Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
203 views
in Technique[技术] by (71.8m points)

c++ - True random numbers with C++11 and RDRAND

I have seen that Intel seems to have included a new assembly function to get real random numbers obtained from hardware. The name of the instruction is RdRand, but only a small amount of details seem accessible on it on Internet: http://en.wikipedia.org/wiki/RdRand

My questions concerning this new instruction and its use in C++11 are the following:

  1. Are the random numbers generated with RdRand really random? (each bit generated from uncorrelated white noise or quantum processes? )

  2. Is it a special feature of Ivy Bridge processors and will Intel continue to implement this function in the next generation of cpu?

  3. How to use it through C++11? Maybe with std::random_device but do compilers already call RdRand if the instruction is available?

  4. How to check whether RdRand is really called when I compile a program?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I designed the random number generator that supplies the random numbers to the RdRand instruction. So for a change, I really know the answers.

1) The random numbers are generated from an SP800-90 AES-CTR DRBG compliant PRNG. The AES uses a 128 bit key, and so the numbers have multiplicative prediction resistance up to 128 bits and additive beyond 128.

However the PRNG is reseeded from a full entropy source frequently. For isolated RdRand instructions it will be freshly reseeded. For 8 threads on 4 cores pulling as fast as possible, it will be reseeded always more frequently than once per 14 RdRands.

The seeds come from a true random number generator. This involves a 2.5Gbps entropy source that is fed into a 3:1 compression ratio entropy extractor using AES-CBC-MAC.

So it is in effect a TRNG, but one that falls back to the properties of a cryptographically secure PRNG for short sequences when heavily loaded.

This is exactly the semantic difference between /dev/random and /dev/urandom on linux, only a lot faster.

The entropy is ultimately gathered from a quantum process, since that is the only fundamental random process we know of in nature. In the DRNG it is specifically the thermal noise in the gates of 4 transistors that drive the resolution state of a metastable latch, 2.5 billion times a second.

The entropy source and conditioner is intended to SP800-90B and SP800-90C compliant, but those specs are still in draft form.

2) RdRand is a part of the standard intel instruction set. It will be supported in all CPU products in the future.

3) You either need to use inline assembly or a library (like openssl) that does use RdRand. If you use a library, the library is implementing the inline assembler that you could implement directly. Intel gives code examples on their web site.

Someone else mentioned librdrand.a. I wrote that. It's pretty simple.

4) Just look for the RdRand opcodes in the binary.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...