search

dyne / Zenroom

Embedded no-code VM executing human-like language to manipulate data and process cryptographic operations.
https://dev.zenroom.org
GNU Affero General Public License v3.0
188 stars 61 forks source link

Docs: list vector testing next the prng FIPS140-2 #613

Open andrea-dintino opened 1 year ago

andrea-dintino commented 1 year ago

The docs should should explain how the vectors are tested and that can be checked

jaromil commented 1 year ago

The are no vector tests for the PRNG. Everywhere in Zenroom we are using verbatim the implementation in milagro by Mike Scott.

/*
 *   Cryptographic strong random number generator
 *
 *   Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
 *   Slow - but secure
 *
 *   See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
 */

The tests we run and already show on the docs are not in CI, they use the Shannon algorithm to measure entropy and show its variance across a large number of runs. The entropy benchmark is available in every instance allowing Lua execution 

I.print( BENCH.entropy() )

Also the frequency of Hamming distance can be measured at run-time:

I.print( BENCH.random_hamming_freq() )

This is code defined in src/lua/zenroom_bench.lua

The values returned can be used by the caller to authorize execution only above a certain threshold, thus returning errors on hardware with poor entropy.

The CI tests about random only check deterministic behavior of the PRNG.

In the broader context of final implementations, we have experience of implementing the Fortuna PRNG outside Zenroom in its host (caller application), which should keep the state of the seed pool across different executions.