From: Tony_S_Patti@cup.portal.com Newsgroups: sci.crypt Subject: Re: generating one-time pads Message-ID: <60850@cup.portal.com> Date: Sat, 20 Jun 92 19:56:52 PDT Organization: The Portal System (TM) References:<60814@cup.portal.com> + <2668@accucx.cc.ruu.nl> Lines: 51 In 6/20/92 01:26 47/2081 nevries@accucx.cc.ruu.nl (Nico E. de Vries) writes: > In <60814@cup.portal.com> Tony_S_Patti@cup.portal.com writes: > >>3. I designed and developed in Cryptosystems Journal a hardware random >> number generator based on 16 crystal oscillators (typically each >> oscillating at 20 MHz - 30 Mhz (for an aggregate frequency of 320 Mhz - >> 480 MHz). Specifically, I published Printed Circuit Board (PCB) artwork. >> The parts cost less than $40 (if you know where to get parts cheap and >> etch the board and build it yourself). Most importantly, I tested over >> 2 Billion bits using 18 statistical tests from Knuth. The empirical >> results are almost exactly as expected. > >Why 16 crystals? 2 crystals should be enough. An IBM-PC has 2 and those >are the ones I use in my source. In response to Nico's question: My testing shows that my hardware-generated random bits don't get *really* good unless you use 11 (or more) oscillators. I should also say that each four crystal oscillators is latched into a 74LS175 Quad D Flip-Flop and that these bits are XOR'd by a 74LS86. I believe that the reason that multiple crystal oscillators are needed is because the crystal oscillators do *not* have 50/50 waveform symmetry, but typically 60/40 waveform symmetry. Indeed, my testing shows that a figure of merit I calculate improves 40% for each additional oscillator added (up to 11, whereupon it does not show further improvement). Therefore, I would be cautious of using only two crystal oscillators, unless you have statistically tested at least a few hundred million bits that you've generated. AT&T's T7001 Random Number Generator Chip *does* use *two* oscillators operating typically at 8 MHz and 1 KHz (which I assume limits the chip to outputing no more than 1000 random bits per second). My caution above was directed at using off-the-shelf crystal oscillators (as would be found in a PC), not directed at the design of this more complex and custom IC. I feel that the generation of random bits is an all-too-often over-looked aspect of implementing secure cryptosystems. If we assume (as is usually the case) that the security must rely solely on the keys, then the keys had better be *really* random. For small keys (like DES), you could flip a coin if you wanted to, but when you are talking about a thousand bits or a million bits or 50 million bits, I sure think that inexpensive hardware is the way to go. Tony Patti Editor & Publisher Cryptosystems Journal P.O. Box 188 Newtown, PA 18940-0188 Phone: 215-579-9888