[Cryptech Tech] ent for rosc entropy in the Xilinx FPGA

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Ent results for the last days extraction:


Entropy = 7.999999 bits per byte.

Optimum compression would reduce the size
of this 212097148 byte file by 0 percent.

Chi square distribution for 212097148 samples is 290.33, and randomly
would exceed this value 6.34 percent of the times.

Arithmetic mean value of data bytes is 127.4978 (127.5 = random).
Monte Carlo value for Pi is 3.141832292 (error 0.01 percent).
Serial correlation coefficient is 0.000043 (totally uncorrelated = 0.0).


I've placed the file in the same bittorent sync box Bernd, Russ and
Basil has access too. If anybody else wants 200 MByte of entropy just
tell me.

I will now look at the extraction SW to see if I can fix the issue I
think caused the repeated byte issue Russ saw. (I would not ber
surprised that the issue is present in this data too.) I'm fairly
certain it is a SW problem. When that is done I'll redo the extraction
and then do the other extractions we have talked about.

Looking forward to any comments and findings.


Yours
JoachimS


Joachim Strömbergson wrote:
> Aloha!
> 
> Very interesting. I'll have new data to share tomorrow and we'll see
> if the problem is present there.
> 
> I am d fairly certain that it is my fault (it should be) and it is
> because I sometimes miss to check the status. I'll write some test SW
> for it.
> 
> Thanks again, highly appreciated.
> 
> Skickat från min iPhone
> 
>> 11 Dec 2014 kl. 19:51 skrev Russ Housley <housley at vigilsec.com>:
>> 
>> The FIPS 140 testing includes the Consecutive Value Test.  It
>> compares consecutive blocks within the random data.  The test fails
>> if the blocks are equal.  Looking for repeated bytes in the first
>> 40,000,000 bits in the provided data showed a few more failures
>> than I expected.  So, I took a look at each place in the file where
>> this this happened, and I found a pattern that is troublesome.
>> 
>> See these small chunks (in hex) from rosc_data.bin...
>> 
>> ... 79 f4 3e 1c 3e 3e fd b7 63 9b f2 1a ... ... c4 64 0b 36 0b 0b
>> c2 0b aa c5 19 ee ... ... 08 f9 5b cc 5b 5b 50 07 86 7c 71 aa ... 
>> ... 0c b3 56 fe 56 56 4d 29 6e 14 a7 ed ... ... 8d 0d 78 a0 78 78
>> 2d 6b 3c 8b 00 5c ... ... 55 a0 93 54 93 93 57 a5 19 15 e5 02 ... 
>> ... 06 16 d2 4e d2 d2 08 e0 61 fa 43 d4 ... ... 06 f5 e8 86 e8 e8
>> a4 90 f5 1b cf 7e ... ... b1 1a 74 e6 74 74 20 9c f7 84 19 36 ... 
>> ... a2 98 7f 64 7f 7f 73 8a b5 49 ae b1 ... ... ee ef 39 9c 39 39
>> 6f 73 09 88 77 60 ... ... e7 20 03 44 03 03 aa 34 36 ec d1 95 ... 
>> ... be 10 c7 1c c7 c7 cf 53 c6 87 a6 d5 ... ... 70 7c e5 17 e5 e5
>> f2 51 52 ac 3f 6e ... ... b0 3a 89 39 89 89 28 cf d3 cd a6 ae ... 
>> ... 51 7e 13 f9 13 13 cd d6 8b 52 28 77 ... ... 66 08 b3 60 b3 b3
>> 90 8f 43 c7 70 fb ... ... df ca 76 f2 76 76 40 6b 0b 5b c5 67 ... 
>> ... bd 0c 65 1a 65 65 1b 9e 1a 56 9f 55 ... ... 07 bd 6c ee 6c 6c
>> 67 ab 36 7e 8c e1 ... ... e3 2e 5e 0b 5e 5e d1 78 a6 31 25 a3 ... 
>> ... d5 ab 20 ec 20 20 7a a2 88 ce f4 b8 ... ... a4 13 aa da aa aa
>> 38 6a 8a 61 2a 04 ... ... 22 6e bd 5c bd bd 1d e0 15 17 e2 20 ... 
>> ... fa 10 14 4d 14 14 0d c0 ae 37 20 22 ... ... 09 35 e6 17 e6 e6
>> aa af 66 5d b5 2b ... ... f3 a9 db 4a db db cb 1d c8 e6 c9 fb ... 
>> ... 28 d4 9e 94 9e 9e 5e 56 f7 c8 6d e2 ... ... ef 04 da a9 da da
>> 7a 30 81 e4 c9 59 ... ... 3f 59 96 da 96 96 c5 33 4a 2b 0d b6 ... 
>> ... 6f 0d f5 66 f5 f5 53 61 82 41 9b 2b ...
>> 
>> In each chunk, the repeated value occurs in the 3rd, 5th, and 6th
>> byte.
>> 
>> I leave it to others to figure out why this pattern is occurring.
>> 
>> Russ
>> 
>> 
>>> On Dec 8, 2014, at 3:44 PM, Joachim Strömbergson wrote:
>>> 
> Aloha!
> 
> First results using the ent tool on entropy extracted from the rosc 
> entropy source implemented in the Xilinx Spartan-6 device on the
> Novena. this is based on 62 MByte data:
> 
> 
> Entropy = 7.999998 bits per byte.
> 
> Optimum compression would reduce the size of this 67121200 byte file
> by 0 percent.
> 
> Chi square distribution for 67121200 samples is 227.52, and randomly 
> would exceed this value 89.14 percent of the times.
> 
> Arithmetic mean value of data bytes is 127.5040 (127.5 = random). 
> Monte Carlo value for Pi is 3.141248317 (error 0.01 percent). Serial
> correlation coefficient is 0.000081 (totally uncorrelated = 0.0).
> 
> 
> 
> Not too shabby, it seems to be not totally b0rked.
> 
> I'm doing extraktion of more data. And if anybody wants the current
> raw data to do further analysis just tell me.
> 
>>> _______________________________________________ Tech mailing
>>> list Tech at cryptech.is https://lists.cryptech.is/listinfo/tech
> _______________________________________________ Tech mailing list 
> Tech at cryptech.is https://lists.cryptech.is/listinfo/tech

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUird4AAoJEF3cfFQkIuyNt/YP/0v9Mf9DzirY73AE47LDnDQ+
FQr1OzKQWaUGR7ITtxZRAJqP9XOvrGZOHtUYC2tx11hUh5P5v6qZBC4pRHRzyt05
bxsIwHP3VrYYyF0sGCb3aGDMbIDRG7h1nGY7GP+CMuljE0dJj3XtG9AQkavdH2IJ
zYPAbnCrXGZ9U+TQe9jOCG89oaXmlm7tBrVyVGOTNr6op1FZ+zX02KBLYalM3Cee
SwYoUwIhoB7xlE5FYZRtEuzB7xtQ+dOi0qf5Pt+sROt5+6qUHwrKAZjpM0tiqFqB
IqHqct5N0OlqC6b7oK9zI7pkwMOOLJWEpvUcK9v3TyuR1vLotdM0uvdaPUSfcjZR
p16wP0M1RQ4DPShGX9lTjUrGvGS2kLsqsbxlkeheVR6kUXZBp6KrRDVE9j/BcZbV
5Ncn16vpBEzsNlxqO/lumssb5QLvaZdXvvC8CC1pfAoscYyO3xWrv0d/rpD9XHXh
tCBbbQR5s0TNSH1qbCnhA/k39EkZ59pv09k/DIXL8JSIET7n4krMrryM9HiQR7PA
pPtx6majcPV2lbGHx09wNOxz+1owf/qY4yM32UJkwk67rLAqaS9ik8kN7S7TfKfC
yDBTEu/DI5iplT+ImmbAEBVmlvqWYnIAQ5ZpTZyAV7Je2acr8dlRmqLPxkAbg4Tv
nlhnplAUqzPXQd/BOGvx
=M3Uf
-----END PGP SIGNATURE-----