News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

on-chip random numbers

Started by aw27, April 13, 2018, 01:14:49 AM

Previous topic - Next topic

aw27

Reference:
https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide

This is a fast essay on the subject matter :

includelib \masm32\lib64\msvcrt.lib
printf PROTO :PTR, :VARARG
includelib \masm32\lib64\kernel32.lib
ExitProcess PROTO :DWORD
LIMIT equ 10

.data
fmt db "Random value %u: %llu",10,0
msg1 db "64-bit pseudo random numbers seeds using RDSEED",10,0
msg2 db 10,"64-bit high-quality random numbers using RDRAND",10,0

.code

main proc
        sub rsp, 28h
; Verify support for rdseed and rdrand
; rdrand
mov eax, 1
cpuid
bt ecx, 30
jnc exit
; rdseed
mov eax, 7
xor ecx, ecx
cpuid
bt ebx, 18
jnc exit

mov rcx, offset msg1
call printf

mov r15d, 1 ; generate from 1 to LIMIT seeds for pseudo-random number generator
@@:
rdseed r8 ; store a 64-bit random seed in destination register
jnc @b ; retry if no seed available in the entropy condioner
mov rcx, offset fmt
mov rdx, r15
call printf
inc r15d
cmp r15, LIMIT
jbe @b

; high-quality random numbers
mov rcx, offset msg2
call printf

mov r15d, 1 ; generate from 1 to LIMIT high-quality random numbers
@@:
rdrand r8 ; store a 64-bit high-quality number in destination register
jnc @b ; retry if no valid number available yet
mov rcx, offset fmt
mov rdx, r15
call printf
inc r15d
cmp r15, LIMIT
jbe @b
exit:
mov rcx, 0
call ExitProcess
main endp

end


Output:
64-bit seeds for pseudo random number generator using RDSEED
Random value 1: 11271964044411198033
Random value 2: 14819904872933026051
Random value 3: 11734536593662125914
Random value 4: 10178806003817372157
Random value 5: 16507044168887200704
Random value 6: 17015068959861677558
Random value 7: 9330418827117195449
Random value 8: 18272815394612035461
Random value 9: 1625390651447534182
Random value 10: 1624657990116424887

64-bit high-quality random numbers using RDRAND
Random value 1: 9866148806316864898
Random value 2: 13381141406723372343
Random value 3: 15942791537508244642
Random value 4: 11939218512590708444
Random value 5: 16677724538897210232
Random value 6: 13506647463992344196
Random value 7: 12752478826357554567
Random value 8: 373324759560139517
Random value 9: 12406571025380030795
Random value 10: 4471555834226138872


felipe

I downloaded the masm64sdk. I renamed the masm32 folder temporarily (don't want another partition) and i created a folder named masm32. There i putted (unzipped) all the files and i run makeall.bat.Every went ok. I have the build tools of visual studio 2017. Which are accessed in convenient cmds each with a particular purpose and with the environment variables ok for that cmd "session". So i assembled your nice demo (or full program, sorry  :redface:) with this command: ml64 /c test.asm. Everything ok, a test.obj was created. Then i linked with this command: link test.obj /ENTRY:main /SUBSYSTEM:CONSOLE. And everything was ok, a test.exe was created. Then i run this nice demo (full program too  :biggrin:) but it seems like the source flow was directly to the exit label. Which means i have an Intel without that nice capacity. Hey, but the program and article was great informative  :greenclp:. I even now have the masm64sdk. Thanks a lot aw27. (And hutch).  :icon14: :icon14: :greenclp:

hutch--

felipe,

From memory a software random produces better results than the Intel instruction. There are two algos, irand and seed_irand, set the seed first then call irand.

aw27

@felipe
Nothing i can do to help you. :(

@hutch
Your statement does not make any sense to me, unless you have inside information.

hutch--

Been a while since I did the test pieces on rdrand but there was a lot of documentation on the net of problems with rdrand including back doors from the NSA and others. The Linux guys among others refused to trust it by itself and opted for software random algos. My own testing with ENT showed rdrand was OK but that a software implimentation was often better and there was no risk of a back door. The action with a decent random algo is a good seeding technique that does what you require, either impossible to reproduce OR a seeding technique that is unique for a special purpose that IS reproducible.

Lonewolff

Interesting read Hutch.  :t

Would this work on AMD chips also (seeing as AMD is always trying to keep compatible with Intel)?

The hardware implementation would have to be faster to execute wouldn't it?

hutch--

Its probably easier to do a test piece, if its a late model AMD, it probably has RDRAND but its a reasonably late Intel mnemonic so I would not expect it on older hardware. I tested in with this 6 core Haswell that I am using as it is late enough to have the instruction. It works and would be useful but it was nothing exciting in either speed or randomness and there is the potential risk of a back door to help the NSA to break encryption.

Lonewolff

Yeah, it's pretty bad the backdoor 'in chip' state of affairs at the moment.

hutch--

felipe,

Try this one out on your computer, it test if RDRAND is available and if it is, it runs it.

aw27

I have not much faith on what people write about when they are unable to produce proofs.
And there is no proof whatsoever, only speculation.
I have done a lot of work on randomness in the past, namely I have a software called Ramdon Labs in my website. It can also retrieve true ramdom data from Random.org. I verified that most times data generated by artifitial means,  namely by CryptoMT or Crypto API, scores better in the tests than true random data from ramdom.org.
Of course, we can question whether the data from ramdon.org is indeed true random and in the end we can question everyting.
On the other hand, there are very good pseudo-random number generators, there are no doubts about that. But the secret does not lie in the seed! For example, with Mersenne Twister the next state can be found with the knowledge of only 624 previous states, even though the period is 219937.
The real problem is about having good sources of entropy, and since this is really difficult, the so-called cryptographically secure pseudo-random number generators add obfuscation on top of obfuscation, for example rotating bits or xoring them or xoring and rotating or swapping them or any other conceivable way. But they are not true random number generator, only very good at making almost impossible to find what the next number will be.

hutch--

I have long been a fan of "ENT" as a pseudo random algorithm is about as useful as its tests show. Many of the older common ones are very poor in their characteristics. The notion of what random is effects the evaluation of results, sub sonic rumbling of the universe is well respected, microphoned wind turbulence scores well, depending on your sense of humour, a recorded policy speech by whatever politician you wish to nominate or even our Kylie would probably do the job but "random" semantically  means without order which in turn means unpredictable and this is where it becomes useful in encryption.

I have seen the use of pseudo random generators for many simpler tasks, card shuffling, making an array non ordered for constructing trees and of course some games use them but it is in the field of encryption that high powered random number generators need to perform. The seed can be a weak point if its range is small enough and if the pseudo random generator has a low repeat rate it can be broken with enough computer grunt so decent algorithms and highly unpredictable seeds make sense, QWORD sized seeds tend to make guessing or brute forcing a seed a lot more difficult.

jj2007

Quote from: hutch-- on April 14, 2018, 04:12:20 PMI have long been a fan of "ENT" as a pseudo random algorithm is about as useful as its tests show.

And we have some experience with it, see e.g. Monte Carlo Simulation with RDRAND (32 bit). The tests started 8 years ago with Alex' algo. ENT and Diehard play also a role in the CAcert results - over 3,000 algos tested. With Ctr F, you may find inside the page your favourite random generator- it's fun to see some big names fail miserably, e.g. Excel 2013 function RAND(). Searching for FORTRAN or BASIC yields also some goodies ;)

aw27

There is another aspect, rdseed produces multiplicative brute-force prediction resistance numbers, and rdrand additive brute-force prediction resistance numbers. This mean that we can multiply and add them together obtaining high-quality random numbers with any number of digits we want.

Siekmanski

If you want real random data, connect a radio tuner to your computer and tune between 2 stations and record the data.  :bgrin:
Creative coders use backward thinking techniques as a strategy.

felipe

Quote from: hutch-- on April 14, 2018, 12:23:03 PM
felipe,

Try this one out on your computer, it test if RDRAND is available and if it is, it runs it.


RDRAND not supported
Press any key to exit ....

:(
Probably my i5 is from an old generation. Still has good features: hyper-threading, vm support and others...