[Cryptech Tech] ent for rosc entropy in the Xilinx FPGA

[Joachim Strömbergson]

Aloha!

Very interesting. I'll have new data to share tomorrow and we'll see if the problem is present there.

I am d fairly certain that it is my fault (it should be) and it is because I sometimes miss to check the status. I'll write some test SW for it.

Thanks again, highly appreciated.

Skickat från min iPhone

> 11 Dec 2014 kl. 19:51 skrev Russ Housley <housley at vigilsec.com>:
> 
> The FIPS 140 testing includes the Consecutive Value Test.  It compares
> consecutive blocks within the random data.  The test fails if the blocks
> are equal.  Looking for repeated bytes in the first 40,000,000 bits in
> the provided data showed a few more failures than I expected.  So, I
> took a look at each place in the file where this this happened, and I
> found a pattern that is troublesome.
> 
> See these small chunks (in hex) from rosc_data.bin...
> 
>   ... 79 f4 3e 1c 3e 3e fd b7 63 9b f2 1a ...
>   ... c4 64 0b 36 0b 0b c2 0b aa c5 19 ee ...
>   ... 08 f9 5b cc 5b 5b 50 07 86 7c 71 aa ...
>   ... 0c b3 56 fe 56 56 4d 29 6e 14 a7 ed ...
>   ... 8d 0d 78 a0 78 78 2d 6b 3c 8b 00 5c ...
>   ... 55 a0 93 54 93 93 57 a5 19 15 e5 02 ...
>   ... 06 16 d2 4e d2 d2 08 e0 61 fa 43 d4 ...
>   ... 06 f5 e8 86 e8 e8 a4 90 f5 1b cf 7e ...
>   ... b1 1a 74 e6 74 74 20 9c f7 84 19 36 ...
>   ... a2 98 7f 64 7f 7f 73 8a b5 49 ae b1 ...
>   ... ee ef 39 9c 39 39 6f 73 09 88 77 60 ...
>   ... e7 20 03 44 03 03 aa 34 36 ec d1 95 ...
>   ... be 10 c7 1c c7 c7 cf 53 c6 87 a6 d5 ...
>   ... 70 7c e5 17 e5 e5 f2 51 52 ac 3f 6e ...
>   ... b0 3a 89 39 89 89 28 cf d3 cd a6 ae ...
>   ... 51 7e 13 f9 13 13 cd d6 8b 52 28 77 ...
>   ... 66 08 b3 60 b3 b3 90 8f 43 c7 70 fb ...
>   ... df ca 76 f2 76 76 40 6b 0b 5b c5 67 ...
>   ... bd 0c 65 1a 65 65 1b 9e 1a 56 9f 55 ...
>   ... 07 bd 6c ee 6c 6c 67 ab 36 7e 8c e1 ...
>   ... e3 2e 5e 0b 5e 5e d1 78 a6 31 25 a3 ...
>   ... d5 ab 20 ec 20 20 7a a2 88 ce f4 b8 ...
>   ... a4 13 aa da aa aa 38 6a 8a 61 2a 04 ...
>   ... 22 6e bd 5c bd bd 1d e0 15 17 e2 20 ...
>   ... fa 10 14 4d 14 14 0d c0 ae 37 20 22 ...
>   ... 09 35 e6 17 e6 e6 aa af 66 5d b5 2b ...
>   ... f3 a9 db 4a db db cb 1d c8 e6 c9 fb ...
>   ... 28 d4 9e 94 9e 9e 5e 56 f7 c8 6d e2 ...
>   ... ef 04 da a9 da da 7a 30 81 e4 c9 59 ...
>   ... 3f 59 96 da 96 96 c5 33 4a 2b 0d b6 ...
>   ... 6f 0d f5 66 f5 f5 53 61 82 41 9b 2b ...
> 
> In each chunk, the repeated value occurs in the 3rd, 5th, and 6th byte.
> 
> I leave it to others to figure out why this pattern is occurring.
> 
> Russ
> 
> 
>> On Dec 8, 2014, at 3:44 PM, Joachim Strömbergson wrote:
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>> 
>> Aloha!
>> 
>> First results using the ent tool on entropy extracted from the rosc
>> entropy source implemented in the Xilinx Spartan-6 device on the Novena.
>> this is based on 62 MByte data:
>> 
>> 
>> Entropy = 7.999998 bits per byte.
>> 
>> Optimum compression would reduce the size
>> of this 67121200 byte file by 0 percent.
>> 
>> Chi square distribution for 67121200 samples is 227.52, and randomly
>> would exceed this value 89.14 percent of the times.
>> 
>> Arithmetic mean value of data bytes is 127.5040 (127.5 = random).
>> Monte Carlo value for Pi is 3.141248317 (error 0.01 percent).
>> Serial correlation coefficient is 0.000081 (totally uncorrelated = 0.0).
>> 
>> 
>> 
>> Not too shabby, it seems to be not totally b0rked.
>> 
>> I'm doing extraktion of more data. And if anybody wants the current raw
>> data to do further analysis just tell me.
>> 
>> - -- 
>> Med vänlig hälsning, Yours
>> 
>> Joachim Strömbergson - Alltid i harmonisk svängning.
>> ========================================================================
>> Joachim Strömbergson          Secworks AB          joachim at secworks.se
>> ========================================================================
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> 
>> iQIcBAEBCAAGBQJUhg2xAAoJEF3cfFQkIuyN/8sQAIHxstjtV/pedNcL+ABHay+B
>> XIG4zlsmED/PB9nsxfWx/PgQd0Ac+XRgqWKeH8Ucpw4ezWBJNJtvCTvozMXbMO2Q
>> hD0uWWsZIYpbuCmPX2ztMRv4hvGBX61Hk12j+cRhSMQIHu1wkPNjt2pq3VJ+Gdf5
>> /9/rVzHNvv/fhD4iLhJi460WfX+ear7NB0jpU690F0u2aCQaMCIlO6utarbow2j2
>> r1gmTGxhEDxZso+LseYjo+KJyuozBtaAa2d2DDdDUSZ5EqVV5WKnrFFRWUM2a9bv
>> 2s+rGv4MCRMiN2a1wv67Ftu16Ep2z907xOBGmchB2gySttv+Sq7h08VGtqRIiS1D
>> e3ZPRzKv1VH0JN4Y3aNpERvJhfm5dZCkEVGsMyKzgbebvo1E/TLSxl1zhU48y7nH
>> bz85dyiDC+Uzjfu91uMyVVvo8q6UaAbVAsmCAgNxzKwqKVc/YWJqibjCRI3RNUA2
>> pEEp1zZSNwYegcXgvIi5ZDnaAcBL9iei0dpOv6WX3VS9Nygh6UlQqO8c70P6z2cw
>> RjSupEuw9qMkuv8rGsqxyzkMO0xEpi/bZPnuVoCT4165APgsPvCCEZIVrRIy/1iy
>> MMqg9LLBsbePQz1tk19Fnvrpfl6ONbyzqt6pmDVKhhl4TN06Svkhj+5nNbyo86xJ
>> 8n8ST1oZzPpkbtvbBHEG
>> =8FSa
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Tech mailing list
>> Tech at cryptech.is
>> https://lists.cryptech.is/listinfo/tech
>