1.7 GBit/s RNG by laser feedback
http://www.newscientist.com/article/dn16109-laser-trick-churns-out-secure-random-numbers.html?DCMP=OTC-rss&nsref=physics-math Laser trick churns out secure random numbers * 18:00 23 November 2008 by Colin Barras Generating random numbers is harder than you might think, and the security of digital communications depends on it. Now a new method that uses lasers to produce streams of truly random numbers faster than ever before could help improve security at a time when digital traffic and cybercrime are both growing. Strings of random numbers are used to make secret keys and other parts of encryption protocols. But software that generates random numbers can generally only manage a close approximation to random. Statistical analysis reveals underlying if near-invisible patterns that mean an attacker could predict the sequence and break the code. Innovative ideas like tuning into atmospheric noise are sometimes used instead to achieve true chance. Now a new trick using the semiconductor lasers that power fibre-optic links offers a more practical way to improve security. Welcome feedback The new system can generate truly random numbers 10 times faster than existing devices, which can typically only produce 10s or 100s of megabits of random numbers per second, says Atsushi Uchida, an electrical engineer at Saitama University, Japan. Uchida and colleague Peter Davis, from NTT Communication Science Laboratories in Kyoto, can now generate truly random sequences at up to 1.7 gigabits per second. They took a standard semiconductor laser and added an external mirror to reflect some of the light back inside the laser. That feedback causes the light produced to oscillate randomly. This can be converted into an AC current and then into a binary signal that can be used by a computer. Signals from two lasers are combined into a single, truly random number sequence. Relatively inexpensive versions of the system could be built into cryptographic systems for secure network links, or quantum communication systems, say the researchers. Journal reference: Nature Photonics (DOI: 10.1038/nphoton.2008.227)
Is that a better way to generate pseudo random numbers? Sarad. --- On Mon, 11/24/08, Eugen Leitl <eugen@leitl.org> wrote:
From: Eugen Leitl <eugen@leitl.org> Subject: 1.7 GBit/s RNG by laser feedback To: info@postbiota.org, cypherpunks@al-qaeda.net Date: Monday, November 24, 2008, 6:47 PM http://www.newscientist.com/article/dn16109-laser-trick-churns-out-secure-random-numbers.html?DCMP=OTC-rss&nsref=physics-math
Laser trick churns out secure random numbers
* 18:00 23 November 2008 by Colin Barras
On Mon, Nov 24, 2008 at 09:26:57AM -0800, Sarad AV wrote:
Is that a better way to generate pseudo random numbers?
No, it's a RNG, not PRNG. 1.7 GBit/s is not a huge improvement over RNGs in VIA C7, IIRC.
Sarad.
--- On Mon, 11/24/08, Eugen Leitl <eugen@leitl.org> wrote:
From: Eugen Leitl <eugen@leitl.org> Subject: 1.7 GBit/s RNG by laser feedback To: info@postbiota.org, cypherpunks@al-qaeda.net Date: Monday, November 24, 2008, 6:47 PM http://www.newscientist.com/article/dn16109-laser-trick-churns-out-secure-random-numbers.html?DCMP=OTC-rss&nsref=physics-math
Laser trick churns out secure random numbers
* 18:00 23 November 2008 by Colin Barras -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Eugen Leitl wrote:
On Mon, Nov 24, 2008 at 09:26:57AM -0800, Sarad AV wrote:
Is that a better way to generate pseudo random numbers?
No, it's a RNG, not PRNG. 1.7 GBit/s is not a huge improvement over RNGs in VIA C7, IIRC.
On another board, this is being called a PRNG. One point that is raised, if it was truly an RNG then it wouldn't be necessary to mix the outputs from two laser assemblies. Ulex
On Tue, Nov 25, 2008 at 11:26:22AM -0500, Europus wrote:
Eugen Leitl wrote:
On Mon, Nov 24, 2008 at 09:26:57AM -0800, Sarad AV wrote:
Is that a better way to generate pseudo random numbers?
No, it's a RNG, not PRNG. 1.7 GBit/s is not a huge improvement over RNGs in VIA C7, IIRC.
On another board, this is being called a PRNG. One point that
No, because this is brownian noise, straight from the quantum floor. PRNGs are deterministic discrete systems. Of course you can whiten a RNG with, say a block cipher like AES.
is raised, if it was truly an RNG then it wouldn't be necessary to mix the outputs from two laser assemblies.
No idea about that. Analog whitening, possibly?
On Tue, Nov 25, 2008 at 9:12 AM, Eugen Leitl <eugen@leitl.org> wrote:
... Of course you can whiten a RNG with, say a block cipher like AES.
it is useful to whiten and/or mask any potential bias of the entropy source with a run through a cipher or digest. it's important to note that you should be verifying entropy before this step (FIPS sanity checks) otherwise your RNG could be highly biased and you'd not notice from the whitened, masked output.
is raised, if it was truly an RNG then it wouldn't be necessary to mix the outputs from two laser assemblies.
No idea about that. Analog whitening, possibly?
there are two schools of hardware entropy harvesting thought: - use a von Neumann whitener to distill the raw entropy into a high quality, low (single bit) bias source. this will also cut throughput by an order of magnitude, perhaps. - use a block cipher or digest to mask any bias that may be present in an un-whitened, wide open source. the latter seems to be gaining popularity, and of course it doesn't hurt to do both. this is indeed not a huge leap over VIA padlock's dual on core sources (XSTORE) which also have AES on core for the masking above - these can hit 100Mbps with whitening disabled and both sources enabled. if you're initializing FDE drives with good entropy this 1.7Gbps might be useful. otherwise i have a hard time consuming even a fraction of the available entropy on a VIA system in normal use. best regards,
On Tue, Nov 25, 2008 at 8:26 AM, Europus <europus@gmail.com> wrote:
... On another board, this is being called a PRNG. One point that is raised, if it was truly an RNG then it wouldn't be necessary to mix the outputs from two laser assemblies.
i was focused on the whitened vs. raw entropy in the previous post and overlooked the point you were getting at. it is good practice to use more than one hardware entropy source in a system. (on VIA's boards, only the first gen C5XL cores had a single source, after that two are always present). if one fails you have a backup and combined they can double throughput. if your requirements necessitate a high throughput hardware (true) entropy source you can't fall back on software and host entropy scavenging - it's just too slow. so you get two or more sources and expect at least one to be functional for the lifetime of the system. there doesn't seem to be any additional technical detail about this setup so perhaps we'll find out more later... best regards,
participants (4)
-
coderman -
Eugen Leitl -
Europus -
Sarad AV