[Cryptech Tech] ICFO Introduction

Joachim Strömbergson joachim at secworks.se
Fri Nov 4 07:19:17 UTC 2016

Hash: SHA256


Carlos Abellan wrote:
> If I understand correctly, the “avalanche noise” generator is the 
> entropy source that will be used in the current HSM design, right? 
> Would you find interesting to generalise the concept of the entropy 
> source component in the CrypTech project? (the idea being that 
> additional entropy sources can be easily added/exchanged depending
> on who builds the module).

The Cryptech HSM design supports multiple entropy sources. Currently we
use two entropy sources - the external avalanche noise source and the
(FPGA) internal oscillator jitter based source. There is already a third
slot available that allows you to connect an additional entropy source
such as the one you have. See the ports for entropy2 in the interface
for the mixer:


> Also, are you working on “health monitoring” and “entropy
> estimation” for the raw RNG source? If so, where can I found the
> details of the procedure?

On-line health monitoring is in the plans for TRNG 2.0. The basis would
be at least a subset of the tests in AIS31. The main purpose of these
tests would be to detect that an entropy source is not broken. Typically
stuck at a given value, long runs, mean and variance tests that can be
implemented as on-line tests.

It is the responsibility of the entropy source interface module to
inform the mixer that it is able to deliver entropy suitable for mixing.
The same mechanism allows the entropy source to give itself some warm-up
time if needed.

There has also been work done to implement start up-tests that the HSM
will use internally. These tests are executed by the HSM internal CPU
and is based on extracting MBytes of random numbers generated data from
the RNG and doing fairly extensive tests. Similar to Mauer´s test,

> Is 20 kbit/s enough for an HSM module? Would the module benefit from 
> a faster generation rate?

No. We need 2 kbit of entropy to generate the seed needed to start the
csprng. As Bernd stated, when the csprng has been seeded and is
generating random numbers, there is little need to reseed and we do that
fairly infrequently. The HSM admin can adjust the reseed rate to
whatever level seems appropriate for the use case. But in general, as
long as you can wait the ms required to warm up the entropy sources and
get the first seed properly, you don't really have any reason for having
a very high capacity entropy source.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Tech mailing list