Making Intel's digital RNG

Oh no! Not another RNG thread! :slight_smile:

After reading about Intel's new RNG, I thought it might be interesting to try building one. But there are some gotchas, so perhaps it's a fool's errand. From the article:

Switching those transistors on forces the inputs and outputs of both inverters to the logical 1 state. The inverters have to be modified slightly to take this sort of abuse, but that's easy enough to do.

and

To keep the inverters in balance, we built a feedback loop into the new hardware. The circuitry in that loop performs some targeted fiddling until the two possible output values, 0 and 1, each occur roughly half the time.

I lack the requisite knowledge about inverters to understand whether the 1st is, for practical purposes, a show-stopper for casual home experimentation. I'm willing to ignore the 2nd and just play with it to see what I get, unless the probability is very high that in a home-brew circuit, stray inductance, capacitance, noise, etc., from wiring is going to drive the circuit to always, or nearly always, flop high or low.

The other thing I'm thinking about is whether there's any benefit to buffering the output of this in something before reading it in the Arduino. Not sure if that would be using a shift register, or some other sort of buffer, UART, or something. Just an idea that it might be easier to grab 8 bits (or more) at a time rather than bit bang the bytes together -- trade complexity in the sketch for complexity in the hardware. One thing about doing the rest all in the Arduino is that Intel mentions (elsewhere) using a von Neumann filter, which could be implemented using an interrupt, though I assume there's an easy way to detect transitions using hardware too.

I have on hand the TI SN74LVC2G04 dual inverter, and I was thinking something along the lines of a DMN601DMK-7 dual FET IC for the FETs.

Clock would come from a DS3234, also already on hand. Attached is a start on a drawing.

digirand_block.jpg

To keep the inverters in balance, we built a feedback loop into the new hardware. The circuitry in that loop performs some targeted fiddling until the two possible output values, 0 and 1, each occur roughly half the time.

That one can be done in software and I suggest you take that approach. I suspect Intel chose to use hardware to eliminate the (fallible) software developer from the process.

As for the rest, it is way beyond my ability.

I hope you get it working!

It's the 1st part, about abusing the inverters, that has me concerned. I suppose that the worst that can happen is I burn up a couple bucks worth of IC. Which wouldn't be, by far, the dumbest thing I've ever done. :slight_smile:

What abuse? Doesn't that design look real similar to xtal controlled oscillator used to create a system clock, but this is allowed to settle out instead?
http://www.z80.info/uexosc.htm

It's the 1st part, about abusing the inverters, that has me concerned.

Place 4k7 resistors on each inverter output to prevent them being overloaded when the transistors are on?

I suspect that in practice you'll need to match the inverters together and match the transistors - the first is easy if they are on the same packet, but to match transistors you'll do well to source some dual FETs. It might be necessary to trim the input capacitance of the inverters with trimmer caps (identical trimmers will have identical tempco)

It will be important that the transistors switch off faster than the inverters can respond, otherwise their characteristics will dominate the 'teetering' period. This suggests using 4000 series inverters which are quite slow.

Lastly to load the outputs identically both inverters would need to feed identical gates even if only one output is used.

My nagging doubt is that this technique might only work well with very small transistors (sub micron) where thermal noise is much more dominant...

CrossRoads:
What abuse? Doesn't that design look real similar to xtal controlled oscillator used to create a system clock, but this is allowed to settle out instead?
Thomas Scherrer Crystal Oscillator Circuits

Indeed. I'm just echoing the IEEE Spectrum article, because I have much to learn about this. My landlord sort of scowled at my schematic (he likes analog) and said something about using inverters with open collector outputs. My schematic is just a 1st stab at something that looks like Intel's drawing, and now I think about it, I don't know why they don't drive the inverters from a single FET either, but they indicate 2. (And I assume their clock signal needs amplified to drive the FETs, but obviously that isn't necessarily true.)

MarkT:
I suspect that in practice you'll need to match the inverters together and match the transistors - the first is easy if they are on the same packet, but to match transistors you'll do well to source some dual FETs.

That's one of the ICs I linked to. I will have to absorb more of yours and Crossroads' input to think about whether that IC is a good choice for my existing inverters, or maybe I need to change both.

My nagging doubt is that this technique might only work well with very small transistors (sub micron) where thermal noise is much more dominant...

Yep. Intel, of course, can just put the whole shebang in silicon at a very small scale, on the processor chip, or somewhere else in the chipset, and tweak response characteristics.

Thanks for the encouragement. I'm beginning to think I can make this work. At the moment, I'm a bit pre-occupied with a couple other things, but I'll come back to this in while.

In re. settling time, maybe that can be addressed by not using a 50% duty cycle clock pulse?

If you get it working there would be an application in a USB-key style dongle for producing cryptographic strength random numbers??

"USB-key style dongle"
Lot of companies already have similar; key fob with number displayed that changes once a minute, you have to enter that number in the timeframe or you don't get network access. I bet USB dongles for same exist too.

"USB-key style dongle"
Lot of companies already have similar; key fob with number displayed that changes once a minute, you have to enter that number in the timeframe or you don't get network access. I bet USB dongles for same exist too.

I don't think they're random. The idea is that the server knows the number being displayed but an attacker does not. If they were truly random it wouldn't work.

sixeyes:
I don't think they're random. The idea is that the server knows the number being displayed but an attacker does not. If they were truly random it wouldn't work.

Things such as the RSA SecureID token aren't RNGs. I think they run a very simplified PRNG, but in order to work, the server runs the same algorithm, and the fob and the server use the same seed.

MarkT:
If you get it working there would be an application in a USB-key style dongle for producing cryptographic strength random numbers??

Well, if it were easy, it'd already have been done. So I checked. 1st result on a web search:

Now, I haven't evaluated any such device. But assuming it's properly done, one could cut open the case and wire it into your Arduino. If I'm successful (really, I'm doing this just for fun, and education) then I can see it being a breakout board.