[Cryptech Tech] ICFO Introduction

Joachim Strömbergson joachim at secworks.se
Fri Nov 25 08:03:46 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Elie Benchimol wrote:
> In order to move the conversation forward it would be helpful for us 
> to understand if there are any circumstances or applications where a 
> fast random bit rate could be useful. We understand that your 
> particular application only requires a small amount of entropy to 
> initially seed the CS-PRNG and for periodic refreshes.

There are use cases where fast random bit rate is very useful. But that
puts requirements on the CSPRNG, not the entropy sources. The CSPRNG
used today is capable of Gbps performance. And you could fairly easily
instantiate more than one CSPRNG in  parallel (seeded with different
seeds) to multiply the performance.

But in general, the frequency of reseeding will never be very high. Once
every GByte of random data from the CSPRNG is quite probably excessively
too often. As somebody pointed out, Daniel J Bernstein suggests that
when you have at least 128 bits of entropy to seed your CSPRNG, you
really don't ever reseed again. Since we are using ChaCha with 256 bit
key we need more bits. But the default reseeding happens very slowly.

Yours
JoachimS


> 
> For example, are there any applications where the QRNG would re-seed 
> more frequently, or run actively alongside the CS-PRNG?  Could you 
> imagine an large scale application where one fast QRNG is seeding 
> multiple Cryptech HSMs in parallel?
> 
> Best, Elie Calvin Benchimol
> 
>> -----Original Message----- From: Bernd Paysan 
>> [mailto:bernd at net2o.de] Sent: Friday, October 28, 2016 4:28 PM To: 
>> tech at cryptech.is Cc: Carlos Abellan <Carlos.Abellan at icfo.eu>;
>> Peter Stuge <peter at stuge.se>; Elie Benchimol
>> <Elie.Benchimol at icfo.eu> Subject: [SPAM] Re: [Cryptech Tech] ICFO
>> Introduction
>> 
>> Am Donnerstag, 27. Oktober 2016, 12:09:40 CEST schrieb Carlos 
>> Abellan:
>>> The final bitrate we can provide depends on the target price.
>>> Our optical system has been proven up to 42 Gb/s, but then the 
>>> electronics, ADC and processing gets very expensive. What do you 
>>> think would be an attractive RNG bitrate for your HSMs?
>> The purpose of an entropy source in an HSM is to fill up the 
>> entropy pool for the deterministic RNG.  That one is a 
>> cryptographic stream cipher (ChaCha20), and we trust this stream 
>> cipher (If not, we would have chosen a different one).  Actually, 
>> if you don't trust your symmetric crypto, the rest of the HSM 
>> doesn't make any sense.  DJB summed up some of the principles for 
>> entropy here:
>> 
>> http://blog.cr.yp.to/20140205-entropy.html
>> 
>> So there is no need to be particularly fast, just fill up the 
>> entropy source with enough bits to get an initial state (key) for 
>> the stream cipher.  There is no need for Gb/s from the entropy 
>> source.
>> 
>> -- Bernd Paysan "If you want it done right, you have to do it 
>> yourself" net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ* 
>> http://bernd-paysan.de/
> 
> _______________________________________________ Tech mailing list 
> Tech at cryptech.is https://lists.cryptech.is/listinfo/tech


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJYN/BiAAoJEF3cfFQkIuyNFNsQAJhzRe/y5zE+b6du2nqIu5mS
guDaRYJpKNHIdKEPkJ8ADpLTqYPfSlssUC5wz6qMWyitR+Sy/rwiavqxfdSVXNPS
DzLVDKpads1ta1YNjJGp838oNNtayhWU1rkSBXvvBRVDGBjsk9vTOHeLRjEG2btT
JMumVaVUudEsium515FwxPU1Ot/3w6gWY7wxOb5cIRAQIwdZLAK1uudJ0HjaM2rJ
gUIuIldMEcaZrXKBI4Xq6DFCb/eGKspOzU3Q7I/XIg6eBB8aRWOPISM4jUGqYUzM
tZYPAQ117fnT7W6mtdJhej9KTl4dQSRfZKmQaxCACmOAxQcuuzz3t9t0xFklbhJ6
9noiUnR63iLdn+T416w4RlE2qu6Fn1Uos7ZoM+tKDYFt74X+J04fI+q1AAzpkXXk
/KSM4DIafHka0qD+NjZaZ6qG5wpdl4pnEJ4xXKdnpyU0SMlwJ+tJz+q0fizGsY8V
YNIwH+VpDYDLakpeDPuWg9DIAB9ArxwtQlLQb9mh4do87Mh2HyGrD4zigfpQ8L1R
My/8aZwUmgrNDB/nUaAk+JUiCmZKDPvHlrQvjl2dpLANtom68pkhqDleU17YFo9V
QupbtNy3y2cCDsfPXLWZqTjLrmlbsztEYYUqVjGcMFIGH+CTB4wHQ8ag9N3Hwgh2
3dNp9iNt0OWpnb9aqqPG
=qAH1
-----END PGP SIGNATURE-----


More information about the Tech mailing list