Using onboard ECC608 for Random Number Generation

Hello All,

I am sure this is a silly question but is there any reason I shouldn't use the onboard ECC608 for random number generation? In order to do this you have to create Self-Signed Certificate and lock the chip, will this impact the IoT in any way?

Thanks,
Matt

1 Like

I have not found much information on these chips so far myself.
I do know you only get 5 Self Signed Certificates and that's it. so i don't think that plan is a good idea.

However in the Data Sheet: http://ww1.microchip.com/downloads/en/DeviceDoc/40001977A.pdf
It states this:

The ATECC608A can generate high-quality random numbers using its internal random number generator.

and this:

These random numbers can be employed for any purpose,

However I can not find any info on how to do it without creating a Self-Signed Certificate.
Hopefully someone else here know's the answer.

EDIT: I just found a more complete data sheet here: https://atecc608a.github.io/ATECC608A.pdf
A quick look shows there is more info on the random number generator

There are no silly questions. :slight_smile:

Do you require the randomness "quality" provided by the device for your application? If yes, then you can always buy another Arduino if you lock-up the device. You could still use the board without the ECC608.
If you cannot afford that, maybe using another source for random numbers is a better choice for your experiments.

Hello @Klaus_K and @Hutkikz,

Thank you for the feedback, I had also seen that there were only 5 key slots and that if you try to run the random number generator examples on either the Arduino or Sparkfun Libraries they both say the chip needs to be "locked" to proceed.

On this Adafruit tutorial: https://learn.adafruit.com/adafruit-atecc608-breakout/arduino it seems to say that these certificates can be generated to last a certain amount of time and that they can possibly overwrite existing keys. I am not sure why they need keys to generate random numbers. As far as I can tell the random number generate just listens to a chaotic/entropy source and put that into a deterministic algorithm.

The application/experiment I am trying to run does need high-quality random numbers, however, I am not against getting an external ECC608. Having said that, is there any information as to what the ECC608 on the board is actually doing? It seems that it can't be used for anything until it is locked. So is there any reference to it in other libraries such as the WiFi or something else?

Thanks,
Matt

Digging around a little this morning I found that while the ECC608 must be configured and locked to use the RNG. You do NOT have to configure it again every time you run the RNG.
There is even an example of how use the RNG in the ArduinoECCX08 Library
I could not find this example in my installation only on the github page.

Edit: Rereading your last post I see you found the example. It seems you just need to configure and lock your chip. A quick test on my already locked chip confirms this works.

I did a quick search trough the WiFiNINA and there are no references to ECC devices.

The ArduinoBearSSL however makes use of the device. It even brings a couple of functions/files in the utility sub folder.

This matches what I would expect. Standard WiFi/network stuff (incl. WPA2) works without the devices and SSL/TLS application require it.

Hello Both,

Thanks for the input, seems like it shouldn't get in the way of the board's functionality, I will run some tests on my end!

Matt