[Gnuk-users] TRNG output
NIIBE Yutaka
gniibe at fsij.org
Fri Aug 28 03:20:42 UTC 2015
On 08/28/2015 02:07 AM, Kurt Roeckx wrote:
> What they all seem to lack is a calculation (and proof) of the
> (minimum) entropy.
I agree. In my opinion, it would not be the job of implementer, but
of scientist. I found that we have fast ADC these days and we can use
it as a source of noise, I did some research to support this idea, and
I implemented my idea.
For scientists, I suggest having a formal model of a device (and then
doing some simulations and experiments if the model really matches the
implementation), with references. For NeuG, I even suggest to have a
minimal formal model which only use the LSB from output of ADC.
Currently, NeuG lacks such a (accurate) formal model or proof.
Nevertheless, it implements runtime testing (Repetition Count Test,
Adaptive Proportion Test) against its sequence continuously, following
the draft of NIST SP 800-90B. It can detect failure.
Please note that runtime testing doesn't fulfill the need of a formal
model at all, because there remain a possibility where a scientist can
guess/control the sequence even if it looks quite random.
--
More information about the gnuk-users
mailing list