[4584] in cryptography@c2.net mail archive
Testing RNG devices
daemon@ATHENA.MIT.EDU (Nick Szabo)
Sat May 1 18:27:13 1999
Date: Sat, 01 May 1999 11:22:55 -0700
To: Brad Martin <brad@nshore.com>, cryptography@c2.net
From: Nick Szabo <szabo@best.com>
In-Reply-To: <372A256E.C981EB20@nshore.com>
Brad Martin:
>Doing the tests one's self - Doctor's advice
>even with a "fancy" RNG - this is NOT MEANT as
>a catty remark, but I REALLY THINK this is
>important. (you didn't trust us, did you? :-)
Statistical tests don't solve this problem. It's
easy to design an alleged RNG which passes all common
or even all publically known and efficient statistical tests,
but contains regularities known only to those who have observed
and understood the device design and circuitry.
Such regularities would make cryptanalysis of
PRNGs and ciphers depending on this RNG easy.
Statistical tests can detect, with high probability,
when an RNG device of trustworthy design deviates, due
to some natural damage, from its specifications.
The best way to establish trust in an RNG device
may be to
(1) publish the design specification.
(2) design and distribute both software and hardware which
verifies whether a particular device is operating according
to that specification. This involves testing the physical
characteristics and circuit design of the device, _not_
the statistical characteristics of the data it generates.
szabo@best.com
http://www.best.com/~szabo/
PGP D4B9 8A17 9B90 BDFF 9699 500F 1068 E27F 6E49 C4A2
