" valign="middle" target="_blank">View topic…</a>
</td>
</tr>
<tr id="gmail-m_-965408069584393740gs-group-list-email-html-links-settings">
<td style="margin:0px;padding:20px 0px 0px">
<a href="mailto:onerng-talk@lists.onerng.info?subject=Unsubscribe&body=Hello%2C%0A%0APlease%20remove%20me%20from%20OneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you." style="color:rgb(85,102,119);text-decoration:none" target="_blank">Unsubscribe</a>
<span class="gmail-m_-965408069584393740muted" style="color:rgb(140,141,141)"> • </span>
<a href="mailto:onerng-talk@lists.onerng.info?subject=Digest%20on&body=Hello%2C%0A%0APlease%20switch%20me%20from%20receiving%20one%20email%20per%20post%20to%20the%20daily%0Adigest%2C%20which%20summarises%20the%20all%20the%20posts%20made%20each%20day%20in%0AOneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you." style="color:rgb(85,102,119);text-decoration:none" target="_blank">Switch to a daily digest</a>
</td>
</tr>
</tbody></table>
</div>
</td>
</tr></tbody></table>
</td>
</tr></tbody></table>
</center>
</td>
</tr>
<tr id="gmail-m_-965408069584393740gs-content-layout-footer" style="background:rgb(237,240,242);border-top:6px solid rgb(204,204,204);clear:both;color:rgb(85,102,119);height:24px;margin:0px;padding:0px" height="24">
<td align="center" valign="top" width="100%" style="margin:0px;padding:0px">
<center>
<table cellpadding="0" cellspacing="0" width="100%" class="gmail-m_-965408069584393740fluid-table" style="background-color:transparent;border-collapse:collapse;margin:10px 0px;max-width:100%"><tbody><tr>
<td valign="top" id="gmail-m_-965408069584393740gs-content-layout-footer-content" style="margin:0px;padding:0px 0px 0px 10px;text-align:left" align="left">
<table cellpadding="0" cellspacing="0" width="100%" style="background-color:transparent;border-collapse:collapse;margin:10px 0px;max-width:100%"><tbody><tr>
<td style="margin:0px;padding:0px">
<ul class="gmail-m_-965408069584393740dotted-inline-list" style="margin:0px;padding:0px">
<li style="display:inline-block;line-height:20px;list-style:none;vertical-align:top" valign="top">
<a href="http://lists.onerng.info/policies/privacy/" style="color:inherit;text-decoration:underline" target="_blank">Privacy</a>
</li>
<li style="display:inline-block;line-height:20px;list-style:none;vertical-align:top" valign="top">
<a href="http://lists.onerng.info/policies/aup/" style="color:inherit;text-decoration:underline" target="_blank">Acceptable Use</a>
</li>
<li style="display:inline-block;line-height:20px;list-style:none;vertical-align:top" valign="top">
<a href="http://lists.onerng.info/policies/tos/" style="color:inherit;text-decoration:underline" target="_blank">Terms of Service</a>
</li>
</ul>
</td>
</tr></tbody></table>
</td>
</tr></tbody></table>
</center>
</td>
</tr>
</tbody></table>
</div>
</blockquote></div><br></div></div>