[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] TRNG review: Arduino based TRNGs
From: Bill Cox <waywardgeek () gmail ! com>
Date: 2016-01-18 14:02:58
Message-ID: CAOLP8p4W0eA=g_GiH46ydCC_=FveWeEYv16f4xEs2LPmW5TDOg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Mon, Jan 18, 2016 at 5:45 AM, Arnold Reinhold <agr@me.com> wrote:
>
> One thought I had was for situations where a string of random bits is
> required at first startup, say to initialize a key pair: One could measure
> the internal temperature and use the timers to record when the LSB changes
> as the chip warms up. Core temperature rises by about 3.5 deg C in the
> first minute of operation. The timers are free running and have quite high
> resolution available, so the recorded times should have lots of entropy. Of
> course someone with physical possession of the device could try to game
> this, say be keeping the chip cold, but I think there are many applications
> where one might not worry about this threat. Also the thermal resistance
> between the chip and package could pose difficulty.
>
> Arnold Reinhold
Very cool! I had a similar idea related to using the ADC on A0. Everyone
seems to just let it float, but most pins on most boards float to a
specific voltage, often 0V, but it depends on the chip and sometimes the
board. We could run a simple test to see what happens when we drive A0
high, and then let it float. Assuming it decays to 0V, it will have to
cross all 1024 thresholds between count values, and while crossing them, we
can record thermal noise as the ADC jumps randomly between two adjacent
values. If we just run the ADC rapidly for the whole voltage decay time,
we might be able to ensure there is enough entropy for use in crypto.
One nice thing about this approach is it should be somewhat resistant to
external influence, such as power-supply noise. A "health monitor" routine
could check that the voltage decay happens at roughly the expected rate,
and without more variation than expected. Toggling between adjacent ADC
input counts is expected from a 10-bit A/D. Jumping from one value to a
far away value would be unexpected. We could also compute the minimum
expected entropy contribution from thermal noise. I suspect it will be
enough.
Bill
[Attachment #5 (text/html)]
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Jan 18, 2016 \
at 5:45 AM, Arnold Reinhold <span dir="ltr"><<a href="mailto:agr@me.com" \
target="_blank">agr@me.com</a>></span> wrote:<br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br> One \
thought I had was for situations where a string of random bits is required at first \
startup, say to initialize a key pair: One could measure the internal temperature and \
use the timers to record when the LSB changes as the chip warms up. Core temperature \
rises by about 3.5 deg C in the first minute of operation. The timers are free \
running and have quite high resolution available, so the recorded times should have \
lots of entropy. Of course someone with physical possession of the device could try \
to game this, say be keeping the chip cold, but I think there are many applications \
where one might not worry about this threat. Also the thermal resistance between the \
chip and package could pose difficulty.<br> <span class="HOEnZb"><font \
color="#888888"><br> Arnold Reinhold</font></span></blockquote></div><br></div><div \
class="gmail_extra">Very cool! I had a similar idea related to using the ADC on A0. \
Everyone seems to just let it float, but most pins on most boards float to a specific \
voltage, often 0V, but it depends on the chip and sometimes the board. We could run \
a simple test to see what happens when we drive A0 high, and then let it float. \
Assuming it decays to 0V, it will have to cross all 1024 thresholds between count \
values, and while crossing them, we can record thermal noise as the ADC jumps \
randomly between two adjacent values. If we just run the ADC rapidly for the whole \
voltage decay time, we might be able to ensure there is enough entropy for use in \
crypto.</div><div class="gmail_extra"><br></div><div class="gmail_extra">One nice \
thing about this approach is it should be somewhat resistant to external influence, \
such as power-supply noise. A "health monitor" routine could check that \
the voltage decay happens at roughly the expected rate, and without more variation \
than expected. Toggling between adjacent ADC input counts is expected from a 10-bit \
A/D. Jumping from one value to a far away value would be unexpected. We could \
also compute the minimum expected entropy contribution from thermal noise. I \
suspect it will be enough.</div><div class="gmail_extra"><br></div><div \
class="gmail_extra">Bill</div></div>
[Attachment #6 (text/plain)]
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic