Belgian boffins have proposed adding what they call “Canary Numbers” to random number generators (RNGs), in the hope and expectation they will fall off the twig if something goes wrong.
In this International Association for Cryptologic Research (IACR) paper, Vladimir Rozic, Bohan Yang, Nele Mentens and Ingrid Verbauwhede write that the extra outputs from the RNG could act as health checks to indicate “ageing, changes in operating conditions or active attacks” against RNGs.
In particular, their attention is on true random number generators (TRNGs) that derive their randomness from an entropy source like thermal noise. Both the United States National Institute of Standards and Technology (NIST) and the British Standards Institution (BSI) say health tests for TRNGs are a necessary part of implementations.
The problem, the Belgian group says, is that testing the randomness of a large random number is computationally intensive.
The idea of the Canary Number is to take not one, but two outputs from the TRNG: one, the high-entropy output, will be used by the application, while the second will be a low-entropy output. As they write:
Canary numbers have lower statistical quality than the raw numbers and they are more susceptible to changes in operating conditions. For this reason, monitoring canary numbers can be used for an early-warning failure detection, since the statistical quality of the canary numbers drops before the failure affects the raw numbers in a significant way.
This way, the “health check” module that's built into TRNG hardware doesn't have to work as hard as if it were trying to run statistical tests on the raw data stream – which means less-expensive hardware can be used, and the TRNG becomes more accessible.
For example, the researchers ran their “Canary Number” processing on the ~US$20 Xilinx Spartan-6 FPGA. ®