From gniibe at fsij.org  Mon Jul  3 08:19:37 2023
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Mon, 03 Jul 2023 15:19:37 +0900
Subject: Utility of NEUG or Gomti with new LRNG code
In-Reply-To: <2250df59-f5d3-cf42-3281-dbc6705f79bd@free.fr>
References: <2250df59-f5d3-cf42-3281-dbc6705f79bd@free.fr>
Message-ID: <87mt0dfreu.fsf@akagi.fsij.org>

Hello,

https://debconf23.debconf.org/talks/8-gomti-a-collection-of-pll-based-true-rng-on-fpga/

Fr?d?ric SUEL <frederic.suel at free.fr> wrote:
> *Ref 1* : https://www.chronox.de/lrng/doc/lrng.pdf
>
> *Ref 2* : 
> https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN_V5_4.html

To my knowledge:

    * The LRNG is not (yet) in the standard kernel.

    * Some people use the code to get FIPS certification of the system
      (or similar government compliance).

      * Please ask RHEL, SuSE, and Canonical people for the situation.

My point is that while it is named "Linux Random Number Generator", it's
not always available.

If your interest is for FIPS certification or government compliance,
as far as I know, nobody (including me) tries NeuG USB device to be
FIPS certified.

> It is possible, right now, to use it (NEUG, Gomti) as hardware generator 
> and how, or will it be possible in the futur ?

Currently, I don't know.  It highly depends on how the LRNG is composed
(sorry, I don't know the detail).  If it's needed in the earlier boot
stage, the dependency graph of subsystem matters; If an external entropy
source requires USB communication (like NeuG USB device does) to feed
into kernel, the USB subsystem should be available.

Besides, I'm afraid the LRNG allows use of an external device like NeuG
or whatever.

If your use case with LRNG is for FIPS certified system, naturally, such
a device should be also FIPS certified.


BTW, I haven't announce Gomti yet.  It's my new project for hardware
RNG.

Last week, I submitted a talk proposal to Debconf23.

Just FYI, here is the copy of my submission.
If accepted, it will be:
https://debconf23.debconf.org/talks/8-gomti-a-collection-of-pll-based-true-rng-on-fpga/
(not yet available)

==========================

Gomti: A collection of PLL-based True RNG on FPGA

Speaker: NIIBE Yutaka

Track: Security

Type: Short talk (20 minutes)

Gomti [0] is a collection of PLL-based True Random Number Generator.
Currently, we have implementations for FPGA: ice40 HX8K and Gowin
GW1NR-9/C.  With Gomti, we can build a good USB TRNG device, for example,
using TEC0117 board.

In 2013, I released NeuG 1.0 [1], an implementation of TRNG on
STM32F103, based on the sampling noise of ADC.  It has been useful in
the situation where no good noise source is available.  I had an
presentation in Debconf15 [2].  While it is empirically useful, it lacks
mathematical or physical model.

Around 2015, there were projects like OneRNG [3] and ChaosKey [4] which
is based on diode noise source.

In 2022, I sought around TRNG technology again, with following constraints:

    - Easier to implement (cost-wise, technology-wise)
    - Patent free
    - Better reproducibility
    - Build-able with common parts
    - Build-able with free tool (as in freedom)

Given the situation we have a good free tool for FPGA (Yosys and nextpnr
[5]), I realized that PLL-based TRNG can be built fulfilling the
constraints above, reading papers of [6], [7], and [8].

People who have an interest around hardware development and FPGA can
enjoy Gomti to build their own USB TRNG device.  Security geeks may find
a practical and interesting source of entropy.

Let us discuss about reproducible and transparent random number generation.

[0] Gomti: https://sr.ht/~gniibe/gomti/

[1] NeuG: https://www.gniibe.org/memo/development/gnuk/rng/neug.html

[2] More Entropy, Please: https://summit.debconf.org/debconf15/meeting/265/more-entropy-please/

[3] OneRNG: https://onerng.info/

[4] ChaosKey: https://altusmetrum.org/ChaosKey/

[5] Yosys and nextpnr https://yosyshq.net/yosys/ https://github.com/YosysHQ/nextpnr

[6] Viktor Fischer & Milo? Drutarovsk?

True Random Number Generator Embedded in Reconfigurable Hardware
2002
https://doi.org/10.1007/3-540-36400-5_30

[7] Florent Bernard, Viktor Fischer and Boyan Valtchanov

Mathematical model of physical RNGs based on coherent sampling
2010
https://doi.org/10.2478/v10127-010-0001-1

[8] Milo? Drutarovsk? and Martin Simka and Viktor Fischer and Frederic Celle

A Simple PLL-Based True Random Number Generator for Embedded Digital Systems
2004
http://www.cai.sk/ojs/index.php/cai/article/view/442
--