[Cryptech Tech] Some measurement results for FPGA with avalanche entropy source
Joachim Strömbergson
joachim at secworks.se
Sat Sep 6 06:55:52 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Randy Bush wrote:
> can we show up at ches with a full chain on the novena based on two
> external sources (fredrik's and benedikt's) and N internal ROs? and
> be able to run dieharder?
>
> i am not even sure we know how to get two external sources into the
> novena at the same time.
Or just one of them
I agree this would be a real goal to aim for. Lets break down the issues
I see are needed for this to happen. But first - I think having one
external source and one internal source is enough. It would still make
the Cryptech RNG stand out in terms of features. Ok. Here are the
activities:
(1) Getting Cryptech FPGA HW up and running on Novena. Paul is basically
there. But we need to be able to replicate easily. And also using I2C
interface would make the RNG less impressive and harder to extract
enough data to run Dieharder (preferably being able to do so as a demo
on site). So we need:
- - Adaptation to use EIM
- - Documentation to get HW design into FPGA + SW to actually send
commands via EIM to read data in the FPGA
(2) Getting a fairly good looking avalanche noise tightly integrated
onto Novena. There exists a pluggable I/O board for Novena and Paul
would look into getting those for us. If we don't have one of those, we
need to look at some of the other interfaces as options.
Also, both the board from Benedict and Fredrik can't just be stacked on
top of a header, but connect with wires. I would love to have a small
board with the noise source just to push down on headers to make a
single integrated unit.
(3) Complete the RNG HW chain. The major blocks (SHA-512 and ChaCha) are
in the repo. I've started working on putting together the state machines
and API needed to control the RNG. And building a test bench for the
chain. This is actually the easiest part imho.
(4) Complete the fpga entropy source/provider design. The one right now
basically works, but I would like to incorporate feedback from Berndt
and do new measurements.
(5) Complete avalanche provider design. It is Good enough, but right now
filled with test stuff and needs to be polished.
(3) - (5) I see as the easy ones with (4) taking most time due to
measurements.
(1) and esp (2) is what I see takes longest time to do.
Comments, thoughts?
I actually considered building the complete RNG onto the TeasIC
DE0-board just to show how compact it can be. But the Novena running
Dieharder is a much better Dog & Pony platform.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJUCq/3AAoJEF3cfFQkIuyNtQUQAL2EhrXIi0O79Zjlid4fSmSD
uclEnQLbt1utJul7vGJ8+9ShH3gbKg7VlR22w1OeKOq46ZKFQTz1lJ9SE1M7DLw/
Y64Au3oQta3An9h8FZk5wUD3jJE+VHHdZVGfAvXZasX7Y6941hg/zj2Izq9oXsak
KF28E6ZNQUcs2gufkX1WHxclhosPlAIwlON8rSzBjfookcZ924K4wZZ7jXIHHFD3
+VTBkMKqaKcLGVAU0F+YL8HYMm04d7flQwnAnQWN/fEF6kbXfo5bt5nZL/aVAUYt
JsNOJW0QFQjdhXqZCT5binUTU+w8YyL6i1W+n47UqU6oQvzw71FzdLxtAfcpdGdm
uOSnMIOjle1zcLGlidBJvjAKz03Uf8TTDOWAfs+LEoREIn3IGTLljRI/ps8IA1Ko
W4Xec1yVrLFzmumTMv/nUnCACobI/U0uzAuUoF2tEm4+zC5RfUUrpl1K+CHgsaHu
KN1TbS8zDYSpWWjgr2eb7pJUIwFMeVJUTNfNyfXl2gz5YbQ6bqXhG/Pji+cQYDy7
fm0kZTgBkYtLyonXfukCJQWcicHj4BAF1vL9AiLtWpNTxDs3m6Rqps9Lv9Gn+qTT
azljFVw7y8B54Pi7JReF8QD3V6kXBQ5LlUcKm9dHH2jOwKl8Qpp4fjIOhILBBEG6
N5mYOJXXKIuo6cYV9Qhx
=S2kQ
-----END PGP SIGNATURE-----
More information about the Tech
mailing list