[Cryptech Tech] ICFO Introduction

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Carlos Abellan wrote:
> If I understand correctly, the “avalanche noise” generator is the 
> entropy source that will be used in the current HSM design, right? 
> Would you find interesting to generalise the concept of the entropy 
> source component in the CrypTech project? (the idea being that 
> additional entropy sources can be easily added/exchanged depending
> on who builds the module).

The Cryptech HSM design supports multiple entropy sources. Currently we
use two entropy sources - the external avalanche noise source and the
(FPGA) internal oscillator jitter based source. There is already a third
slot available that allows you to connect an additional entropy source
such as the one you have. See the ports for entropy2 in the interface
for the mixer:

https://trac.cryptech.is/browser/core/rng/trng/src/rtl/trng_mixer.v


> Also, are you working on “health monitoring” and “entropy
> estimation” for the raw RNG source? If so, where can I found the
> details of the procedure?

On-line health monitoring is in the plans for TRNG 2.0. The basis would
be at least a subset of the tests in AIS31. The main purpose of these
tests would be to detect that an entropy source is not broken. Typically
stuck at a given value, long runs, mean and variance tests that can be
implemented as on-line tests.

It is the responsibility of the entropy source interface module to
inform the mixer that it is able to deliver entropy suitable for mixing.
The same mechanism allows the entropy source to give itself some warm-up
time if needed.

There has also been work done to implement start up-tests that the HSM
will use internally. These tests are executed by the HSM internal CPU
and is based on extracting MBytes of random numbers generated data from
the RNG and doing fairly extensive tests. Similar to Mauer´s test,
DIEHARD etc.


> Is 20 kbit/s enough for an HSM module? Would the module benefit from 
> a faster generation rate?

No. We need 2 kbit of entropy to generate the seed needed to start the
csprng. As Bernd stated, when the csprng has been seeded and is
generating random numbers, there is little need to reseed and we do that
fairly infrequently. The HSM admin can adjust the reseed rate to
whatever level seems appropriate for the use case. But in general, as
long as you can wait the ms required to warm up the entropy sources and
get the first seed properly, you don't really have any reason for having
a very high capacity entropy source.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJYHDZ1AAoJEF3cfFQkIuyN9gQQAI3PbxneeSueLrWJNRaStYdK
82/vs2cqY2uQJwFowTVh7Nb1sIO/N6SAWMAOHPR8JmDrfyLcak8w2fUdT6bUco81
bQJeCdOiYQD4BHCPi/jI6YPfQOoDRKNBpBgB3lqmt/Lkuhhd5/u5Mo4HM8mIFgaE
5VXcAm3Qn6VELZPK+DdLQtuyjq3nDkep18FVx8KpSXdA160Hg9d623EdI4U/7y2x
zWkYUUSrSzJ/XuugAm2Iil+evGaJa4irxgUiChwSulqqybrX46gL4g/4cKXcyuAQ
WOSOSYIwo80uqTFElWmxHaIwX60zwI+mtTthOsHc3Pu3QuCtyMxPNLHFNFVLSlWr
hoRritqtYwdIMn8nI5UxjEya9xFs5JVETsxT+vdgY4hIsJ8UwzVxGLLMtboC41Zb
vkp9dSVLqqZJ7mrvg2Gjut+JkOxbhkMEnLjzVAwC4nklEFhWlrQ0upOp4zxviSTb
M5sU96qJ0ichPVRSO0KsTVsMZl7Do1WwfmVTq3o2lBwjMiNySdMt1NypKP2PDWCA
r4TSVkuSBYFvvTV6TKiMLwG279R+dB2171fcY2VVhbBBTST97OBsngKkNQstZ95a
GOBy6Wj3TUjGfDumOCFhoJCx5vF4h5MNtdexzk+USMncTYjpsGAoKra8EUAMvtVQ
4OtexvTaWTbZI/+JLn2H
=RDfE
-----END PGP SIGNATURE-----