[cryptography] Intel RNG

ianG iang at iang.org
Mon Jun 18 23:21:52 EDT 2012

On 19/06/12 08:49 AM, Jack Lloyd wrote:

> I've never heard about someone trying to talk past, say, an AES
> implementation that didn't actually work, or a bad RSA, that's a
> pretty bright line.

I had a bit of an epiphany in two parts.

The first part is that AES and block algorithms can be quite tightly 
defined with a tight specification, and we can distribute test 
parameters.  Anyone who's ever coded these things up knows that the test 
parameters do a near-perfect job in locking implementations down.

This results in the creation of a black-box or component approach. 
Because of this and perhaps only because of this, block algorithms and 
hashes have become the staples of crypto work.  Public key crypto and 
HMACs less so.  Anything crazier isn't worth discussing.

Then there are RNGs.  They start from a theoretical absurdity that we 
cannot predict their output, which leads to an apparent impossibility of 

NIST recently switched gears and decided to push the case for 
deterministic PRNGs.  According to original thinking, a perfect RNG was 
perfectly untestable.  Where as a perfectly deterministic RNG was also 
perfectly predictable.  This was a battle of two not-goods.

Hence the second epiphany:  NIST were apparently reasoning that the 
testability of the deterministic PRNG was the lesser of the two evils. 
They wanted to black-box the PRNG, because black-boxing was the critical 
determinant of success.

After a lot of thinking about the way the real world works, I think they 
have it right.  Use a deterministic PRNG, and leave the problem of 
securing good seed material to the user.  The latter is untestable 
anyway, so the right approach is to shrink the problem and punt it up-stack.

Taking that back to Intel's efforts.  Unfortunately it's hard to do that 
deterministic/seed breakup in silicon.  What else do they have?

The components / black-boxing approach in cryptoplumbing has been ultra 
successful.  It has also had a rather dramatic effect on everything 
else, because it has raised expectations.  We want everything else to be 
as "perfect" as the block encryption algorithm.  Unfortunately, that's 
not possible.  We need to manage our expectations.


More information about the cryptography mailing list