[Cryptech Tech] Hardware entropy

Bernd Paysan bernd at net2o.de
Tue May 27 12:43:53 UTC 2014


Am Dienstag, 27. Mai 2014, 08:00:49 schrieb Stephan Mueller:
> However, any whitening function cannot add entropy, even though it can mix
> the data sufficiently to pass statistical tests. At best, it cannot add
> entropy, at worst, it will loose entropy.
> 
> This is the reason why the output of the basic noise source must be
> completely assessed. I do not care which whitening function you have on top
> as long as the basic noise source has acceptable statistical properties.

Sure.  The question is more if you actually want to have some whitening 
function reduce the entropy before you put it into the hash; and I don't like 
the idea.

Example: To remove the bias of the individual roscs, you can xor two sources 
(that's why I had the p ^ n readout address in my original entropy block).  
The result is a pretty flat distribution of all possible byte values (roughly 
gauss-shaped, see attached second-order histogram - that's a histogram of the 
histogram), but the entropy is nearly half of the original entropy (the 
individual bits are now better, but the overall number of bits are reduced by 
a factor two).

If you want to use my entropy source "raw" without any further post-
processing, that's the way to go - just xor two outputs together, that should 
give you a random source that should pass the dieharder test.  The 
observability is reduced (e.g. no way to measure bias), that's why you should 
have that function as separate element in your data path.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: histogram.pdf
Type: application/pdf
Size: 14749 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/tech/attachments/20140527/3afa44a8/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20140527/3afa44a8/attachment-0001.sig>


More information about the Tech mailing list