HArdware Volatile Entropy Gathering and Expansion: generating unpredictable random number at user level

André Seznec 1 Nicolas Sendrier 2
1 CAPS - Compilation, parallel architectures and system
IRISA - Institut de Recherche en Informatique et Systèmes Aléatoires, Inria Rennes – Bretagne Atlantique
2 CODES - Coding and cryptography
Inria Paris-Rocquencourt
Abstract : The availability of a random number generator with high cryptographic qualities on a computer is one of the central issues of cryptographic implementations. HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a new software heuristic for generating unpredictable random numbers on PC s and workstations. PCs and workstations are built around modern superscalar microprocessors. These processors feature complex hardware mechanisms that aim to increase performance. A significant part of the global state of the microprocessor is not architecturally visible through the instruction set (e.g. caches, branch predictors and buffers). HAVEGE leverages the uncertainty introduced in the internal states of the processor by external events. HAVEGE combines entropy/uncertainty gathering from the architecturally invisible states of a modern superscalar microprocessor with pseudo-random number generation. First we show that the hardware clock cycle counter of the processor can be used to gather part of the uncertainty introduced by operating system interruptions in the internal state of the processor. Tens of thousands of unpredictable bits can be gathered per operating system interruption in average. Then, we show how this entropy gathering technique can be combined with pseudo-random number generation in HAVEGE. Since the internal state of HAVEGE includes thousands of internal volatile hardware states, HAVEGE features a very high security level. HAVEGE also reaches an unprecedented throughput for a software unpredictable random number generator: more than 100 Mbits/s with off-the-shelf workstations and PCs.
Document type :
Reports
[Research Report] RR-4592, INRIA. 2002
Liste complète des métadonnées

https://hal.inria.fr/inria-00071993
Contributor : Rapport de Recherche Inria <>
Submitted on : Tuesday, May 23, 2006 - 7:29:32 PM
Last modification on : Friday, January 13, 2017 - 2:16:33 PM
Document(s) archivé(s) le : Sunday, April 4, 2010 - 10:47:59 PM

Identifiers

  • HAL Id : inria-00071993, version 1

Collections

Citation

André Seznec, Nicolas Sendrier. HArdware Volatile Entropy Gathering and Expansion: generating unpredictable random number at user level. [Research Report] RR-4592, INRIA. 2002. <inria-00071993>

Share

Metrics

Record views

620

Document downloads

237