[Cryptech Tech] trng ready for play

[Fredrik Thulin]

On Monday, October 06, 2014 09:25:32 AM Joachim Strömbergson wrote:
...
> Let me flip the question around. Given that we need to wait for an
> entropy provider to actually provide a word of data. How do you suggest
> that we deal with the potential livelock hazard in a secure manner that
> can't be subverted?

I have to start with making sure we're talking about the same thing here, but 
do you need to wait?

This is how I've understood your terminology and design of the various 
components included in the complete TRNG chain, please tell me if I'm wrong:

First, there are entropy sources. Some internal in the FPGA, and some 
external. These produce entropy of differing quality and differing speed.

Then, there are entropy provider "modules" inside the FPGA - one provider per 
source. One of the functions of the provider is to buffer whitened (don't know 
if it is source or provider that does the whitening, or both) bits from the 
entropy source and serve it to the mixer when it requests entropy.

If the above is correct, I have to ask why you need a timeout on the fetching 
of data from entropy providers? Why not just say that the mixer requests N 
bits from all the providers and either they have N bits in their buffers or 
they don't.

The mixer then has to handle the case where it didn't get the requested number 
of bits back from all sources, but it won't have to handle timeouts. I think 
this would be less complex.

/Fredrik