Three Golden Rules...

…of TRNG design.

1. Use a stable source.

Make sure that your entropy source is stable, both in the short and long term. By stability, we don’t mean invariance to temperature effects. We mean don’t try to use sources like atmospheric noise, raindrops, wired up chaotic jerk functions, aquarium fish or Chua circuits. These sources are not stable day to day, making their entropy rates indeterminate. The Chua circuit will require constant tweaking of variable components and atmospheric noise is more likely to be Lady Gaga’s latest jitty. Similarly, floating analogue to digital converter pins are unreliable and very susceptible to the weather or wandering paws.

The cliché reverse biased transistor also falls into the don’t use category. Electrical ageing effects rapidly accumulate with biases as low as -8V[1]. The common USB form factor ChaosKey TRNG operates 2N3904 transistors at -20V. Other USB format devices operate at similar relatively high reverse voltages. The damage can manifest itself as long term noise drift. Exactly the type of problem repeatedly experienced by Rob Seward with his early TRNG designs.

2. Measure the raw entropy rate.

Peter Drucker said “If you can’t measure it, you can’t improve it.” Very true. So you have to measure the entropy being generated by the source. Given the shenanigans with NIST SP 800–90B, BSI AIS 2031 and real world inappropriateness of the ubiquitous (and often misunderstood) Shannon log formula, strong compression is the way forward. Inevitable biases and autocorrelations are automatically incorporated into the calculation. Compress a sample data set generated by the source, divide by the number of samples and further divide by two as a safe safety factor. For example, 500,000 samples compressing to 250kB gives an entropy rate of 4 bits/sample. Dividing by another two results in a very conservative 2 bits/sample. Not too bad if you can sample at 50kSa/s producing a decent 100kbps of entropy.

3. Don’t output more entropy than you generate.

For any TRNG to be worthy of the name, it must satisfy the most important aspect of TRNG design, namely that:-

raw entropy generated > length output

Anything else is simply a pseudo random number generator. This of course requires the accurate measurement of the rate of generation of raw entropy, which can be one of the most challenging aspects of TRNG design and validation. We’ll provide some advice for how we do it, especially when dealing with raw data that is not independent and identically distributed (non-IID).


References:-

[1] N. Toufik, F. Pilanchon and P. Mialhe, Degradation of junction parameters of an electrically stressed npn bipolar transistor, c.e.f., University of Perpignan, 52 av. de Villeneuve, F-66860 Perpignan.