search

dj-on-github / djenrandom

A C program to generate random data using several random models, with parameterized non uniformities and flexible output formats.
GNU General Public License v2.0
25 stars 5 forks source link

The SUMS model doesn't seem to calculate the transition probability correctly #1

Open joshuaehill opened 6 years ago

joshuaehill commented 6 years ago

I think the the following code:

double smooth_prob_move_from_center(double t)
{
    double prob_shiftout;

    prob_shiftout = 0.5L * exp(-0.5L * t *t);
    return(prob_shiftout);
}

has a problem.

I think that this is intended to calculate the probability that a sample taken from standard normal distribution is greater than t (if t>0) or less than t (if t<0). I think that the correct calculation would be something like: prob_shiftout = 0.5 * erfc(fabs(t)/sqrt(2));

dj-on-github commented 6 years ago

It depends on the behavior of the metastable latch which can very with the sampling behavior. There are two functions we have used in out internal intel model. I’ll go and dig up the expression and take a look. The model in the code does seem to match the physical result well though.

The intuitive model is dropping a ball on a hill. The ball have horizontal offset that has a gaussian distribution. The hill has the shape of the resolution curve of the metastable latch. It’s position is moved by the feedback circuit by an amount that is imllementation defined and is called the stepsize in my model.

DJ

On Thu, Apr 26, 2018 at 1:29 PM Joshua E. Hill notifications@github.com wrote:

I think the the following code:

double smooth_prob_move_from_center(double t) { double prob_shiftout;

prob_shiftout = 0.5L exp(-0.5L t *t); return(prob_shiftout); }

has a problem.

I think that this is intended to calculate the probability that a sample taken from standard normal distribution is greater than t (if t>0) or less than t (if t<0). I think that the correct calculation would be something like: prob_shiftout = 0.5 * erfc(fabs(t)/sqrt(2));

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/dj-on-github/djenrandom/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDBGZnOMgELfnFj6PY6KgebaQ_tyyZTks5tsi4rgaJpZM4TnjkG .

joshuaehill commented 6 years ago

I don't have any particular connection with the design, I'm just basing my comment on the write up in the CRI description of the model. The description of the model on page 13 of this report is broadly equivalent to the model implemented in the code here, with the exception of the difference I mentioned in this issue.

It may well be the case that there's some reason to calculate the probability differently than outlined in the CRI report.

dj-on-github commented 6 years ago

Yep. But none of it is in my head right now. That code was written years ago. I have some docs with the old and new models and the rationale. Going from 22nm to 7nm has had an effect too.

On a separate note, I’m writing a book on RNGs. It’s out in July. I reference your ICMC talk on min entropy of ring oscillators. Do you have a paper I can reference instead of the talk?

Thanks DJ

On Thu, Apr 26, 2018 at 1:46 PM Joshua E. Hill notifications@github.com wrote:

I don't have any particular connection with the design, I'm just basing my comment on the write up in the CRI description of the model http://www.rambus.com/wp-content/uploads/2015/08/Intel_TRNG_Report_20120312.pdf. The description of the model on page 13 of this report is broadly equivalent to the model implemented in the code here, with the exception of the difference I mentioned in this issue.

It may well be the case that there's some reason to calculate the probability differently than outlined in the CRI report.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/dj-on-github/djenrandom/issues/1#issuecomment-384783734, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDBGQZeBJZI1pNyIKTv8IKGAFnSn9N0ks5tsjI8gaJpZM4TnjkG .

joshuaehill commented 6 years ago

I don't, but the model I presented is close to the approach presented in "A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks" by Sunar, Martin, and Stinson.

dj-on-github commented 6 years ago

Ok. Thanks. I’ll take a look.

On Thu, Apr 26, 2018 at 2:15 PM Joshua E. Hill notifications@github.com wrote:

I don't, but the model I presented is close to the approach presented in "A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks" by Sunar, Martin, and Stinson.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/dj-on-github/djenrandom/issues/1#issuecomment-384791329, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDBGU3XEeagjKm3TaTPVFLOFE2mQWBcks5tsjj5gaJpZM4TnjkG .