[Cryptech Tech] Entropy source delivered

Fredrik Thulin fredrik at thulin.net
Sat Aug 23 14:31:05 UTC 2014

Previous message: [Cryptech Tech] Entropy source delivered
Next message: [Cryptech Tech] Entropy source delivered
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Benedikt, good to see you active again =)

On Saturday, August 23, 2014 01:52:46 PM Benedikt Stockebrand wrote:
...
> > Benedict takes 1 bit per every 4th edge (due to microcontroller
> > limitations), so that's why he ends up with 20kbit/s after the von
> > Neumann extractor.
> 
> That's 20 kByte/s (with the magic Zeners), or 160 kbit/s; the BC337-16's
> I've used for the batch of boards get me less, around 90--120 kbit/s.

Is that how many edges your MCU sees per second, or measured in some other 
way?

How exactly does your current firmware derive bits of entropy from the edges? I 
looked at the firmware you sent out a couple of weeks ago, and if I understood 
correctly what function was actually being used it appeared to be busy-waiting 
for the state of an input pin to change from low to high:

  inline void wait_for_rising_edge(void)
  {
    while ( (NOISE_PIN & (1 << NOISE_BIT))) { ; }
    while (!(NOISE_PIN & (1 << NOISE_BIT))) { ; }
  }

and then using a counter more or less the same way I am (code abbreviated):

  inline uint8_t noise_generator_next(void)
  {
    start = timer_counter();
    wait_for_rising_edge();
    return (timer_counter() - start) & 1;
  }

Have you plotted the raw data you extract somehow, like Bernd and I have done 
lately for my counter values? When I tried busy-waiting as opposed to 
interrupt driven operations I saw some clear bias towards certain numbers 
which I think were caused by the fixed execution time of the busy-wait loop - 
or maybe I was just observing these irregularities of my counter in 16 MHz 
mode back then but did not understand the cause of the bias =).

Anyway, a key takeaway from these last few days of studying the values that 
the LSB comes from to me is that making it possible to extract such from the 
RNG is actually super-important in order for someone (without an engineering 
lab at their disposal) to be able to verify the quality of the RNG. Joachim 
has always said so, but this just underlines the importance of it to me.

/Fredrik

Previous message: [Cryptech Tech] Entropy source delivered
Next message: [Cryptech Tech] Entropy source delivered
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list