2008-10-15 01:57:09

by Glenn Powers

[permalink] [raw]
Subject: Perfectly Random


This is a proposal for a linux kernel module. This module will transfer
entropy to /dev/random from nuclear decay random number generators.
Addition information on this method of entropy generation can be found at:
http://www.fourmilab.ch/hotbits/

The lack of sufficient entropy is the Achilles Heel of cryptography and
anyone who considers arithmetical methods of random sequence generation
is, of course, in a state of sin. (D. Knuth, The Art of Computer
Programming: Volume 2, Seminumerical Algorithms, 2nd edition,
Addison-Wesley, 1981.) While I am quite familiar with sin, I often
strive for something better.

Although any reasonable time base can be used for entropy generation,
the best "something better" I've found is a not-so-hot three way between
rubidium, cesium and quartz. The ultra-high quality quartz oscillator,
rubidium gas and associated control electronics, called "L-PRO" or LPRO
atomic frequency standard (manufactured by Efratom, Datum and now
Symmetricom) can be purchased on eBay for US$100-US$200. The cesium is
for long-baseline intervals, such that including a Pioneer-like star
charts on your storage media would probably be a good idea. Combined,
this is my definition of "non-random."

This precise time interval can be transferred to the linux kernel by
constructing a TTL interface as described in the LPRO manual, connecting
it to an available interrupt and changing the timer interrupt in the
kernel. Rinse. Repeat.

Among the interesting properties of nuclear radiation is that it is both
truly random and truly linear, depending how you look at it. Averaged
over time, the nuclear decay rate is perfectly linear. This property has
been used for decades for carbon-dating.

However, the exact instant of a nuclear event is dependent on the entire
universe. This is makes it possible to extract entropy from four such
events. It's a horse race between the time interval between the first
and second events and the time interval between the third and four
events. This method effectively decouples the decay rate from the
entropy stream.

These nuclear events can be sensed with an opto-isolated Gieger/Mullen
and are combined with the 10 MHz TTL LPRO signal using a NAND gate,
which is then connected to an available system interrupt.

THE KERNEL MODULE WILL:

Copy the current CPU clock tick of these interrupts to a ring buffer.

THEN:

A Linux-RTAI application will compute the entropy and transfer it to
/dev/random, a database or a network interface.

THEN:

The system can be tuned.

THEN:

The best tunings can be incorporated into the "RandomNuclear" module.

cheers,
glenn


2008-10-15 02:03:21

by David Lang

[permalink] [raw]
Subject: Re: Perfectly Random

On Tue, 14 Oct 2008, Glenn Powers wrote:

> THE KERNEL MODULE WILL:
>
> Copy the current CPU clock tick of these interrupts to a ring buffer.
>
> THEN:
>
> A Linux-RTAI application will compute the entropy and transfer it to
> /dev/random, a database or a network interface.
>
> THEN:
>
> The system can be tuned.
>
> THEN:
>
> The best tunings can be incorporated into the "RandomNuclear" module.

why can't userspace talk to this external hardware and get a count from
it, and then insert it into the random pool without involving any kernel
module?

also, anything that depends on the exact CPU clock tick of when interrupts
happen has just sacraficed a LOT of it's randomness to the particulars of
various motherboards.

David Lang