® THE RANDOM NUMBER GENERATOR

CRYPTOGRAPHY RESEARCH, INC. WHITE PAPER PREPARED FOR INTEL CORPORATION Benjamin Jun and Paul Kocher April 22, 1999

Information in this white paper is provided without guarantee or warranty of any kind. This review represents the opinions of Research and may or may not reflect opinions of Intel Corporation. Characteristics of the Intel RNG may vary with design or process changes. © 1999 by Cryptography Research, Inc. and Intel Corporation.

1. Introduction n = − H K∑ log pi , Good cryptography requires good random i=1 numbers. This paper evaluates the hardware- where pi is the probability of state i out of n based Intel Random Number Generator (RNG) possible states and K is an optional constant to for use in cryptographic applications. 1 provide units (e.g., log(2) bit). In the case of a Almost all cryptographic protocols require random number generator that produces a k-bit the generation and use of secret values that must binary result, pi is the probability that an output be unknown to attackers. For example, random will equal i, where 0 ≤ i < 2k . Thus, for a number generators are required to generate -k perfect random number generator, pi = 2 and public/private keypairs for asymmetric (public the entropy of the output is equal to k bits. This ) including RSA, DSA, and means that all possible outcomes are equally Diffie-Hellman. Keys for symmetric and hybrid (un)likely, and on average the information are also generated randomly. in the output cannot be represented in a RNGs are also used to create challenges, nonces sequence shorter than k bits. In contrast, the (salts), bytes, and blinding values. The entropy of typical English alphabetic text is 1.5 one time pad – the only provably-secure bits per character.2 system – uses as much key material as and requires that the be An RNG for cryptographic applications generated from a truly random process. should appear to computationally-bounded adversaries to be close as possible to a perfect Because security protocols rely on the RNG. For this review, we analyze whether there unpredictability of the keys they use, random is any feasible way to distinguish the Intel RNG number generators for cryptographic from a perfect RNG. applications must meet stringent requirements. The most important is that attackers, including those who know the RNG design, must not be 2. able to make any useful predictions about the RNG outputs. In particular, the apparent entropy Most “random” number sources actually of the RNG output should be as close as utilize a (PRNG). possible to the bit length. PRNGs use deterministic processes to generate a series of outputs from an initial state. 1 According to Shannon , the entropy H of Because the output is purely a function of the any message or state is: seed data, the actual entropy of the output can never exceed the entropy of the seed. It can,

1 Shannon, C.E., “A Mathematical Theory of 2 Menezes, Oorschot, and Vanstone, Communication,” The Bell System Technical Journal, Handbook of Applied Cryptography, vol. 27, p. 379-423, July 1948. Ch.7, CRC Press, 1997. ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH however, be computationally infeasible to processes, but these methods are awkward and distinguish a good PRNG from a perfect RNG. slow. For example, PGP4 version 6.02 requires that users spend about 15 seconds entering For example, a PRNG seeded with 256-bits random keystrokes or mouse movements to of entropy (or one with a 256-bit state) cannot produce a new key. Methods involving user produce more than 256 bits of true . timing require inelegant user interfaces and An attacker who can guess the seed data can cannot be used (or become insecure) when predict the entire PRNG output. Guessing a 256- controlled by automated scripts. Some bit seed value is computationally infeasible, applications use hard drive seek times, but however, so it is possible that such a PRNG factors such as the drive technology, disk could be used in cryptographic applications. caches, and system timer resolution limits Examples of PRNGs designed for cryptographic require careful consideration. Measurements of applications include MD5Random and system activity, delays, configuration data, etc. SHA1Random (which respectively hold 128 bits TM,3 are also sometimes used. and 160 bits of state) in the BSAFE cryptographic toolkit. Overall, true random number generators implemented using conventional hardware tend Although properly-implemented and seeded to be slow, difficult to implement, require user PRNGs are suitable for most cryptographic involvement, and often provide unknown applications, great care must be taken in the amounts of true entropy. These methods also development, testing, and selection of PRNG make assumptions about the hardware that are algorithms. It is critical that a PRNG be properly not guaranteed. For example, operation timing seeded from a reliable source. For example, measurements may not contain the expected most PRNGs included in standard software amount of randomness under all system libraries use predictable seed or state values or configurations. Techniques that rely on user produce output that can be distinguished from events may not be reliable in unattended random data. systems such as servers. 3. The Need for TRNGs Anyone who considers Even though arithmetical methods of A true random number generator (TRNG) it is possible for producing random digits uses a non-deterministic source to produce applications to is, of course, in a state of randomness. Most operate by measuring produce their own sin. unpredictable natural processes, such as thermal secure random – (1951) (resistance or shot) , atmospheric noise, or data, many do not. nuclear decay. The entropy, trustworthiness, and Reviews by performance all depend on the TRNG design. Cryptography Research frequently identify weaknesses in . A PRNG by itself will be insecure without a Similarly, Christopher Allen and Tim Dierks of TRNG for seeding. Seeding requires a source of Consensus Development report that “most true randomness, since it is impossible to create common problems [found in software security true randomness from within a deterministic reviews] were related to random number system. seeding.”5 Bruce Schneier writes, “Good On computers without a hardware RNG, random-number generators are hard to design, programmers typically try to obtain entropy for because their security often depends on the seed data using existing peripherals. The most common techniques involve timing user 4 PGP is available from Network Associates, Inc. 5 Dierks, T., and Allen, C., “Lessons from Doing 3 BSAFE is a software toolkit available from RSA Source Code Reviews of Commercial Products,” Data Security, Inc. Consensus Development, 1997. 2 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH particulars of the hardware and software. Many products we Voltage High- Noise 6 Controlled Speed examine use bad ones.” Amplifier Oscillator Oscillator Ian Goldberg and David Wagner found that Netscape’s Johnson Thermal random number generator seed Noise Source was derived from “just three (Resistor) Super Latch quantities: the time of day, the process ID, and the parent process ID. Thus, an adversary who can Control/ FIFO Digital Corrector predict these three values can Status Reg. apply the well-known MD5 to compute the exact seed generated.”7 Although most Bus RNG flaws are not reported, Figure 1: Block diagram of the Intel RNG problems are common, partly because cryptographic software libraries often prove randomness, we have analyzed Intel’s leave it to programmers to find reliable sources design assumptions, design, and testing of seed material. procedures, as well as performed statistical tests on RNG output data. In many cases, system designers are faced with a trade-off between security and For this review, Cryptography Research convenience. For example, to avoid having to performed a series of tests and evaluated the collect fresh seed data each time the program results of experiments performed by Intel. Raw loads, many software applications store their data and design specifications for the analysis seed material on the hard drive where there can were provided by Intel. be a risk of compromise. The best sources for unpredictable data involve timing user processes, which add undesirable complexity to 4.1. Noise Source user interfaces. Johnson noise (commonly referred to as thermal noise), , and flicker noise are 4. Architecture Analysis present in all resistors. They have electrically measurable characteristics and are the result of Measuring randomness is as much a random electron and material behavior. philosophical debate as it is a mathematical The Intel RNG primarily samples thermal issue. An infinite sequence of random numbers noise by amplifying the voltage measured across will carry a known statistical distribution. It is undriven resistors. In addition to a large random impossible, however, to prove whether any component, these measurements are correlated finite set of numbers is actually random. For to local pseudorandom environmental example, the 128-bit value “0” is just as likely to characteristics8, such as electromagentic occur as hexadecimal “7c26b1b7f931eedb1f7e- radiation, temperature, and power supply e1b84764ae93”. Although it is impossible to fluctuations. The Intel RNG significantly reduces the coupled component by subtracting

6 Schneier, B., “Security Pitfalls in Cryptography,” Counterpane Systems, 1998. 8 For an introduction to physical noise sources and 7 Goldberg, I. and Wagner, D., “Randomness in the externally coupled noise sources, see section 7.11 of Netscape Browser,” Dr. Dobb’s Journal, January Horowitz, P. and Hill, W., The Art of Electronics; 1996. Cambridge, MA: Cambridge University Press, 1980. 3 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH the signals sampled from two adjacent resistors. resemble a . The modulated Circuitry used for amplification or signal frequency has standard deviation that spans handling should preserve as many of the approximately 10-20 high frequency components of randomness as possible. Intel’s periods; indicating that the process is design was found to have a high degree of significantly varied by the random source. linearity and bandwidth for passing high Provided that a significant random component is frequency signals to later stages. present in the low-speed oscillator, additional nonrandom effects should not reduce the quality of the RNG output. For example, environmental 4.2. Dual Oscillator Architecture interference should only add additional unpredictability to the results. Intel reports that The Intel RNG uses a random source that is the modulation bandwidth is approximately 2 derived from two free-running oscillators, one times the variable oscillator’s center frequency. fast and one much slower. The thermal noise This fast response preserves useful components source is used to modulate the frequency of the of high frequency noise from the random slower clock. The variable, noise-modulated source. slower clock is used to trigger measurements of The oscillators used in the Intel RNG have the fast clock. Drift between the two clocks thus center frequency ratios on the order of 1:100. If provides the source of random binary digits. both run without drift, the sampled bits could be Similar RNG designs using independent “colored” with beats periodicity at multiples of oscillators are well known.9,10 the ratio. Statistical tests were used to try to locate such beats in the sampled bitstream, but Thermal Noise could not be detected in over 108 output bits.

Low-frequency oscillator 4.3. Digital Post-Processing The initial random measurements are processed by a hardware corrector based on a 1 concept proposed by John von Neumann to produce a balanced distribution of “0” and “1” bits.11 A von Neumann corrector converts pairs 0 of bits into output bits by converting the bit pair High-frequency oscillator Data to corrector = 1 [0,1] into an output 1, converting [1,0] into an output 0, and outputting nothing for [0,0] or Figure 2: Overview of dual-oscillator design (frequency [1,1] ratio not to scale) .

Input bits Output The slow oscillator frequency must be 0,0 none significantly perturbed by the noise source, in 0,1 1 addition to any pseudorandom environmental, 1,0 0 electrical, or manufacturing conditions. 1,1 none Recorded histograms of modulated frequency Figure 3: Von Neumann corrector

9 Velichko, S. “Random-number Generator Prefers Imperfect Clocks.” EDN Access, 1996. (http://ednmag.com/reg/1996/112196/23_di04.cfm). 10 Hoffman, Eric. Random Number Generator, 1996, 11 The hardware corrector design is pending by U.S. Patent 5,706,208. Intel Corporation. 4 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH

The corrector is a simple way to Is there any hope for strong portable randomness in the future? generate statistically balanced outputs There might be. All that's needed is a physical source of from data with residual bias. In particular, unpredictable numbers. A thermal noise or the corrector prevents imbalances in the source and a fast, free-running oscillator would do the trick fast clock’s duty cycle from biasing the directly. This is a trivial amount of hardware, and could easily output. Intel has enhanced the von be included as a standard part of a computer system's Neumann corrector to reduce the effect of architecture… All that's needed is the common perception any bit to bit correlations that might exist among computer vendors that this small additional hardware in the dual oscillator source. and the software to access it is necessary and useful. – Eastlake, Crocker, and Schiller , “RFC 1750: Randomness One consequence of the corrector is Recommendations for Security,” IETF Network Working that the RNG has a variable bitrate. The Group, December 1994. corrector generates an average of one bit for every 6 raw binary samples. The RNG’s exceptional performance (over 75 A large number of generalized statistical Kbit/sec after the corrector) exceeds the TRNG tests for randomness have been proposed, such 12 13 requirements for all standard cryptographic as the DIEHARD specification, FIPS 140-1 , applications, but the variable rate could and Knuth’s14 tests. The test suite for the Intel complicate some esoteric usage scenarios. While RNG included the following: it is not possible to prove that the RNG will produce an output bit in any finite time period, ƒ Block Means Spectral analyses ƒ the probability of a long delay is negligibly Random walk test ƒ Block Mean correlations, 1-129 small. ƒ Block means Corrector output is queued in a 32-bit ƒ Periodogram register and provided to the software layer. The ƒ Spectral analyses; hi, med, lo smoothing ƒ interface assures that random outputs cannot be Spectral analyses, adjusted for correlations ƒ read twice and that each read operation returns Autocorrelations, blocking and no blocking ƒ 8,16-bit Maurer test fresh random data. ƒ 4,8,16-bit Monkey test ƒ 4,8,16-bit Goodness of Fit ƒ Komolgorov-Smirnov test of trend 4.4. Statistical Evaluation ƒ CR/LF test ƒ Overall mean Because subtle output correlations are ƒ Column means always a possibility, the verification process has ƒ Run length variances included a wide array of statistical tests by ƒ FIPS 140-1 test suite Cryptography Research and by Intel. These tests are designed to detect nonrandom characteristics Tests were performed on at least 80 by comparing statistical distributions in large megabits of continuous RNG output. Major tests samples of actual RNG outputs against such as the autocorrelation and bit frequency distributions expected from a perfect random tests were run at a variety of extreme source.

Tests were performed both before and after 12 the digital post-processing. Tests on pre- Marsaglia, George. DIEHARD Statistical Tests, corrected data help to identify characteristics Florida State University. 13 Federal Information Processing Standards that might be difficult to detect after the Publication 140-1, “Security Requirements for correction process. All statistical tests were Cryptographic Modules,” U.S. Department of performed on data prior to the software library’s Commerce/NIST, Springfield, VA: NTIS, 1994. SHA-1 mixing, as the SHA operation would 14 Knuth, Donald E. The Art of Computer mask nonrandom characteristics. Programming: Seminumerical Algorithms, Vol. 2, ch. 3, Addison Wesley Longman, 1998. 5 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH environmental conditions and on devices SHA-1 is an effective mixer because it produced at extremes of manufacturing process combines variable size inputs to generate parameters. All of these tests were performed at independent output bits with excellent statistical confidence level of 1% and 5%. The only tests distributions. The cryptographic properties of identifying any statistically significant deviation SHA destroy any remaining statistical structure from values expected from a perfect random and make it computationally infeasible to source were minor deviations in tests involving recover the seed state. spectral analysis. The Intel Security Driver uses a SHA-1 The analysis by Cryptography Research mixer with 512 bits of state. The SHA-1 placed particular emphasis on areas that would construction cryptographically combines all identify statistical biases or failure modes in the RNG output since SDK initialization. To RNG. Cryptography Research performed tests to produce each 32-bit output, 32 bits of fresh data detect biases in pre- corrector data. from the RNG are supplied to the mixing function, as diagrammed below. The addition of As expected, significant biases are present new random output reflects solid conservative before the corrector. By far the largest approach, but is not necessary as the cycle nonrandom characteristic detected was the bias length of the mixing function should exceed in the ratio of “0” and “1” bits. In devices 2200. operating under extreme environmental conditions, bit frequencies were observed on the ± -2 order of .5 10 . Data with a 1% bias has 0.9997 Starting state (64-bytes = 16 words) bits of entropy per bit. Higher biases are possible under other conditions or manufacturing parameters, but the von Neumann corrector will improve the output quality. Hash Input to Copy Discard Applications directly accessing the RNG (SHA-1) mix process should make more conservative assumptions about the output quality. Although our estimates indicate that the hardware provides over 0.999 bits of entropy per output bit, a conservative New state assumption of ½ bit of entropy per output bit can generally be used without any significant RNG performance impact. output Figure 4: SHA-1 mixer design

4.5. Software Architecture Cryptography Research has performed a The Intel software library uses a mixing review of the SHA-1 code, and has tested the function based on the Secure Hash Algorithm implementation of the SHA-1 and mixer. (SHA-1).15 SHA-1 constructions are widely used, are recommended in a number of literature sources16,17,18, and are believed to be very strong.

17 Eastlake, Crocker, and Schiller, “RFC 1750: 15 Federal Information Processing Standards Randomness Recommendations for Security,” IETF Publication 180-1, “Secure Hash Standard,” U.S. Network Working Group, December 1994. Department of Commerce/NIST, Springfield, VA: 18 Federal Information Processing Standards NTIS, 1995. Publication 186, “ Standard,” U.S. 16 Ellison, C., “Cryptographic Random Numbers”, Department of Commerce/NIST, Springfield, VA: http://www.clark.net/pub/cme/P1363/ranno.html. NTIS, 1994. 6 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH

4.6. Operational Testing solution. It is also not possible to guarantee that manufacturing flaws, intentional sabotage, and Intel’s manufacturing and test process is other unexpected failures will never occur. designed to detect most component failures. As such, chances of independent RNG field failure should be very low. In situations where system security requires good randomness, careful 5. Conclusions testing and analysis of failure modes is advisable. For example, particularly sensitive In producing the RNG, Intel applied applications can independently test the integrity conservative design, implementation, and of the random source. testing approaches. Design assumptions about the random source, sampling method, system In the specific case of the Intel RNG, we consistency, and algorithm appear appropriate. believe the most likely failure modes cause the Careful attention was paid to analyze and avoid output to be “stuck” in one state (e.g., stuck on), likely failure modes. causing no output from the von Neumann corrector. Failures could also cause the output We believe that the Intel RNG is well-suited from the corrector to stick in a fixed state. An for use in cryptographic applications. Direct use oscillating state (which would produce an output of Intel’s software libraries should simplify the of 101010101…) is theoretically possible but design and evaluation process for security unlikely. Partial failures are more difficult to products. Alternatively, developers can combine detect19 and could reduce the entropy of the data from the Intel RNG with data from other output, but many such faults would be fixed by sources. For example, data from the Intel RNG the corrector. can be safely exclusive-ORed with output from any independent RNG. The Intel RNG will help Intel specifies that all hardware RNG units designers avoid relying on proprietary entropy must pass the FIPS 140-1 randomness tests at gathering techniques in critical security time of manufacture. For added assurance, the routines. We believe the Intel RNG will prevent Intel Security Driver also performs the RNG many RNG failures and improve the integrity self-tests defined in the FIPS 140-1 and security of cryptographic applications. cryptographic specification (monobit, runs, and poker) when the RNG is initialized. If desired, Cryptographically, we believe that the Intel additional tests could be performed, but the RNG is strong and that it is unlikely that any existing test suite should detect most failures. computationally feasible test will be found to distinguish data produced by Intel’s RNG Many aspects of a system’s operational library from output from a perfect RNG. As a security are, of course, beyond the scope of this result, we believe that the RNG is by far the review. While a good RNG is needed for good most reliable source of secure random data cryptographic security, other parts of a system available in the PC. can also fail. For example, properly seeding a defective PRNG does not provide a secure

19 Knuth, D.E. The Art of Computer Programming: Seminumerical Algorithms, Vol. 2, ch. 3, Addison Wesley Longman, 1998. 7 ANALYSIS OF THE INTEL TRUE RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH

About Cryptography Research Paul Kocher Cryptography Research provides technology Cryptography Research President and Chief and services to companies that build and use Scientist Paul Kocher (paul@ cryptography products. The company has a cryptography.com) has gained an strong technical focus and is active in many international reputation for consulting work areas of research. In 1998 and academic research in cryptography. He alone, systems designed by Cryptography has provided applied cryptographic Research engineers protected more than a solutions to clients ranging from start-ups to billion dollars of commerce and secured Fortune 50 companies. As an active communications for financial, wireless, contributor to major conferences and telecommunications, digital television, and standards bodies, he has helped design Internet industries. many cryptographic applications and protocols including SSL v3.0. His development of timing attacks to break Benjamin Jun RSA and other algorithms was widely Benjamin Jun ([email protected]) received by the academic community. More is a member of the research and engineering recently, Kocher led research efforts that staff at Cryptography Research. As a discovered Differential Power Analysis, cryptosystem architect, he has performed developed new methods for securing system architecture and hardware smartcards against external monitoring development on a number of secure and attacks, and designed the record-breaking fault-resistant systems. Some of his recent DES Key Search machine. His work has efforts include the development and been reported in forums ranging from evaluation of secure content distribution technical journals to CNN and the front systems. page of the New York Times. Paul is also a co-founder and the Chief Scientist of Ben has also held positions at IDEO Product ValiCert, Inc. Development, Bain and Company, the National Institute of Standards and Technology, and the Institute for Defense Analysis. He holds BS and MS degrees in electrical engineering from and is an NSF Graduate Fellow and a Mayfield Entrepreneurship Fellow.

Contact Information Cryptography Research, Inc. 870 Market Street, Suite 1088 San Francisco, 94102-3002 http://www.cryptography.com E-mail: [email protected] Telephone: 415.397.0123 Fax: 415.397.0127