[Cryptech Tech] ent for rosc entropy in the Xilinx FPGA

Russ Housley housley at vigilsec.com
Thu Dec 11 18:51:13 UTC 2014 

The FIPS 140 testing includes the Consecutive Value Test.  It compares
consecutive blocks within the random data.  The test fails if the blocks
are equal.  Looking for repeated bytes in the first 40,000,000 bits in
the provided data showed a few more failures than I expected.  So, I
took a look at each place in the file where this this happened, and I
found a pattern that is troublesome.

See these small chunks (in hex) from rosc_data.bin...

   ... 79 f4 3e 1c 3e 3e fd b7 63 9b f2 1a ...
   ... c4 64 0b 36 0b 0b c2 0b aa c5 19 ee ...
   ... 08 f9 5b cc 5b 5b 50 07 86 7c 71 aa ...
   ... 0c b3 56 fe 56 56 4d 29 6e 14 a7 ed ...
   ... 8d 0d 78 a0 78 78 2d 6b 3c 8b 00 5c ...
   ... 55 a0 93 54 93 93 57 a5 19 15 e5 02 ...
   ... 06 16 d2 4e d2 d2 08 e0 61 fa 43 d4 ...
   ... 06 f5 e8 86 e8 e8 a4 90 f5 1b cf 7e ...
   ... b1 1a 74 e6 74 74 20 9c f7 84 19 36 ...
   ... a2 98 7f 64 7f 7f 73 8a b5 49 ae b1 ...
   ... ee ef 39 9c 39 39 6f 73 09 88 77 60 ...
   ... e7 20 03 44 03 03 aa 34 36 ec d1 95 ...
   ... be 10 c7 1c c7 c7 cf 53 c6 87 a6 d5 ...
   ... 70 7c e5 17 e5 e5 f2 51 52 ac 3f 6e ...
   ... b0 3a 89 39 89 89 28 cf d3 cd a6 ae ...
   ... 51 7e 13 f9 13 13 cd d6 8b 52 28 77 ...
   ... 66 08 b3 60 b3 b3 90 8f 43 c7 70 fb ...
   ... df ca 76 f2 76 76 40 6b 0b 5b c5 67 ...
   ... bd 0c 65 1a 65 65 1b 9e 1a 56 9f 55 ...
   ... 07 bd 6c ee 6c 6c 67 ab 36 7e 8c e1 ...
   ... e3 2e 5e 0b 5e 5e d1 78 a6 31 25 a3 ...
   ... d5 ab 20 ec 20 20 7a a2 88 ce f4 b8 ...
   ... a4 13 aa da aa aa 38 6a 8a 61 2a 04 ...
   ... 22 6e bd 5c bd bd 1d e0 15 17 e2 20 ...
   ... fa 10 14 4d 14 14 0d c0 ae 37 20 22 ...
   ... 09 35 e6 17 e6 e6 aa af 66 5d b5 2b ...
   ... f3 a9 db 4a db db cb 1d c8 e6 c9 fb ...
   ... 28 d4 9e 94 9e 9e 5e 56 f7 c8 6d e2 ...
   ... ef 04 da a9 da da 7a 30 81 e4 c9 59 ...
   ... 3f 59 96 da 96 96 c5 33 4a 2b 0d b6 ...
   ... 6f 0d f5 66 f5 f5 53 61 82 41 9b 2b ...

In each chunk, the repeated value occurs in the 3rd, 5th, and 6th byte.

I leave it to others to figure out why this pattern is occurring.

Russ


On Dec 8, 2014, at 3:44 PM, Joachim Strömbergson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Aloha!
> 
> First results using the ent tool on entropy extracted from the rosc
> entropy source implemented in the Xilinx Spartan-6 device on the Novena.
> this is based on 62 MByte data:
> 
> 
> Entropy = 7.999998 bits per byte.
> 
> Optimum compression would reduce the size
> of this 67121200 byte file by 0 percent.
> 
> Chi square distribution for 67121200 samples is 227.52, and randomly
> would exceed this value 89.14 percent of the times.
> 
> Arithmetic mean value of data bytes is 127.5040 (127.5 = random).
> Monte Carlo value for Pi is 3.141248317 (error 0.01 percent).
> Serial correlation coefficient is 0.000081 (totally uncorrelated = 0.0).
> 
> 
> 
> Not too shabby, it seems to be not totally b0rked.
> 
> I'm doing extraktion of more data. And if anybody wants the current raw
> data to do further analysis just tell me.
> 
> - -- 
> Med vänlig hälsning, Yours
> 
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
> Joachim Strömbergson          Secworks AB          joachim at secworks.se
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQIcBAEBCAAGBQJUhg2xAAoJEF3cfFQkIuyN/8sQAIHxstjtV/pedNcL+ABHay+B
> XIG4zlsmED/PB9nsxfWx/PgQd0Ac+XRgqWKeH8Ucpw4ezWBJNJtvCTvozMXbMO2Q
> hD0uWWsZIYpbuCmPX2ztMRv4hvGBX61Hk12j+cRhSMQIHu1wkPNjt2pq3VJ+Gdf5
> /9/rVzHNvv/fhD4iLhJi460WfX+ear7NB0jpU690F0u2aCQaMCIlO6utarbow2j2
> r1gmTGxhEDxZso+LseYjo+KJyuozBtaAa2d2DDdDUSZ5EqVV5WKnrFFRWUM2a9bv
> 2s+rGv4MCRMiN2a1wv67Ftu16Ep2z907xOBGmchB2gySttv+Sq7h08VGtqRIiS1D
> e3ZPRzKv1VH0JN4Y3aNpERvJhfm5dZCkEVGsMyKzgbebvo1E/TLSxl1zhU48y7nH
> bz85dyiDC+Uzjfu91uMyVVvo8q6UaAbVAsmCAgNxzKwqKVc/YWJqibjCRI3RNUA2
> pEEp1zZSNwYegcXgvIi5ZDnaAcBL9iei0dpOv6WX3VS9Nygh6UlQqO8c70P6z2cw
> RjSupEuw9qMkuv8rGsqxyzkMO0xEpi/bZPnuVoCT4165APgsPvCCEZIVrRIy/1iy
> MMqg9LLBsbePQz1tk19Fnvrpfl6ONbyzqt6pmDVKhhl4TN06Svkhj+5nNbyo86xJ
> 8n8ST1oZzPpkbtvbBHEG
> =8FSa
> -----END PGP SIGNATURE-----
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech

More information about the Tech mailing list