Random Number Generator

From ESP8266-RE Wiki
Jump to: navigation, search

It appears that the ESP8266 may actually have a high-quality hardware random number source.

It has been discovered that the 32-bit value at 0x3FF20E44 produces a different, apparently random, number every time it is read. Initial tests of data produced from this suggest that the results are statistically indistinguishable from an unbiased, full-entropy random bit source (data passes the NIST Statistical Test Suite for randomness (FIPS-140-2) as well as TestU01's Rabbit and Alphabit suites with no failures).

Notes:

  • It appears to be capable of producing data as fast as it can be read (which with an 80MHz clock is in the hundreds of millions of bits per second), without any loss in apparent randomness.
  • No bias or skew is apparent.
  • All bits from 0 to 31 appear to have equivalent distribution.
  • No apparent correlations of data, even after repeated cold (power-off) resets. (it appears fully random and different on every start up)
  • Initial tests suggest that writing to this port has no effect.

It is possible that this is, in fact, designed to be a hardware random number generator. Given its speed and it's apparently perfect (unbiased) distribution, it seems likely that this is not simply a pure hardware entropy source, but may also involve some hardware pseudorandom scrambling of some sort (possibly something along the lines of this cipher-based TRNG core). It is therefore unclear how much actual hardware entropy is involved, or whether there is any way to determine this.

TODO: More testing required to determine whether this is in fact random enough to be used for cryptographic purposes, etc

Initialisation

This register doesn't produce fully random numbers following a hard reset. Before the the PHY layer is initialised (in the RTOS SDK this is in the register_chipv6_phy() function), the sequence is pseudo-random and identical following each reset event (however a new pseudorandom sequence appears if power is cycled). After the register_chipv6_phy() function has run, the sequence appears to become fully random.

(Speculate that either there is a hardware PRNG that's being fed by some entropy source in the PHY, maybe the 2.4GHz PLL jitter or maybe something else. Or possibly just a PRNG that is being stepped at high speed via the PHY clock, whereas before the clock starts it is only stepping manually Projectgus (talk))

Usage

  • Starting with IoT SDK V1.1.0, Espressif uses this register as an entropy source. Libphy function phy_get_rand() (which is called by the general random number function os_get_random()) XORs the value of this register with a value from RAM, adc_rand_noise. adc_rand_noise is updated in the internal function pm_wakeup_init, it gets set to the result of the function get_adc_rand().
  • esp-open-rtos uses this register as the mbedTLS entropy source.