nRF5340 w/ 'Crypto: RNG', true or pseudo random numbers?

I am working w/ the nRF5340DK, and the project mentioned here (NCS v2.5.0, nrf/samples/crypto/rng). I was able to build/flash the project.

I wanted to verify whether the random numbers generated are pseudo random or true random. It appears to be true random (I get different numbers when I reset the board), but I wanted to double check.

What parameters, hardware, etc. would change whether it's pseudo or true? For example, does enabling/disabling something in KConfig, switching the hardware to nRF52840, etc. affect the result?

Parents
  • Hello,

    Yes, the RNG crypto sample uses the CC312 as the entropy source. In this sample, the psa_generate_random() function wraps around nrf_cc3xx_platform_ctr_drbg_get()

    /** @brief Function to get PRNG data using ctr_drbg
     *
     * @note  If the context is NULL the function uses an internal context.
     *
     * @details This function calculates random numbers using PRNG seeded by TRNG as
     *          defined in <em>NIST SP 800-90A: Recommendation for Random Number
     *          Generation Using Deterministic Random Bit Generators</em>. The
     *          random numbers are generated using Arm CryptoCell cc3xx hardware
     *          acceleration.
     *
     * @note Before calling this api the context to must be initialized by calling
     *       @ref nrf_cc3xx_platform_ctr_drbg_init.
     *
     * @note This API is only usable if @ref nrf_cc3xx_platform_init was run
     *       prior to calling it.
     *
     * @param[in,out]   context     Pointer to structure holding the ctr_drbg context.
     * @param[in]       buffer      Pointer to buffer to hold PRNG data.
     * @param[in]       length      Length of PRNG to get.
     * @param[out]      olen        Length reported out.
     *
     * @return 0 on success, otherwise a non-zero failure  according to the API
     *         mbedtls_ctr_drbg_random.
     */
    int nrf_cc3xx_platform_ctr_drbg_get(
        nrf_cc3xx_platform_ctr_drbg_context_t * const context,
        uint8_t *buffer,
        size_t length,
        size_t* olen);

    If you are unsure whether it is enabled in your application, you can check if the generated configuration file (if building without TF-M: build/zephyr/.config) contains CONFIG_ENTROPY_CC3XX=y. Another approach is to single-step through the code with a debugger.

    Best regards,

    Vidar

  • Thank you for the info. Just to confirm, even though this function uses the PRNG (which, by itself, means pseudo random numbers are generated), the result should be a true random number because it's 'seeded by TRNG'. Have I interpreted this correctly?

Reply Children
  • The output from this function is unpredictable as long as the seed generated by the TRNG is kept secret. Since generating random numbers directly with TRNGs is relatively time consuming, it is more efficient to use CTR DRBG as the random number source. The library automatically handles periodic reseeding from the TRNG. I'm not an expert on this subject, so I would recommend having a look at the NIST SP 800-90A paper if you want to read more about the CTR DRBG mechanism.

Related