[cryptography] does the mixer pull or do the collectors push?
iang at iang.org
Thu Nov 28 15:09:08 EST 2013
On 28/11/13 12:12 PM, Joachim Strömbergson wrote:
> One issue I'm thinking of is if you have more than one source, but one
> of them dwafs the other sources in kapacity. Say having a microphone
> providing whitish noise at kbps rate and then having RdRand from your
> Haswell CPU generating data at Gbps speed, will the microphone entropy
I'm thinking about the same issues, we're designing a classical RNG
along the lines of three elements:
collector -----> mixer ---> expansion function/CSPRNG
Here is my list of assumptions:
* Assumption A: some of our collectors are borked.
* A.2: we don't know which collectors are borked.
* A.3: We do not rely on measurements of entropy
* because a borked collector will deliver
* false estimates.
* Assumption B: Some of our collectors have very high
* throughput, others very low.
* Assumption B.2: Some are high quality, others are low quality.
* Assumption C: At least one collector is good.
* Assumption D: Core java, plus/minus Android.
* Goal 1. Each collector should contribute to any request for a seed.
* Goal 2. No blocking. Or minimal blocking...
Our current thoughts are along the question of how the collector and
mixer interface. Do the collectors push to the mixer or does the mixer
pull from the collectors?
Right now we're looking at a hybrid design of both: Collectors collect
and save, and push into a mixer pool on their own when full. When the
EF/CSPRNG pulls a seed from the mixer, it pulls from collectors, pulls
from the pool, and mixes all that for the seed.
More information about the cryptography