[Cryptech Tech] About the TRNG

Fredrik Thulin fredrik at thulin.net
Fri Dec 18 22:39:37 UTC 2015


On Saturday, December 19, 2015 12:22:23 AM Jacob wrote:
> A question to the experts:
> 
> I fully understand the trust gained by having a custom made external
> analog TRNG as we do here, but wouldn't be better to XOR the bitstream
> received from our generator with the one embedded in the CPU(*)? I mean,
> if the CPU 's TRNG is tainted, we will not be worse off, and if it is
> not, the board will probably exhibit higher security in case our
> generator would have some issues.
> 

In general, I believe you are right. If you have good entropy, even XORing it with 0xff..ff won't 
reduce the entropy. However, there is a special case where a malicious producer of the 
value(s) that will be XORed into the stream is able to observe the other entropy stream.

So, if the STM32 RNG could actually observe the data read from the external avalance noise 
before returning data that will be XORed into the stream from the external avalanche noise... 
it could actually cancel out the entropy from the external source.

/Fredrik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20151218/ad31889d/attachment-0001.html>


More information about the Tech mailing list