Slashdot Mirror
VIA C3 Random Number Generator Reviewed
An anonymous reader writes "VIA has added a hardware
random number generator to its Nehemiah C3 CPU. I found a recent review
of its security. Interesting how it's done at the instruction level as opposed to
the chipset level used by the i810 RNG (also reviewed there)."
Hell, I couldn't even predict what would come next
Oh wait...
In Canada, we don't fancy things like socks
Was just some guy they trained to sit there and yell numbers at them.
Developer: Hey! Gimme a number!!!
Idiot in corner: uh Seven boss!
---- The real Slashdot is still here. You just have to browse at -1 to read the comments.
VIA Launches Seventh Generation 'Nehemiah' CPU Core, the First x86 Processor to Market with Embedded Security Features
Combining an integrated PadLock(TM) Data Encryption Engine with a wealth of enhanced performance features, the new generation VIA C3(TM) provides the lowest power native x86 platform for the fast-growing market of connected PCs and home entertainment centers
Taipei, Taiwan, 22 January 2003 - VIA Technologies, Inc., a leading innovator and developer of silicon chip technologies and PC platform solutions, today announced its new generation VIA C3(TM) processor integrating the 'Nehemiah' core. With its powerful PadLock(TM) Data Encryption Engine, this next generation VIA C3 is the first native x86 processor on the market with embedded security features that enhance the protection of sensitive corporate and personal data.
Available now at a speed of 1GHz, the new processor core is based on an advanced new CoolStream(TM) processor architecture that delivers all the necessary performance for running even the most demanding digital media applications while maintaining ultra low levels of power consumption and heat dissipation.
"The launch of the seventh generation VIA C3 processor extends our leadership in enabling the development of secure, quiet-running small form factor system designs for a rapidly growing number of exciting new lifestyle and productivity applications such as home digital media entertainment and connected computing," commented Paul Hsu, Executive Assistant to the President and Head of VIA's CPU Business Unit. "Integration of embedded security features in the processor provides the most robust and cost-effective solution for addressing the increased demands among individuals, businesses, and government organizations for enhanced authentication and protection of their data in today's connected world."
PadLock(TM) Data Encryption Engine
The PadLock Data Encryption Engine has been integrated into the new generation VIA C3 processor to ensure greater confidentiality, integrity, and authenticity of electronic data either stored in the computer or transmitted over a network or the Internet, and enables a host of powerful new security applications, including heavy-duty data encryption and safer online transactions.
At its heart is an advanced Random Number Generator (RNG) that uses random electrical noise on the chip to securely produce random number values, and features a direct application level interface through a new x86 instruction. Developers can obtain random numbers directly from the hardware without having to use separate software drivers, thereby providing an inherently more secure and efficient solution than combined hardware/software RNG architectures. The RNG includes several operating modes, offering performance from 750K bits per second to as high as 6 million bits per second.
"VIA's incorporation of a hardware random number source on the processor die is exciting for developers, since it provides a simple and effective way of obtaining high quality randomness. This is particularly important for security and cryptography applications, since it is notoriously difficult to generate random numbers of adequate quality without a hardware random number generator," said Paul Kocher, President of Cryptography Research, Inc. and co-inventor of SSL 3.0. "I am enthusiastic about the benefit to applications such as secure web browsing, cryptographic key generation, and protocols where randomness is required."
CoolStream(TM) Architecture
Based on the advanced CoolStream architecture, the new generation VIA C3 processor has a highly efficient design that, when coupled with the VIA Apollo CLE266 chipset, delivers performance increases of up to 20% over the current version of the VIA C3 processor in mainstream productivity applications and up to 73% for 3D graphics applications, while continuing to deliver the same benefits of low power and minimal heat dissipation.
New performanc
I'm playing around with bittorrent.
As a test, I put the PDF file of the review of the hardware RNG up here (The summary is here).
If you have bittorrent installed, feel free to try to download from me.
ok, i couldnt find the original strip, but here goes from memory:
.. and maybe that holds for your calculator too :-)
accounting troll: this is our random number generator
troll: 9
troll: 9
troll: 9
dilbert: are you sure that's random?
accounting troll: thats the problem with randomness, you really can't be sure.
mats
One man's ceiling is another man's floor.
No. Generally the idea of devices is just to amplify thermal noise. Thermal noise is produced at the microscopic level with atoms bouncing into each other. There's no way to predict that... unless you tap directly into the generator (in which case it's simpler to just get the data on the computer before it's encrypted).
Opus: the Swiss army knife of audio codec
Aye, but nothing can be truly random
Actually, if Heisenburg theory of uncertainty holds true, which is supported by the unexplainable phenomena of singluar photon diffraction, random numbers are totally possible at the sub-atomic level and are not difficult to manipulate. This article hardly touches on how the numbers are generated, which lends me to question how valid this technology actually is.
Great Atrocit
The ideal source for random numbers has always been physical sources, such as the white noise you see on your television screen when tuned to an unused channel. The noise is generated by remnants from the big bang, and is cryptographically unusable (since the numbers are recordable by anyone). But is a good test for statistical algorithms such as evolutionary computation (which depend on randomn initial states).
The idea of using electrical currents secured on a chip is much sounder - since the noise is locally generated and very difficult to tap. I project that as quantum mechanics become more mainstream, the random quantum effects of electrons will be tapped to generate even sounder and accessible random signals.
Actually, I've heard of some experiment where people were asked to fake a "coin tossing session" and write down the results. Generally, you could tell it's fake because when "generating random numbers" people tend not to repeat sequences.
Opus: the Swiss army knife of audio codec
Isn't it interesting how much importance we place on quote unquote "true" randomness of numbers? We expect (or at least hope that) a computer can generate random numbers time and time again without fail...
But any human being would prove horrible at such a task... In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...
I guess that's the point of computers though...if we could all calculate as fast as a computer, process data as fast as a computer, and perform other tasks as fast and as well as a computer, we wouldn't need computers, now would we?
Random number generation is an interesting topic though because it is often seen as a fault of computers... People claim that computers are "incapable" of generating random numbers. So are human beings... I can understand a computer not being able to store a floating point number with a hundred digits after the decimal point being considered a fault, because FEASIBLY a human being COULD perform the operations and have the value exact out to a hundred decimal places. But with random numbers...a human couldn't do it even remotely as well a computer can, so why is it considered such a weakness of computers? Maybe the power of computers to break their own codes because numbers aren't truly random is the reason they are sought after in the first place.
would be to use radioactive decay to generate random numbers. Very easy to implement using existeng technology, one of the few things that is completely random, and it's infinitely scalable to boot. A system I envision would simply moniter a radioactive sample for 1000 milli or micro seconds. Every sample time, it would record the number of fission events and if even, turn a bit on, if odd, turn the bit off. Then withing the space of a second you have a 1000 bit-long number that is COMPLETELY random.
With this system perhaps it's possible to emulate the electric fields that generate the random number. Admittedly, with any complexity at all (as in a chip) this becomes impractical to do, but hey, why go for almost random when you can have truly random?
Man, you know you're hardcore when you get excited about a built in random number generator.
Sample convo after purchase:
[girlfriend] Honey, what is that?
[you] (with great awe) The Vee-Eye-Aye Nehemiah C3 CPU with-
[girlfriend] How much did that cost?
[you] Wait, lemme finish-
[girlfriend] Rent. Where is it.
[you] But it has a-
[girlfriend] You are not going to tell me that you spent our next month's rent on that *censored* piece of plastic.
[you] (correcting happily) Silicone!
You stare off. Slowly, you speak.
[you] But it has a...random..number...generator. For strong...uh...crypto. You know, cryptography? Big numbers? Random?
*the sound of footsteps trail away from you*
[you] Honey?
or imagine a giant P2P random number generator, something like Linux's entropy pool, but across many nodes. The problem with this is that you cannot trust external sources for input, but perhaps you could "cross the streams" and safely mix them?
It reminds me of Random.org, a web site/service that generates random numbers for you. I think they even sell CDs of random numbers.
1. Random numbers
2. ???
3. Profit!!!
cpeterso
I don't understand what your post means...
... and is not turing complete
> If a machine can not generate a truly random number (not seed based)
That's true, a deterministic machine can't generate a "truly" random number by definition. On the other hand, we can generate numbers that are cryptographically strong (infeasible to distinguish from "true" random numbers) on a deterministic machine, and we can build nondeterministic machines. This is about a nondeterministic machine.
>
"Turing complete" refers to the computational power of a language or programming model -- that it can express any program that a turing machine can express. A turing machine can compute anything that we know how to compute, so saying that a machine is turing complete means that you can code any computable task on it. No machine is truly turing complete, because all machines are finite, but we think of basically everything that can compute (including humans) as turing complete.
So, what does this have to do with artificial intelligence? Do you mean turing test?
> can it be called Artificially Intelligent?
Probably not, since nobody has written a computer program yet that we would think of as "intelligent."
This is awesome, but I feel it kind of skews one of the great things about CPUs. Presently, the same piece of code, run a million times, will always produce the same outcome, and follow the same path of execution (providing it accesses no hardware - ie, no io instructions). With the addition of this instruction, you no longer have this fixed execution path.
Still, with IO this 'problem' exists anyway (although only at ring 0 -intel). It just makes it difficult for heuristic anti-virus progams, and debugging etc, when the path of execution can be arbitrary. Nonetheless, I think its a cool concept, and great its being done at ring 3.
I.O.U One Sig.
1. A good hardware built-in RNG introduced ...
2. Everybody starts using it
3. Some guys in a CPU company change it to not so good
hardware RNG (for example f(x)=exp(sin(x)) etc)
4.
5. Profit?!
I've got your random number RIGHT HERE...
5,246,549!
I am a filthy pirate.
Despite my best efforts at randomly naming folders and subfolders, and randomly placing permissions on them, and then randomly naimg the files without any type of extension on them, my girlfriend is able to quickly locate and identify my porn - even though she barely knows how to operate a computer in general, let alone Linux. She is a natural at breaking encryption.
* Freewheeling means that these oscillators are not tied to a crystal, and the frequency they oscillate at is not precisely locked at any exact rate (as would be the case if it employed a crystal.) These minute variations in frequency are the source of entropy the chip designers are actually gathering.
The sampled bits are then "whitened" to reduce biases, and the whitened bits are stored in a FIFO queue until used.
The paper in the article explains all this, and it talks about a couple of other cool cryptogeek features. You can change the bias voltage via CPU instruction (which would affect the jitter,) but each request of "randomness" comes with a pedigree indicating what bias settings were used! Finally, Cryptography Research's testing showed that they believe the chip (with whitening enabled) is capable of generating bits with an entropy of 0.99 bits/output bit, although they recommend trusting only a conservative entropy factor of about 0.75 bits/output bit. And since it generates bits at a rate of 30-50 million bits per second, most applications can probably afford to throw away a few in the name of entropy.
John
John Walker, the founder of Autodesk, has made a system like that, from which offers random bits:
HotBits/Styx
Atom-Age made a hardware box that produced 64K of random numbers with /amplifier. There was no whitening or other tricks played
every character entered in the serial port. They spent a lot of time
isolating each stage to ensure no noise got to the thermal noise
generator
to make the numbers 'more random' There were 3 sets of batteries,
a 9V for the noise source, C Cells for the microprocessor, and D cells
to run the serial interface. The whole thing was encased in a steel box
with sheilding around the connector and indicator lights. Analysis of
the numbers showed very good randomness.
Unfortunatly at $200 it never really sold well.
They did release the code in the processor for inspection,
I'm not sure about the schematics, probably not.
Starman97@Gmail.com (bring it on spammers)
392! 3892! 7489!
feel free to use any of those if you're short on cash and cant upgrade just yet.
THEY ARE ALL OPEN SOURCE - FREE AS IN I'LL SUE YOU WHEN YOU GOT MONEY TO PAY!
I don't need no instructions to know how to rock!!!!
This VIA chip is producing 30-50 million bits per second.
Also, each radiological decay event would have more potential to cause bit rot in your normal CPU, memory or other chipset's operations.
John Walker is already doing exactly this, producing random bits with a system he calls HotBits. Take a look at this page for his system and a good explanation. Of course I also think it may help to live in a castle with a 1-meter-thick-concrete-lined cistern located three-basement-levels-down to stick your Krypton-85 source in...
And while using nuclear decay would raise the geek factor so high as to be measurable on a geiger counter, the manufacturing and disposal licensing and other handling problems that would accompany any usage of nuclear materials would be more than onerous for any company that had an economical alternative.
John
I remember when Cyrix had it's 100MHz CPUs with huge fans and everybody tweaked them to 133MHz, every long-term calculation on that involving FPU would give random numbers as the result... ;-)
So, where is the novelty?
iThink iHate iMod
You know, when you're able to use quote marks (" for example) in a written medium, you really don't need to spell out quote unquote as well. It really just doesn't make any sense - we can see the quote marks you used, spelling that idiom out doesn't add anything. People sometimes say "quote unquote" because you can't see the quote marks in their speech. Even this practice is ill-advised as it makes one sound like a drooling marketdroid (e.g. "At the end of the day, we need to quote unquote actualize profits by exceeding expenses with net income in order to meet quote-unquote business objective. Take an action quote-unquote item").
This is the most bizarre thing I've seen all day. Please don't do it again. Thank you.
XML causes global warming.
The guy's name is Heisenberg. Sorry for nitpicking, but three posts in a row mispelling his name is a bit too much. The school I went to was named after him, incidently.
Switch back to Slashdot's D1 system.
Everyone should use the same random number.
I think 23 is a good one, nice an prime, and close to 21 too!
Actually, the random number generator is the math coprocessor. And they are not even the first to think about this: such techniques were pioneered by Intel in the first Pentiums
Does anyone know when VIA intend to release an EPIA MiniITX motherboard with a Nehemiah-cored C3 CPU? Apparently the M10000 they released recently was supposed to be so equipped, but turned out to only have a 1GHz version of the older Ezra-T C3 core. Since the Nehemiah core has a lot of improvements, this random number generator amongst them, I'd rather hang out for it than buy an M10000 now.. but how long must I hang?
Is this a troll? Nevertheless, it is stupid, for a few reasons: 1) The Mersenne Twister is not cryptographically secure. 2) Even if it were, it would still need to be seeded with entropy, such as the kind provided by the VIA generator. 3) There's a big difference between entropy and pseudo-random numbers, anyway. 4) Entropy is crucial in many security-related applications. Of course, given sufficient entropy, you can stretch it out with a good cryptographic PRNG.
The Beatle random number generator:
number 9
number 9
number 9
The monty python random number generator:
6, no 8...AAAAaaahhhhhhh
the ask a person to guess a number between 1-10 random number generator
7
3
the Slashdot random number generator
3.14, 1701, 2001, 69, 1337
The Microsoft Random number generator
7,7,7,7 yes its random, says so in the eula
the pepsi random number generator:
1
the buffy random number generator:
"you dare insult buffy? you are stupid AND you suck."wait, that was the "angery buffy fan response to a minor critque of the show generator"... my bad.
The Kruger Dunning explains most post on
I remmeber going to the university science library when I was 14 to try to find out how to write a program to generate random numbers...found a big yellow book about pseudo-random number generators and thought, no, I want a real random number generator...of course I opened the book and discovered that it is impossible inside a deterministic system...you have to stick an antenna into an external universe...then I thought where the fuck did the universe get noise? Why isn't the universe one big symmetric crystal?
Now I sit here looking at a 2 billion year-old hypernova and no one here can answer this question (There are at least 5 cosmoligists within spitting distance of me right now)...
In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...
What do you mean by "very good" odds? If you ask a TRNG (true random number generator) for 3 random numbers, odds are quite good (40%) that it will give you at least two sequential ones. This is just rough math (supplied upon request) off the top of my head with the assumption that 9 and 0 are considered to be adjacent; odds would be slightly lower if we reject this. My point is that your example has fairly significant odds, even by a TRNG.
But with random numbers...a human couldn't do it even remotely as well a computer can, so why is it considered such a weakness of computers?
Humans can toss a coin or roll a die or spin a wheel. Those are actually decent ways to generate numbers. It's an ability to interface with entropy that humans have (and computers don't, unless you want to stuff a natural/mechanical/chaotic process into a hardware RNG). And the sequences generated by humans in those ways are not easily recreated or predicted and a seed value doesn't really exist to weaken the scheme either (as it does with software RNGs). Assuming you give the wheel/die/coin a really good spin!
Consider a deterministic pseudorandom number generator that's highly sensitive to its initial conditions. Maybe that's the universe and we don't know it because we can't determine the initial conditions with absolute certainty nor can we even determine its current state with sufficient accuracy.
... a computational process that defines how the universe operates. This process is only (universally) taking us toward increasing entropy, so it's a randomizing process by nature. Really I think that order is the oddity ... not randomness.
What if space and time are discrete (Ed Fredkin and so on)? Of course, space couldn't be a rigidly even lattice (it could be a network of loosely connected nodes), but in this sense you have a rigorous foundation for modelling the evolution of the universe from one state to the next
___
The ends are ape-chosen, only the means are man's. -- Aldous Huxley
Similar to what Douglas Adams suggested as a random number generator, 25 years or so ago, I guess. This implementation is a little more convenient - although slightly less tasty - than a fresh really hot cup of tea.