-----BEGIN PGP SIGNED MESSAGE----- A while ago some folks talked about being willing to pay for a hardware random number generator. Not a PRNG, but a real one. There are lots of uses listed in TCMay's document that can't be named, but generating blinding factors for digital cash is my favorite. I've got a friend who is a professional electronics engineer that is willing to help, but he has some questions on the design. The Prime Assumption: White noise due to molecular motion is truly random. Noise generated in a carbon resistor or zener diode is white noise. Is this true, cryptographically speaking? The circuit is essentially a "Hiss Generator". The hiss waveform, after being amplified to the proper amplitude, would be sent to a rude, crude, inaccurate analog to digital converter. From there we send it to a serial or parallel port. Probably just grab the LSB, but that is an implementation detail... We have some design options based upon the Prime Assumption: 1.A a device would use a cheap noisy carbon resistor and a rude, crude, noisy amplifier to amplify the noise generated by the resistor. 1.B. A zener diode may make a "louder" noise and require a cheaper amplifier. 1.C How about if we take the hiss that you find between stations on an FM receiver, and digitize them through a PC soundcard? 1.D Another wonderful source of hiss is the telephone when it is off hook. Is there any solid justification to pick one over the others? (I expect that 1.C limits our audience too much, but maybe not, esp with VoicePGP coming RSN.) This clearly needs support, such as a UART or similar chip would convert the signal to RS-232 to to dangle off of your ports. Some type of clock would be required to sync the UART, providing a more or less constant baud rate, so the computer can read it. There needs to be a DC power supply to make this thing go. This is accessable in the power supply of most PCs. It is my opinion that nobody wants to put 9 volt batteries in this thing and have to remember to turn it off when they are finished using their computers. We think that we could create these beasts for less than $25.00 in some quantity. The first one would probably cost about $50.00 to produce plus somebody's time (which isn't typically free or this probably would have been done already). Seriously, is there really much market out there for this? Will there be a bigger market in the future as more people get on the "Information Superhighway"? I get the impression from folks a while ago that real random data is a problem, but nobody wants to spend more than the price of two cases of beer to solve the it. Is the value of random data really that low? More questions: 2. Do people really want to tie up a serial port with this or should it contain a switch to cut it in and out as needed and free up the port? This sounds like an A-B switch. 3. Maybe it should go on the PC bus as an adapter card. This would greatly raise the cost, up to maybe $100, but would preserve "valuable" serial ports. Most PCs only have two, and one is used for the mouse, and the other for the modem. Since DOS can't handle more without help, this is a real limit. 4. How secure should the device itself be? Bruce's wonderful _Applied Cryptography_ talks about OS Virtual Memory managers writing out keys to disk without the user/programmer knowing, which is a serious potential problem. We have that same problem with the random number that this device generates. Wose, it wouldn't be hard for a `bad guy' to write a TSR that constantly reads the random port, and records the numbers in parallel with whatever wants to use it for real. While I'd like to think that I really control my PC, once you get networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, HIMEM, etc. loaded, do you really _know_ that they are your friends? Is this a real problem? I can imagine a design for an internal card that allows only one read of the number, so even if a bad guy were there, they would get alternating (and thus different) numbers. I can't imagine doing this off a parallel or serial port. Is there a need for this level of sophistication (and added expense)? Any comments are greatly appreciated. And if you are seriously interested, let me know, as that will surely add to my motivation. Cypherpunks write code (or maybe work on hardware :-) ! Pat Pat Farrell Grad Student pfarrell@netcom.com Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include <standard.disclaimer> -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLgN03rCsmOInW9opAQG0wAP/RNJ8VeZDq5KhVI4JFs0tdXxUkVvSiY06 lHvjmf8EL3kxn2ruxNYmigvxocvIn5mOSJQbpUl4CyLa++HMBkSDN06PMYVVreTX LA1XvHFgzjoC/WILD6LNy9XyUn0W/g2KkbQM/4FYCTa1b82f+vdq/7L6glHJ4cm3 GKlCaeklSXU= =dzwk -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, thus spake pfarrell@netcom.com (Pat Farrell):
A while ago some folks talked about being willing to pay for a hardware random number generator. Not a PRNG, but a real one. There are lots of uses listed in TCMay's document that can't be named, but generating blinding factors for digital cash is my favorite.
I've got a friend who is a professional electronics engineer that is willing to help, but he has some questions on the design.
[...]
3. Maybe it should go on the PC bus as an adapter card.
This is the way to go. Serial port real estate is way too scarce in the average PC. Besides, this approach makes the design easier and has another advantage...
While I'd like to think that I really control my PC, once you get networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, HIMEM, etc. loaded, do you really _know_ that they are your friends? Is this a real problem?
Yes, this can be a real problem. So design the card such that the noise source runs continuously at a high speed, and feeds an 8-bit shift register. Place a latch on the output of the register, and set up decoding logic to read the latch in a memory-mapped port position. Ports are available, if you look and plan around the popular ones (such as UARTs, soundblasters, CD-ROM cards, etc.). You'll want to make it configurable to several possible ports. This design assures that each random byte can only be read once. A TSR couldn't read the card in parallel (because reading a port doesn't require hooking an interrupt), so the only way to compromise it is to subvert the application reading the card. Conventional anti-virus protection can see to it that the app remains trustworthy.
Cypherpunks write code (or maybe work on hardware :-) !
I hack both. Hardware is fun! - -- Roy M. Silvernail -- roy@sendai.cybrspc.mn.org will do just fine, thanks. "Does that not fit in with your plans?" -- Mr Wiggen, of Ironside and Malone (Monty Python) PGP 2.3a public key available upon request (send yours) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLgRdWxvikii9febJAQG16wP7BzcIdnQw/TPFO+E/GwnPIt3xBVu0lHq3 H1ACbdiWMxD55F2GiQ21fZ7K1IRtr8gTsgKGnbBDMMW7hjfVmFinzYJRhH/jBnQC 0nndL9bK+DtX42GyDYn88MnGYQL1b+7Efp6V1QNP+gGdfYYZrZwqscgajPalPkKD qQveABptfBI= =+j3A -----END PGP SIGNATURE-----
The Prime Assumption: White noise due to molecular motion is truly random. Noise generated in a carbon resistor or zener diode is white noise.
Is this true, cryptographically speaking?
What you want is a Gunn diode oscillator w/ feedback.
1.A a device would use a cheap noisy carbon resistor and a rude, crude, noisy amplifier to amplify the noise generated by the resistor.
Just remember to keep the temperature of the devices constant, semi- conductors have a temperature dependancy which would allow them to monitor the data and possibly determine the gain of the amp and hence approx. how much noise energy and sprectrum thereof it was contributing. Check into Boltzmanns Constant applications to black body radiation.
1.B. A zener diode may make a "louder" noise and require a cheaper amplifier.
I am not shure that a zener would produce any more noise than a standard diode. There might even be less noise because the design parameters are more tightly controlled on a zener than standard diodes.
1.C How about if we take the hiss that you find between stations on an FM receiver, and digitize them through a PC soundcard?
I actually like this idea a lot.
that nobody wants to put 9 volt batteries in this thing and have to remember to turn it off when they are finished using their computers.
How about using the lines on the serial port for power?
should it contain a switch to cut it in and out as needed and free up the port? This sounds like an A-B switch.
How about a dongle?
4. How secure should the device itself be? Bruce's wonderful _Applied Cryptography_ talks about OS Virtual Memory managers writing out keys to disk without the user/programmer knowing, which is a serious potential problem. We have that same problem with the random number that this device generates. Wose, it wouldn't be hard for a `bad guy' to write a TSR that constantly reads the random port, and records the numbers in parallel with whatever wants to use it for real.
If they have this close access to your hardware then you have a more serious problem.
While I'd like to think that I really control my PC, once you get networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, HIMEM, etc. loaded, do you really _know_ that they are your friends? Is this a real problem?
I would suggest getting some of virus source out there and take a look at how the detectors watch system activity for fishy writes. Should not be hard to load another TSR which watchdogs the system for any bogus or un-authorized reads from the device. Just pass all system calls through the TSR to access the device.
participants (3)
-
Jim choate -
pfarrell@netcom.com -
roy@sendai.cybrspc.mn.org