[Gnuk-users] TRNG output

[NdK]

Il 03/09/2015 20:23, Kurt Roeckx ha scritto:

> Yes, and like some of the papers I pointed to, you really want to
> do the analys of the quality before the the it gets debiased.
Before debiasing, the randomness per bit is poor. But the overall
randomness (entropy) is the same you can have as output from any
deterministic algorithm.

> But part of my point was that with the algorithm from von Neumann
> you can't really tell how it affects the amount of entropy, while
> with the hash you can.
Does not affect it, since it's deterministic. It just "distills" it,
increasing entropy/bit ratio.

>> Since the bandwidth is limited, it's better to pre-accumulate the
>> entropy, so you have to transmit less data for the same entropy.
> I'm not sure what you're saying here.  Which bandwidth are you
> talking about?  USB has way more bandwidth than the device can
> give you.  I guess it's mostly a question of where you want to
> spend the CPU of removing the bias.
You're right. IIRC ARM ADCs can do 1Msps (but I'd have to check the
datasheet) that, at 12bps and 2 ADCs running would generate about 4MB/s.
But if the entropy is the same you get from a stream at 100kBps, then I
think it's worth reducing it.

> If I turn on the CRC part, rng-tools is perfectly happy with that,
> I had 1 failure out of more than 2000.  I'm not sure what the
> expected rate of failures should be for those tests, but they are
> supposed to fail sometimes.
Yup. A fixed sequence is possible even with a "perfect" RNG :), or it
wouldn't be perfect.

Just remembered another good PRNG: a neural network (in this case a tree
parity machine with an hidden layer) that learns the negation of its own
output. IIRC I've found it in works by Andreas Ruttor about neural
cryptography, where there's a proof that an attacker can guess at most
~75% of the output bits. Maybe it's worth having a look.

BYtE,
 Diego