Newsgroups: sci.crypt
+     rja14
From: (Ross Anderson)

Subject: Re: Simple hardware RNG
Message-ID: <>
Sender: (USENET news)
Reply-To: (Ross Anderson)
Organization: U of Cambridge, England
References: <> <>
Date: Sat, 24 Oct 1992 10:37:53 GMT
Lines: 37

In article <>, (Eric Backus) writes: 

> Peter writes:
> >The following is a simple hardware noise generator which you can
> >throw together using junk box parts in about 10 minutes.  It's based
> >on thermal noise in a zener diode, and is powered by its own supply
> >to reduce the chance of noise from the computers supply being coupled
> >in.
> .
> Fundamentally, I think this idea works.  I have built a zener-diode
> noise source similar to this, that I then xor'ed into a hardware
> feedback-shift-register PRN generator.  The noise coming out of this
> appears to be quite random.

You have to be a bit careful here. The bitstream from the feedback shift
register will look random even if there is not a lot of noise coming out
of the zener, or if the entropy of the noise source is being killed by a
circuit resonance somewhere.

The Intel KEYPROM used a similar idea for an on-chip noise generator
which was used to generate random challenges. Instead of a zener, they
used the relative drift of three oscillators as the random source.

Earlier this year, we took a look at their test results and estimated
that this random source only contributed about one bit of noise per
fifty bits of output. The other forty-nine were just the shift register

If you do use a shift register to condition the output of a generator, it
would seem prudent to do a linear equivalence test on the output - that is,
check that the linear complexity of n bits of output is about n/2.

There's no inherent reason why a zener-plus-shift-register design should
be bad, but there are a lot of things that can go subtly wrong with the
implementation, so testing is vital,

Ross Anderson