[Cryptech Tech] ASIC implementation page on wiki
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 17 12:08:15 UTC 2014
Benedikt Stockebrand <bs at stepladder-it.com>
>The problem I see with that is that if we run into problems with some
>"improved", "low noise" diodes being slipstreamed into production, then we
>have one hell of a rollback to do.
The solution is to never rely on a single source. If you look at the NSA's
Capstone design they use a noise source, an ANSI X9.17 generator using a per-
device seed, and a counter, and fed it all into a SHA-1 whitener/mixer. This
is a good, sound design, any one (and, worse-case, even two) of those
components can fail and the generator will still produce usable output.
So add two different diodes, a ring oscillator, a counter, and some sort of
crypto PRNG (everything except the diodes can presumably go on an FPGA/ASIC)
and hash the output, then you don't need to worry about a change in the
manufacturing processing killing your entire RNG.
Oh, and just moving to an ASIC isn't necessarily going to fix things, the old
Intel PIII RNG was discontinued because a change in the manufacturing process
rendered it unusable. It wasn't until about a decade later with RDRAND that
they came up with a design that wasn't susceptible to changes in the
manufacturing process.
Peter.
More information about the Tech
mailing list