Creating Entropy For Cryptographic Purposes

Click For Summary

Discussion Overview

The discussion revolves around methods for generating high entropy for cryptographic purposes, exploring both theoretical mechanisms and current technological implementations. Participants share insights on various entropy sources and their effectiveness in security applications.

Discussion Character

  • Exploratory, Technical explanation, Debate/contested

Main Points Raised

  • Mason C. Turner introduces the concept of entropy generation, linking it to information and energy interchangeability, and seeks theoretical mechanisms for high entropy generation using current technology.
  • One participant mentions that jitter from ring oscillators (ROs) is a popular source of entropy in digital architectures, noting ongoing research in hardware true random number generators (TRNGs).
  • Another participant highlights quantum random number generators (QRNGs) as commercially available options, emphasizing their theoretical perfection but also the necessity for real-world testing to ensure functionality.
  • There is a suggestion that the intended audience for the cryptographic measures (e.g., casual users versus major governments) influences the level of effort required in entropy generation.

Areas of Agreement / Disagreement

Participants present multiple competing views on entropy generation methods, with no consensus reached on the best approach or mechanism.

Contextual Notes

Limitations include the dependence on specific hardware implementations, variability in randomness proofs, and the context of security needs influencing entropy generation strategies.

Who May Find This Useful

Individuals interested in cybersecurity, cryptography, and hardware random number generation technologies may find this discussion relevant.

StarHunter
Messages
12
Reaction score
0
TL;DR
This topic touches on certain aspects of exploring entropy generating devices used to create information from energy.
Hello,

My name is Mason C. Turner and I work in the cybersecurity field. My background includes both military communications as well as private sector experience.

According to the laws of physics, to the best of my understanding information and energy are directly interchangeable in a theoretical sense but any useable energy source contains inherent information. Such at the wavelength of the energy, interference, amplitude and modulation. My question is what would be your go to theoretical mechanism to generate the highest entropy possible using current day technology?

I am happy to learn about current day methods and theoretical mechanisms. For example, Cloudflare uses its "wall of entropy" which is dependent on a temperature, and then so, through advanced analysis, large data collection can be used to create an entropy baseline. It seems like the current solution is to use what seems to be random events in order to create an entropy source. I am open to critics and other input.

Respectfully,

Mason C. Turner
 
Last edited by a moderator:
Computer science news on Phys.org
I am not sure if this is what you are looking for.

In digital architectures, jitter of ring oscillators (ROs) are popular sources for entropy.
You can get an introduction about ROs here:
https://en.wikipedia.org/wiki/Ring_oscillator
ROs for hardware TRNGs are actively being researched.

Also:
The FRO-based TRNGs are very popular due to their use of the standard digital logic despite issues with randomness proofs and chip-to-chip variability.
Source: https://en.wikipedia.org/wiki/Hardware_random_number_generator#Free-running_oscillators-based_RNG

Cloudflare's method of creating entropy is similar to the Lavarand method:
https://en.wikipedia.org/wiki/Lavarand
 
Reply
  • Informative
Likes   Reactions: berkeman
Quantum random number generators. These are already commercially available in the form of rack-mountable equipment. There are online resources that allow you to try them out (online resources can for obvious reasons not be used in actual security applications).

QRNGs are theoretically perfect, but for-real world hardware there a whole bunch of tests that they must pass to ensure that they actually work as intended (there are now organisations that can perform these tests)
 
Reply
  • Informative
Likes   Reactions: dirichlet and berkeman
A good question is who you are trying to keep out of your stuff: your little sister, or major world governments? That tells you how much effort one should reasonably put into this.
 

Similar threads

High School Question about the Entropy of a Black Hole Singularity
  • · Replies 17 ·
Replies
17
Views
3K
Undergrad A novel explanation of CKM and PMNS matrix parameters
  • · Replies 3 ·
Replies
3
Views
3K
Graduate 1st law, 2nd law, entropy by Gyftopoulos / Beretta is confusing
  • · Replies 7 ·
Replies
7
Views
2K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
Graduate How Do Various Theories Define Information Through Entropy?
  • · Replies 13 ·
Replies
13
Views
10K
Undergrad What is the true randomness of random numbers?
  • · Replies 7 ·
Replies
7
Views
6K
Admissions Critique my statement of purpose for Ivy Physics Ph.D
  • · Replies 3 ·
Replies
3
Views
5K
High School Infrared Detectors & The 2nd Law of Thermodynamics
  • · Replies 152 ·
6
Replies
152
Views
11K
Undergrad Another butterfly making tornadoes thread
  • · Replies 21 ·
Replies
21
Views
3K
Graduate What is intuitevely the field part of GR equations?
  • · Replies 7 ·
Replies
7
Views
2K