[cryptography] Random number generation influenced, HW RNG

James A. Donald jamesd at echeque.com
Sun Sep 8 01:22:58 EDT 2013


On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote:
>> Access to the raw output would have made it possible to determine
>> that the random numbers were in fact generated by the physical
>> process described, since it is hard and would cost a lot of silicon
>> to simulate the various subtle offwhite characteristics of a well
>> described actual physical process.
> I am extremely skeptical of this claim.

Intel shows a circuit that should in theory output near random bits.  If 
the bits are actually coming from this circuit, we would expect to see 
some long term anti correlation - an unusually long stream of zeros 
should have a higher than random percent chance of being followed by an 
unusually long stream of ones, and some short term correlation - a zero 
should have a higher than fifty percent chance of being followed by 
another zero, and a lower than fifty percent chance of being followed by 
a one.

If we don't see that, we are not getting the raw unwhitened output, or 
there is no hardware true randomness for us to get.

Conversely, if we do see that, we can be pretty sure that the circuit 
exists and is producing true randomness, though of course we don't know 
if that true randomness is necessarily being fed into the whitener.  But 
then we don't need to use the output of the whitener, we can feed the 
off white output into a software whitener.


More information about the cryptography mailing list