From: Tony_S_Patti@cup.portal.com
Newsgroups: sci.crypt
Subject: Re: generating one-time pads
Message-ID: <60850@cup.portal.com>
Date: Sat, 20 Jun 92 19:56:52 PDT
Organization: The Portal System (TM)
References: <60814@cup.portal.com>
+ <2668@accucx.cc.ruu.nl>
Lines: 51
In 6/20/92 01:26 47/2081 nevries@accucx.cc.ruu.nl (Nico E. de Vries) writes:
> In <60814@cup.portal.com> Tony_S_Patti@cup.portal.com writes:
>
>>3. I designed and developed in Cryptosystems Journal a hardware random
>> number generator based on 16 crystal oscillators (typically each
>> oscillating at 20 MHz - 30 Mhz (for an aggregate frequency of 320 Mhz -
>> 480 MHz). Specifically, I published Printed Circuit Board (PCB) artwork.
>> The parts cost less than $40 (if you know where to get parts cheap and
>> etch the board and build it yourself). Most importantly, I tested over
>> 2 Billion bits using 18 statistical tests from Knuth. The empirical
>> results are almost exactly as expected.
>
>Why 16 crystals? 2 crystals should be enough. An IBM-PC has 2 and those
>are the ones I use in my source.
In response to Nico's question:
My testing shows that my hardware-generated random bits don't get *really*
good unless you use 11 (or more) oscillators. I should also say that
each four crystal oscillators is latched into a 74LS175 Quad D Flip-Flop
and that these bits are XOR'd by a 74LS86. I believe that the reason that
multiple crystal oscillators are needed is because the crystal oscillators
do *not* have 50/50 waveform symmetry, but typically 60/40 waveform symmetry.
Indeed, my testing shows that a figure of merit I calculate improves
40% for each additional oscillator added (up to 11, whereupon it does not
show further improvement). Therefore, I would be cautious of using only
two crystal oscillators, unless you have statistically tested at least a few
hundred million bits that you've generated.
AT&T's T7001 Random Number Generator Chip *does* use *two* oscillators
operating typically at 8 MHz and 1 KHz (which I assume limits the chip
to outputing no more than 1000 random bits per second). My caution above
was directed at using off-the-shelf crystal oscillators (as would be found
in a PC), not directed at the design of this more complex and custom IC.
I feel that the generation of random bits is an all-too-often over-looked
aspect of implementing secure cryptosystems. If we assume (as is usually
the case) that the security must rely solely on the keys, then the keys
had better be *really* random. For small keys (like DES), you could
flip a coin if you wanted to, but when you are talking about a thousand
bits or a million bits or 50 million bits, I sure think that inexpensive
hardware is the way to go.
Tony Patti
Editor & Publisher
Cryptosystems Journal
P.O. Box 188
Newtown, PA 18940-0188
Phone: 215-579-9888