Newsgroups: sci.crypt Path: cactus.org!milano!cs.utexas.edu!uunet!pipex!pavo.csi.cam.ac.uk!cam-cl! + rja14 From: rja14@cl.cam.ac.uk (Ross Anderson) Subject: Re: Simple hardware RNG Message-ID: <1992Oct24.103753.8032@infodev.cam.ac.uk> Sender: news@infodev.cam.ac.uk (USENET news) Nntp-Posting-Host: ely.cl.cam.ac.uk Reply-To: rja14@cl.cam.ac.uk (Ross Anderson) Organization: U of Cambridge, England References: <1992Oct22.070717.28400@cs.aukuni.ac.nz> <5830006@hplsla.hp.com> Date: Sat, 24 Oct 1992 10:37:53 GMT Lines: 37 In article <5830006@hplsla.hp.com>, ericb@hplsla.hp.com (Eric Backus) writes: > Peter writes: > >The following is a simple hardware noise generator which you can > >throw together using junk box parts in about 10 minutes. It's based > >on thermal noise in a zener diode, and is powered by its own supply > >to reduce the chance of noise from the computers supply being coupled > >in. > . > Fundamentally, I think this idea works. I have built a zener-diode > noise source similar to this, that I then xor'ed into a hardware > feedback-shift-register PRN generator. The noise coming out of this > appears to be quite random. You have to be a bit careful here. The bitstream from the feedback shift register will look random even if there is not a lot of noise coming out of the zener, or if the entropy of the noise source is being killed by a circuit resonance somewhere. The Intel KEYPROM used a similar idea for an on-chip noise generator which was used to generate random challenges. Instead of a zener, they used the relative drift of three oscillators as the random source. Earlier this year, we took a look at their test results and estimated that this random source only contributed about one bit of noise per fifty bits of output. The other forty-nine were just the shift register sequence. If you do use a shift register to condition the output of a generator, it would seem prudent to do a linear equivalence test on the output - that is, check that the linear complexity of n bits of output is about n/2. There's no inherent reason why a zener-plus-shift-register design should be bad, but there are a lot of things that can go subtly wrong with the implementation, so testing is vital, Ross Anderson