Hardware True Random Number Generator design / concept

[Yoy G0]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Is any concept better and easier implemented
than others?

Where can I find experts in this area for hire
on project contractual bases?

..-.-.YOU CAN ENCRYPT YOUR EMAIL TO ME.-.-.

Find my key in these Public Key Servers:
keyserver.veridis.com, wwwkeys.de.pgp.net,
wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
pgp.mit.edu, pgp.uni-mainz.de,
pgp.nic.ad.jp, keyserver.noreply.org

Key ID: 0x5BE7D95D
FP: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIVAwUBQrf1KaJsquNb59ldAQIavRAAtM+1DZRB694M3Zp+rKeW/io9wyZtjptb
Ee78M0od5eJTkl5Ua+sE1tGUKvpKSXnJbUOLSqwkleG03DD8/8NQnDBhm7423OG4
UAH1wJl28fUR8OcsQtDqF8RLVJoCRQFw9fjJycBhpbZW+oMlAw71QSE2LK//t9Vq
TzqoypPnSjbIW3DTSBjnTuenrSkvDQQAsFqcznGtBNQjT56eh0PoA2laTJmeikVi
d8wyPZ1wmgWkTnmFolBdGidRagDbstMccCsk2Y+x92+GWeaD40rIGSH1XAMJKrwP
BFhWP9+tn619ik/QhAx55y7KSYi7vgOLfERVvHTt15Iifaylgh9njRkiny70LhjU
rvElU8HR2WeoQAFxY3/TVnBOUJkcPMYa4pAUYYbxyaIenkkMcFDRkKt9vPrWDwLK
AreWeWwaTMJZsNHNk3ZGBv/4SXWfJNaKVR8ISlzEMjI62mUM/uKSFRquymJyoZrY
011EPfRKJf7Y3+eY3+N7ZRJj/+I4XTe9SAGXCgubtj73GcJC1wALs5IG4LhsMV9R
N1IUhQKHZf/IeHxd4OGcpYKZQawnHnlvLmvqQRjJLYMDD5t8iuDfdFRrZ+6STdrY
wA9oJWqm3sYooA3BTQ5nWgJKluJnTaGIkBypuSrn6vYciuPE2LGR1hSaPZIUBSli
ukqfdeucs7g=
=trkp
-----END PGP SIGNATURE-----

 

[Richard Henry]

"Yoy G0" <yoyg0@hod.aarg.net> wrote in message
news:200506211527.j5LFRHYA016839@marco.aarg.net...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Is any concept better and easier implemented
than others?

Where can I find experts in this area for hire
on project contractual bases?

How many do you need? You can download a small batch anytime:

http://www.random.org/

 

[Robert Scott]

On Tue, 21 Jun 2005 08:27:17 -0700, Yoy G0 <yoyg0@hod.aarg.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.


-Robert Scott
Ypsilanti, Michigan

 

[John Larkin]

On Tue, 21 Jun 2005 16:24:02 GMT, no-one@dont-mail-me.com (Robert
Scott) wrote:

On Tue, 21 Jun 2005 08:27:17 -0700, Yoy G0 <yoyg0@hod.aarg.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.

A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)

John

 

[Zak]

John Larkin wrote:

The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.

A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)

Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly. This is good if you need to do it
on a CPU chip; other circumstances may favour other solutions.


Thomas

 

[The Real Andy]

On Tue, 21 Jun 2005 08:27:17 -0700, Yoy G0 <yoyg0@hod.aarg.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Is any concept better and easier implemented
than others?

Where can I find experts in this area for hire
on project contractual bases?

I was going to suggest Tundra, but their website suggest that they no
longer make the RNG part. I know they are still available because I
know someone who has just done a production run using the tundra RNG.
From memory. the part is an RBG1210.

Have you considered using a Psuedo RNG with hardware entropy for
seeding? There is plenty of great information out there to do this,
and it saves on having to buy hardware. Do a google for Mersenne
Twister, very good algorithm, long cycle.

By the way, a good statistical package for testing is R. Its free and
its very powerful.

 

[Zak]

Yoy G0 wrote:

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Actually, given that the VIA processors also do AES in hardware they may
not be such a bad choice.

If you need just some randomness, think about a USB camera chip or some
similar device. A TV card could do well, too.


Thomas

 

[Rich Grise]

On Tue, 21 Jun 2005 09:03:24 -0700, Richard Henry wrote:

"Yoy G0" <yoyg0@hod.aarg.net> wrote in message
news:200506211527.j5LFRHYA016839@marco.aarg.net...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Is any concept better and easier implemented
than others?

Where can I find experts in this area for hire
on project contractual bases?

How many do you need? You can download a small batch anytime:

http://www.random.org/

Whaddaya need random numbers for, you ask?

Well, there's this guy...
Cellular Automata
A user called Daniel writes, "First and foremost, thank you. Your web
page is helpful and well made and your 10 meg files of random numbers
are just what I needed. (I'm using them for a cellular automaton based
very loosely on Buddhist cosmology. You can put that on your list of
uses if you wish.) You are performing a good service."
-----------

Cheers!
Rich

 

[Yoy G0]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 22 Jun 2005 06:49:45 +1000, you wrote:
[snip]

Have you considered using a Psuedo RNG with hardware entropy for
seeding? There is plenty of great information out there to do this,
and it saves on having to buy hardware. Do a google for Mersenne
Twister, very good algorithm, long cycle.

By the way, a good statistical package for testing is R. Its free
and its very powerful.

I was thinking about a possibility of using that method
for producing key material for One Time Pad (OTP - cryptography),
but Matt Mahoney ommented in sci.crypt so
(POSTING - Re: Secure Data & Communication Project):

That is not one time pad. Not that it can't be done securely,
but you don't have the theoretical secrecy against an attacker
with unlimited computing power that OTP offers.
With unlimited power the attacker can try all possible seeds
(since there are only a finite number of them)
and find the one that decrypts to something sensible.
All the wrong decryptions will look like random data.
With OTP all plaintexts are equally likely,
including all the sensible ones, so there is no way to
tell which one is correct.
OTP will require a hardware random number
generator for every bit of the keystream.

Also, I found the following in Wikipedia:

http://en.wikipedia.org/wiki/Mersenne_twister

"Unlike Blum Blum Shub, the algorithm in its native form
is not suitable for cryptography. For many other
applications, however, it is fast becoming the
random number generator of choice."

I don't know why Mersenne Twister is
not suitable for cryptography.
Any ideas?

1/1=3
YOU CAN ENCRYPT YOUR EMAIL TO ME
Find my key in these Public Key Servers:
keyserver.veridis.com, wwwkeys.de.pgp.net,
wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
pgp.mit.edu, pgp.uni-mainz.de,
pgp.nic.ad.jp, keyserver.noreply.org

Key ID: 0x5BE7D95D
FP: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIVAwUBQriL5KJsquNb59ldAQLxbA//Z1TbxeqhbQyW6ihD6naX0LEky3xAGGQ2
dEaJFoo7I7g6Zw409HpfttJc4ZgxB+U3u/LsqRusmZaBl+BYhY8q0oUKLeHQOg8S
gn/3CZLNI24zld9bNFrZfL5vHErU/6WtsTWX61HfyRNqcCYKqMPtm5H3kdfod/C2
5mMLdkJVT6KOjrSvEhVRKDG5APA7u+34565HM3jI2yBSVzPIyUNJQFVPA8K8dIDN
YNLBzhs77FLuOBZWi8WeUoVDClkS+isiNYATNH+4yFvl/TGOj02JEHqv9++pUFWj
w1+nG01zIMzOVfUNve4uH87mKC0GYBZxI7ziaO5fszRTpggxQlDCHR1xh0jdYvl4
kHz9J5BHytd+NB2osgOqH1HcDtJqLBe7XSPaPQ9Y2jlchOY/ArFFHa5DbcPlthlA
vhn6Xk/ZQJKCJCsmJj4DmBRqVsgEO7S22akApIUGFpFoCzxRLfPMtjalhe1FchPk
jGCnxAwN2TVmSSbpICdr42E+tNrdxkupc0R+JNYv5Vke7x/+DG8nQ/5A3CpI8inp
4e+jd4ZHChVnEs0U8nwSxpIRiyV6XUabBHcwQXC3eXW/GrQjbARa2eQ07/q1BMa7
N3p/zErhXpFEl17Op5Rx7Qn12UWfwNWp8INNR1m0uUy5OpbaHB1QgSVYCpP7HVzn
njT8dAzrjZA=
=7TjC
-----END PGP SIGNATURE-----

 

[artie]

Take a look at:

http://www.fourmilab.ch/hotbits/

For genuine random numbers. They have schematics, code, theory of
operation.

--
Namaste--

 

[Robert Scott]

On Tue, 21 Jun 2005 21:37:58 +0200, Zak <jute@zak.invalid> wrote:

Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly....

Oscillators are prone to locking on to small external signals. I
would worry that predictable interference could make the outcome of
the sampling process predictable.


-Robert Scott
Ypsilanti, Michigan

 

[Robert Baer]

Zak wrote:

John Larkin wrote:

The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.

A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)


Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly. This is good if you need to do it
on a CPU chip; other circumstances may favour other solutions.


Thomas
I do not think that one oscillator sampling another would pass some

of the tests.

 

[budgie]

On Wed, 22 Jun 2005 06:16:39 GMT, Robert Baer <robertbaer@earthlink.net> wrote:

Zak wrote:

John Larkin wrote:

The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.

A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)


Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly. This is good if you need to do it
on a CPU chip; other circumstances may favour other solutions.


Thomas
I do not think that one oscillator sampling another would pass some
of the tests.

Twenty years ago (I'm sure the NDA has expired) our state lottery outfit
commissioned a new micro-based system. The selected solution included thermal
noise and a couple of PRG's and some correlation maths. That exceeded all the
prescribed tests.

 

[The Real Andy]

On Tue, 21 Jun 2005 16:42:07 -0700, Yoy G0 <yoyg0@hod.aarg.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 22 Jun 2005 06:49:45 +1000, you wrote:
[snip]
Have you considered using a Psuedo RNG with hardware entropy for
seeding? There is plenty of great information out there to do this,
and it saves on having to buy hardware. Do a google for Mersenne
Twister, very good algorithm, long cycle.

By the way, a good statistical package for testing is R. Its free
and its very powerful.

I was thinking about a possibility of using that method
for producing key material for One Time Pad (OTP - cryptography),
but Matt Mahoney ommented in sci.crypt so
(POSTING - Re: Secure Data & Communication Project):

That is not one time pad. Not that it can't be done securely,
but you don't have the theoretical secrecy against an attacker
with unlimited computing power that OTP offers.
With unlimited power the attacker can try all possible seeds
(since there are only a finite number of them)
and find the one that decrypts to something sensible.
All the wrong decryptions will look like random data.
With OTP all plaintexts are equally likely,
including all the sensible ones, so there is no way to
tell which one is correct.
OTP will require a hardware random number
generator for every bit of the keystream.

Given any number of unlimited resources, one can crack any
crytographic system. You need to dertime your requirements and then
make a decision based on how much money you want to spend and how much
development time you wish to put in and how secure you require the
system to be.

Also, I found the following in Wikipedia:

http://en.wikipedia.org/wiki/Mersenne_twister

"Unlike Blum Blum Shub, the algorithm in its native form
is not suitable for cryptography. For many other
applications, however, it is fast becoming the
random number generator of choice."

I don't know why Mersenne Twister is
not suitable for cryptography.
Any ideas?

The reason they state that MT is not cryptographically secure is
because it is a linear RNG. This means after a finite amount of time
the sequence will be restared and can become predictable.

A secure hahing algoritm can be used to circumvent this, but as with
any PRNG, there will always be a finite cycle. >

See http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html fro more
detail. I have used MT many times, and usually randomly throw away
numbers so that the sequence is less predictable.

 

[Robert Baer]

budgie wrote:

On Wed, 22 Jun 2005 06:16:39 GMT, Robert Baer <robertbaer@earthlink.net> wrote:


Zak wrote:


John Larkin wrote:


The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.


A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)


Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly. This is good if you need to do it
on a CPU chip; other circumstances may favour other solutions.


Thomas

I do not think that one oscillator sampling another would pass some
of the tests.


Twenty years ago (I'm sure the NDA has expired) our state lottery outfit
commissioned a new micro-based system. The selected solution included thermal
noise and a couple of PRG's and some correlation maths. That exceeded all the
prescribed tests.
Thermal noise, zener noise, particle detector driven from radiations

source are all excellent candidates.
Shift register (and equivalents) generators fail miserably, even if
one uses 2E-9 of the full sequence.
Many software "random number generators" fail in one or more aspects.
One of the most ignored aspect is the *repetition* of numbers and/or
patterns.
A truly random sequence can and (eventually) will repeat anything
previously generated, and does so randomly, and the number of
repetitions is also random.
You may randomly agree or disagree, depending which edge the coin
lands on...

 

[Robert Baer]

The Real Andy wrote:

On Tue, 21 Jun 2005 16:42:07 -0700, Yoy G0 <yoyg0@hod.aarg.net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 22 Jun 2005 06:49:45 +1000, you wrote:
[snip]

Have you considered using a Psuedo RNG with hardware entropy for
seeding? There is plenty of great information out there to do this,
and it saves on having to buy hardware. Do a google for Mersenne
Twister, very good algorithm, long cycle.

By the way, a good statistical package for testing is R. Its free
and its very powerful.

I was thinking about a possibility of using that method
for producing key material for One Time Pad (OTP - cryptography),
but Matt Mahoney ommented in sci.crypt so
(POSTING - Re: Secure Data & Communication Project):

That is not one time pad. Not that it can't be done securely,
but you don't have the theoretical secrecy against an attacker
with unlimited computing power that OTP offers.
With unlimited power the attacker can try all possible seeds
(since there are only a finite number of them)
and find the one that decrypts to something sensible.
All the wrong decryptions will look like random data.
With OTP all plaintexts are equally likely,
including all the sensible ones, so there is no way to
tell which one is correct.
OTP will require a hardware random number
generator for every bit of the keystream.


Given any number of unlimited resources, one can crack any
crytographic system. You need to dertime your requirements and then
make a decision based on how much money you want to spend and how much
development time you wish to put in and how secure you require the
system to be.



Also, I found the following in Wikipedia:

http://en.wikipedia.org/wiki/Mersenne_twister

"Unlike Blum Blum Shub, the algorithm in its native form
is not suitable for cryptography. For many other
applications, however, it is fast becoming the
random number generator of choice."

I don't know why Mersenne Twister is
not suitable for cryptography.
Any ideas?



The reason they state that MT is not cryptographically secure is
because it is a linear RNG. This means after a finite amount of time
the sequence will be restared and can become predictable.

A secure hahing algoritm can be used to circumvent this, but as with
any PRNG, there will always be a finite cycle.

See http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html fro more
detail. I have used MT many times, and usually randomly throw away
numbers so that the sequence is less predictable.







It is hard to beat the use of "citations" or pointers to pseudo

random locations in texts that are unknown to "spies".
But the code-talk used by a certain indian tribe during the war with
Japan still remains virtually unbreakable, and it was in effect in CLEAR.

 

[Richard Henry]

"Robert Baer" <robertbaer@earthlink.net> wrote in message
news:e6sue.8115$NX4.7220@newsread1.news.pas.earthlink.net...

It is hard to beat the use of "citations" or pointers to pseudo
random locations in texts that are unknown to "spies".
But the code-talk used by a certain indian tribe during the war with
Japan still remains virtually unbreakable, and it was in effect in CLEAR.

Not exactly. Even if you understood the language, you had to understand the
code words the talkers used for things like airplane, artillery, grenade,
etc. A

 

[Guy Macon]

The Real Andy wrote:

Yoy G0 <yoyg0@hod.aarg.net> wrote:

That is not one time pad. Not that it can't be done securely,
but you don't have the theoretical secrecy against an attacker
with unlimited computing power that OTP offers.
With unlimited power the attacker can try all possible seeds
(since there are only a finite number of them)
and find the one that decrypts to something sensible.
All the wrong decryptions will look like random data.
With OTP all plaintexts are equally likely,
including all the sensible ones, so there is no way to
tell which one is correct.
OTP will require a hardware random number
generator for every bit of the keystream.

Given any number of unlimited resources, one can crack any
crytographic system.

BUZZ!!

WRONG ANSWER!!!

Nobody can crack a properly used one-time pad, even with infinite
resources and infinite time. This is not an opinion or a guess;
it is a mathematical certainty that they cannot be cracked.

That being said, there are any number of methods that are far more
convenient and which require resources and time that, while not being
infinite, are much larger than one could fit in the universe and which
require more time than there is between the birth and death of the
universe.

--
Guy Macon <http://www.guymacon.com/>

 

[budgie]

On Thu, 23 Jun 2005 05:47:32 GMT, Robert Baer <robertbaer@earthlink.net> wrote:

budgie wrote:

On Wed, 22 Jun 2005 06:16:39 GMT, Robert Baer <robertbaer@earthlink.net> wrote:


Zak wrote:


John Larkin wrote:


The thermal noise generated by any resistor is cryptographically
strong. Just make sure that your amplifier is not picking up
interference from predictable sources instead of just amplifying the
resistor noise. A forward-biased diode might produce even more noise,
making the job of amplification easier.


A zener is even better. Its noise density swamps a decent amplifier's
noise (which tends to have bad statistics.)


Or look at what VIA is doing, with one oscillator sampling another and
the result being cleaned up cleverly. This is good if you need to do it
on a CPU chip; other circumstances may favour other solutions.


Thomas

I do not think that one oscillator sampling another would pass some
of the tests.


Twenty years ago (I'm sure the NDA has expired) our state lottery outfit
commissioned a new micro-based system. The selected solution included thermal
noise and a couple of PRG's and some correlation maths. That exceeded all the
prescribed tests.
Thermal noise, zener noise, particle detector driven from radiations
source are all excellent candidates.
Shift register (and equivalents) generators fail miserably, even if
one uses 2E-9 of the full sequence.
Many software "random number generators" fail in one or more aspects.
One of the most ignored aspect is the *repetition* of numbers and/or
patterns.
A truly random sequence can and (eventually) will repeat anything
previously generated, and does so randomly, and the number of
repetitions is also random.
You may randomly agree or disagree, depending which edge the coin
lands on...

I happen to agree.

The original idea was to use shift registers, but the predictability/repetition
didn't satisfy the requirement. Adding the thermal noise remedied that.

 

[Rich Grise]

On Tue, 21 Jun 2005 09:03:24 -0700, Richard Henry wrote:

"Yoy G0" <yoyg0@hod.aarg.net> wrote in message
news:200506211527.j5LFRHYA016839@marco.aarg.net...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to find Hardware Random Number Generator
design / concept suitable for high quality
encryption system.

Is any concept better and easier implemented
than others?

Where can I find experts in this area for hire
on project contractual bases?

How many do you need? You can download a small batch anytime:

http://www.random.org/

And, of course, don't forget its bastard son, http://www.noentropy.net/ .
%-}

Cheers!
Rich