[cryptography] does the mixer pull or do the collectors push?

ianG iang at iang.org
Thu Nov 28 15:09:08 EST 2013

On 28/11/13 12:12 PM, Joachim Strömbergson wrote:

> One issue I'm thinking of is if you have more than one source, but one
> of them dwafs the other sources in kapacity. Say having a microphone
> providing whitish noise at kbps rate and then having RdRand from your
> Haswell CPU generating data at Gbps speed, will the microphone entropy
> matter?

I'm thinking about the same issues, we're designing a classical RNG 
along the lines of  three elements:

    collector ----\
    collector -----> mixer ---> expansion function/CSPRNG
    collector ----/

Here is my list of assumptions:

  * Assumption A:    some of our collectors are borked.
  *            A.2:  we don't know which collectors are borked.
  *            A.3:  We do not rely on measurements of entropy
  *                  because a borked collector will deliver
  *                  false estimates.
  * Assumption B:    Some of our collectors have very high
  *                  throughput, others very low.
  * Assumption B.2:  Some are high quality, others are low quality.
  * Assumption C:    At least one collector is good.
  * Assumption D:    Core java, plus/minus Android.
  * Goal 1.  Each collector should contribute to any request for a seed.
  * Goal 2.  No blocking.  Or minimal blocking...

Our current thoughts are along the question of how the collector and 
mixer interface.  Do the collectors push to the mixer or does the mixer 
pull from the collectors?

Right now we're looking at a hybrid design of both:  Collectors collect 
and save, and push into a mixer pool on their own when full.  When the 
EF/CSPRNG pulls a seed from the mixer, it pulls from collectors, pulls 
from the pool, and mixes all that for the seed.



More information about the cryptography mailing list