lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Mar 2022 04:16:29 +0000 From: Duke Abbaddon <duke.abbaddon@...il.com> To: torvalds@...ux-foundation.org Subject: Dev/Random : Importance : Our C/T/RNG Can Help GEA-2 Open Software implementation of 3 Bits (T/RNG) Not 1 : We need Chaos : GEA-1 and GEA-2 Implementations we will improve with our /Dev/Random Dev/Random : Importance Our C/T/RNG Can Help GEA-2 Open Software implementation of 3 Bits (T/RNG) Not 1 : We need Chaos : GEA-1 and GEA-2 Implementations we will improve with our /Dev/Random We can improve GPRS 2G to 5G networks still need to save power, GPRS Doubles a phones capacity to run all day, Code can and will be improved, Proposals include: Blake2 ChaCha SM4 SHA2 SHA3 Elliptic Encipher AES Poly ChaCha Firstly we need a good solid & stable /dev/random So we can examine the issue with a true SEED! Rupert S https://science.n-helix.com/2022/02/interrupt-entropy.html TRNG Samples & Method DRAND Proud! https://drive.google.com/file/d/1b_Sl1oI7qTlc6__ihLt-N601nyLsY7QU/view?usp=drive_web https://drive.google.com/file/d/1yi4ERt0xdPc9ooh9vWrPY1LV_eXV-1Wc/view?usp=drive_web https://drive.google.com/file/d/11dKUNl0ngouSIJzOD92lO546tfGwC0tu/view?usp=drive_web https://drive.google.com/file/d/10a0E4Gh5S-itzBVh0fOaxS7JS9ru-68T/view?usp=drive_web https://github.com/P1sec/gea-implementation "GEA-1 and GEA-2, which are very similar (GEA-2 is just an extension of GEA-1 with a higher amount of processing, and apparently not weakened) are bit-oriented stream ciphers." "A stream cipher, such as the well-known RC4 or GEA-1, usually works through using the Xor operation against a plaintext. The Xor operation being symmetrical, this means that encrypting should be considered the same operation as decrypting: GEA-1 and GEA-2 are basically pseudo-random data generators, taking a seed (the key, IV and direction bit of the GPRS data, which are concatenated), and the generated random data (the keystream) is xored with the clear-text data (the plaintext) for encrypting. Then, later, the keystream is xored with the encrypted data (the ciphertext) for decrypting. That is why the functions called in the target library for decrypting and encrypting are the same. GEA-1 and GEA-2 are bit-oriented, unlike RC4 which is byte-oriented, because their algorithms generate only one bit of pseudo-random data at once (derived from their internal state), while algorithms like RC4 generate no less than one byte at once (in RC4's case, derived from permutation done in its internal state). Even though the keystream bits are put together by the current encryption / decryption C and Rust libraries into bytes in order to generate usable keystream, obviously. Based on this, you can understand that GEA-1 and GEA-2 are LFSR: Linear Feedback Shift Register-oriented ciphers, because their internal state is stored into fixed-size registers. This includes the S and W registers which serve for initialization / key scheduling purposes and are respectively 64 and 97-bit wide registers, and the A, B, C (and for GEA-2 only D) registers which serve for the purpose of keystream generation, which are respectively 31, 32, 33 and 29-bit wide registers. On each iteration of the keystream generation, each register is bit-wise rotated by one position, while the bit being rotated from the left towards the right side (or conversely depending on in which bit order you internally represent your registers) is fed back to the algorithm and mutated depending on given conditions. Hence, the shifted-out bit is derived from other processing, and reinserted, while being for this reason possibly flipped depending on conditions depending on bits present at the other side of the given register. This is the explanation for the name of linear feedback shift register (shift because of the shift operation required for the rotation, and linear feedback because of the constant-time transform operation involved). The rest of the register may also be mutated at each iteration steps, as in the case of the GEA-1 and 2, whole fixed Xor sequences (which differ for each register) may be applied depending on whether the rotated bit is a 0 or a 1. Note that a step where the register iterates is called clocking (the register is clocked), and that the fixed points where the register may be Xor'ed when the rotated bit becomes a 1 are called taps. The linear function which may transmute the rotated bit at the clocking step (taking several bits of the original register as an input) is called the F function. Those kind of bit-oriented LFSR algorithms, such as GEA-1 and 2 (for GPRS) and A5/1 and 2 (for GSM), were designed this way for optimal hardware implementations in the late 80's and early 90's." ***** NT Interrupt counter Entropy : A counter theory : RS "more importantly, our distribution is not 2-monotone like NT's, because in addition to the cycle counter, we also include in those 4 words a register value, a return address, and an inverted jiffies. (Whether capturing anything beyond the cycle counter in the interrupt handler is even adding much of value is a question for a different time.)" NT Interrupt counter Entropy : A counter theory : RS To be clear interrupts are old fashioned (NT & Bios) : Points Network cards have offloading? Yes & why cannot we? Offloaded does not mean that a time differential matrix HASH AES of 32Bit words, Cross pollinated though MMX, AVX , SiMD is plausible! Combined with even network latency timing & interrupt latency... Various system differentials can alternate line in our table per clock sync! In this reference Quartz clock instability is not only counter acted by NTP... But also utilized as a variable co-modifier. So why not also advantage ourselves of the clock frequency scaling effect to confuse odds again for Entropy (Random, Not Entropy) SSD does also have a write counter & a cleared state, not so boring as one thinks if per 32KB segment is hashed in 4Bit, 8,Bit 32Bit float! (remember we have DOT3 DOT 4 & INT8 in ML) We can utilize write cycle statistics & all hardware; Interrupts by themselves are rather Boring! Computed timings on processes multiplexed over 3 Threads per group in competition is also a potential complexifier of Random Rupert S https://science.n-helix.com/2018/12/rng.html https://science.n-helix.com/2022/02/rdseed.html https://science.n-helix.com/2017/04/rng-and-random-web.html https://science.n-helix.com/2022/02/interrupt-entropy.html https://science.n-helix.com/2021/11/monticarlo-workload-selector.html https://science.n-helix.com/2022/03/security-aspect-leaf-hash-identifiers.html https://science.n-helix.com/2022/02/visual-acuity-of-eye-replacements.html **** PreSEED Poly Elliptic SiMD RAND : RS Preseed ; 3 Seeds with AES or Poly ChaCha or even 1 : 2 would be rather fast Init Blending them would make a rather paranoid Kernel developer feel safe! :D Like so List: 3 seeds 32Bit or 64Bit : Examples : 1 Seed : Pre seeded from CPU IRQ & Net 16Bit values each & merged 2 & 3 from server https://pollinate.n-helix.com &or System TRNG 4 Seed mix 128Bit Value Advantages : AVX & SiMD Mixxer is fast 'Byte Swap & Maths etcetera" & MultiThreaded AES Support is common : * HASH : RSA Source Cert C/TRNG : (c)RS Elliptic RSA : Cert Mixer : RSA 4096/2048/1024Temporal : 384/256/192 ECC Temporal Centric Entropy HASH: Butterfly Effects Blake2 ChaCha SM4 SHA2 SHA3 Elliptic Encipher AES Poly ChaCha Elliptic : Time Variance : Tick Count Variance : On & Off Variance : IRQ * Time & Crystal : Quartz as a diffraction point fractal differentiator : RS RDTSC Variable bit differentiation & deviation of the quartz sub .0001 Value combined with complexity of unique interplay with Alternative clocks such as Network cards, Audio cards & USB Sticks & Bluetooth radio clocks & Ultimately the NTP Pools themselves when required. (TIME Differential Float maths) TSC : RDTSC : RDTSCP : TCE supports single and half precision floating-point calculations Processor features: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 htt pni ssse3 fma cx16 sse4_1 sse4_2 popcnt aes f16c syscall nx lm avx svm sse4a osvw ibs xop skinit wdt lwp fma4 tce tbm topx page1gb rdtscp bmi1 * For RDTSCP = TValue TV1=16.0685 TV2=16.1432 TV3=15.1871 When Processor Mzh = PV1 PV2 PV3 RAND Source = Es1 Es2 Es3 If Xt = 1.9 < then roll right ((TV1 - TV2) * (PV1 - PV2)) / ((TV1 - TV3) * (PV1 - PV3)) = FractorXt(Xt) Es1 * Xt = Differential Es2 Es3 (c) Rupert S Quartz as a diffraction point fractal differentiator : RS https://tches.iacr.org/index.php/TCHES/article/download/7274/6452 https://perso.univ-rennes1.fr/david.lubicz/articles/gda.pdf https://patents.google.com/patent/US9335971 * "Taking spinlocks from IRQ context is problematic for PREEMPT_RT. That is, in part, why we take trylocks instead. But apparently this still trips up various lock dependency analysers. That seems like a bug in the analyser's that should be fixed, rather than having to change things here. But maybe there's another reason to change things up: by deferring the crng pre-init loading to the worker, we can use the cryptographic hash function rather than xor, which is perhaps a meaningful difference when considering this data has only been through the relatively weak fast_mix() function. The biggest downside of this approach is that the pre-init loading is now deferred until later, which means things that need random numbers after interrupts are enabled, but before work-queues are running -- or before this particular worker manages to run -- are going to get into trouble. Hopefully in the real world, this window is rather small, especially since this code won't run until 64 interrupts have occurred." https://lore.kernel.org/lkml/Yhc4LwK3biZFIqwQ@owl.dominikbrodowski.net/T/ Rupert S ***** Serve C-TRNG QT Fractional Differentiator(c)RS Server C/TRNG Quarts Time * Fractional differentiator : 8Bit, 16Bit, 32Bit, Float Int32 : Fractional Differentiator : fig-mantuary micro differentiator. SipHash: a fast short-input PRF Rotation Alignment : "The advantage of choosing such “aligned” rotation counts is that aligned rotation counts are much faster than unaligned rotation counts on many non-64-bit architectures." http://cr.yp.to/siphash/siphash-20120918.pdf https://www.aumasson.jp/siphash/siphash.pdf "Choice of rotation counts. Finding really bad rotation counts for ARX algorithms turns out to be difficult. For example, randomly setting all rotations in BLAKE-512 or Skein to a value in {8, 16, 24, . . . , 56} may allow known attacks to reach slightly more rounds, but no dramatic improvement is expected. The advantage of choosing such “aligned” rotation counts is that aligned rotation counts are much faster than unaligned rotation counts on many non-64-bit architectures. Many 8-bit microcontrollers have only 1-bit shifts of bytes, so rotation by (e.g.) 3 bits is particularly expensive; implementing a rotation by a mere permutation of bytes greatly speeds up ARX algorithms. Even 64-bit systems can benefit from alignment, when a sequence of shift-shift-xor can be replaced by SSSE3’s pshufb byte-shuffling instruction. For comparison, implementing BLAKE-256’s 16- and 8-bit rotations with pshufb led to a 20% speedup on Intel’s Nehalem microarchitecture." https://www.kernel.org/doc/html/latest/security/siphash.html https://en.wikipedia.org/wiki/SipHash Code SIP-HASH https://github.com/veorq/SipHash Serve C-TRNG QT Fractional Differentiator(c)RS Server C/TRNG Quarts Time * Fractional differentiator : 8Bit, 16Bit, 32Bit, Float Int32 : Fractional Differentiator : fig-mantuary micro differentiator. As we see rotation may benefact from the addition of Quartz crystal alignment sync data from 4 cycles & aligning data blocks, Obviously we can pre share 4 64Bit blocks use use a pre seed AES/ChaCha Quad! Indeed we can have 16 64Bit pre Seeds & chose them by time sync for kernel Security bug; Solutions & explanation's (contains additional RANDOM Security Methods) :RS https://science.n-helix.com/2020/06/cryptoseed.html https://science.n-helix.com/2019/05/zombie-load.html https://science.n-helix.com/2018/01/microprocessor-bug-meltdown.html Rupert S https://science.n-helix.com *RAND OP Ubuntu : https://manpages.ubuntu.com/manpages/trusty/man1/pollinate.1.html https://pollinate.n-helix.com https://science.n-helix.com/2018/12/rng.html https://science.n-helix.com/2022/02/rdseed.html https://science.n-helix.com/2017/04/rng-and-random-web.html https://science.n-helix.com/2021/11/monticarlo-workload-selector.html https://science.n-helix.com/2022/02/visual-acuity-of-eye-replacements.html https://science.n-helix.com/2022/02/interrupt-entropy.html https://aka.ms/win10rng * Encryption Methods: https://tools.ietf.org/id/?doc=hash https://tools.ietf.org/id/?doc=encrypt HASH : https://datatracker.ietf.org/doc/html/draft-ietf-cose-hash-algs https://tools.ietf.org/id/draft-ribose-cfrg-sm4-10.html https://tools.ietf.org/id/?doc=sha https://tools.ietf.org/id/?doc=rsa Encryption Common Support: https://tools.ietf.org/id/?doc=chacha https://tools.ietf.org/id/?doc=aes SM4e does seem a good possibility for C/T/RNG CORE HASH Functions! ARM Crypto Extensions Code (Maybe AES Extensions would work here) https://lkml.org/lkml/2022/3/15/324 ARM Neon / SiMD / AVX Compatible (GPU is possible) https://lkml.org/lkml/2022/3/15/323 * 197 FIPS NIST Standards Specification C/T/RNG https://science.n-helix.com/2022/02/interrupt-entropy.html Only a Neanderthal would approve a non additive source combination that is injected into the HASH & Re-HASHED , One does not Procreate inadequate RANDOM from a simple bias KERNEL, Hardware RNG's added together may add around 450% Complexity! Hardware RNG devices MUST be able to Re-HASH to their 197 NIST Standards Specification, That is FINAL 2022 DT KEYS: trusted: allow use of kernel RNG for key material https://lkml.org/lkml/2022/3/16/598 CAAM PRNG Reference : https://lkml.org/lkml/2022/3/16/649
Powered by blists - more mailing lists