Introduction

The PICoRNG is a USB random number generator making use of the well-known diode avalanche effect, affordable, secure, and with good software support. It's the first USB RNG with cryptographic anti-tamper protection.

With this device, you no longer need to depend on these black boxes in your CPU to provide you random data.

Important Notes

About the product

• This product is intended for people with considerable technical expertise. No support is provided here. Community support is provided on our GitHub and Discord.
• The product images may not be an exact reflect of the product you received. Using different components with the same or similar functionality is the standard practice of electronics manufacturing.

Features

• Tiny in size
• Low power consumption
• Full featured software
• Built-in random quality check
• Unique anti-tamper measures (see Security section below)
• Board schematics and all software are all open sourced

Specs

This device is capable of generating ~7.5 KiB of good quality random data per second, which is enough for generating a dozen of ssh/gpg keys per minute when the random data is feed to system.

Components

• MCU: Microchip PIC16LF1454
• Diodes: 3x 2N3904 in SOT-23-3

Board

• PCBs manufactured at JLCPCB
• ICSP connector with last NC pin removed
• LEDs: Orange - Power, Blue - USB, Green - Busy

Power consumption

• Idle, Power only: 5V 5mA
• Idle, USB connected: 5V 9mA
• Working: 5V 34mA

Software

• OS support: Linux, BSD and MacOS [1]
• Uses custom USB protocol instead of CDC ACM [2]
• Feeds random data to system, or simply write them to stdout
• Automatic random quality checks using 3 different algorithms
• Device pairing and anti-tamper measures (see Security section below)
• Ability to interact with multiple devices

[1] Windows simply doesn't have an API to make the system use user supplied entropy. If you are still using this insecure OS, it's time to change.

[2] So it won't mess up your serial port numbers, and other programs won't accidentally read/write to the device.

Random Data Quality

Here's an example output of its quality measurement. The code is from the well-known ent tool.

The device is plugged into a USB hub on my desk, with many electronic devices (various development boards & programming tools, my phone) surrounding with ~10cm distance.

================================

Entropy = 7.994014 bits per byte.

Optimum compression would reduce the size of this 32768 bytes stream by 0 percent.

Chi square distribution for 32768 samples is 271.67, and randomly would exceed this value 22.60 percent of the times.

Arithmetic mean value of data is 127.3828 (127.5 = random).

Monte Carlo value for Pi is 3.119575169 (error 0.70 percent).

Serial correlation coefficient is -0.007028 (totally uncorrelated = 0.0).

================================

Security

Eliminate the problems by discovering them.

Randomness

The device is not shielded, so the randomness will clearly be affected if there is EM interference nearby, naturally or man-made. However, the quality of random data is assured by three different random quality checks (from the ent utility) with different time ranges (we will be happy to add more checks in the future). You'll be notified if the random quality is compromised. Unless the attacker is able to compromise the host device (your PC/Server/RPi/whatever) as well, their attempts (decrease randomness or replay a pre generated random data sequence) will most likely be unsuccessful.

Physical Safety

We use a MCU, and it's actually better than a fixed purpose USB to Serial chip. Here's the reason: You have no way to tell if this device is tampered from the PC side. Because all those USB to Serial chips looks identical from the PC side. An attacker can easily simulate a common FTDI / SiLabs CP210x / WCH CH34x USB to Serial bridge chip with exactly the same product name & serial number using a MCU. If you're a valuable target, they can even use a FPGA to accurately simulate the chip's I/O timing characteristics.

The device authenticity is verified using the ECDH algorithm. In the pairing process, the PC generates an ECDH keypair, stores the private key in MCU and stores the public key in PC. The private key in the MCU can't be read out. In the verification process, the PC generates a new ECDH keypair each time, sends the public key to the MCU and asks it to calculate the shared secret. The PC also calculates the shared secret using this time's private key and the public key we stored earlier. Then the two results will be compared. If they're same, then the verification is passed.

Of course this mechanism depends on the ruggedness of the MCU. This tiny PIC16 is relatively new, doesn't have a VDDCORE/VCAP pin, and we already enabled the code readout protection and fast BOR. But this obviously can't prevent someone taking the device into a lab to do more sophisticated attacks. However, this usually can't be done in a short time.

So the whole point is: the attacker can't replicate a device with the same private key in a short time, that is, short enough to let them remain undetected.

Also, since the entire device is open sourced, you can implement more security measures by yourself, such as wiping the flash after consecutive BOR events, or simply cut off the programming pin traces and put some black epoxy onto the PCB.

Shipping

The device will be shipped with firmware pre-programmed. If you think someone can alter its firmware during the shipping process, simply flash it again with a PICKit.

Physical modifications can be easily observed by comparing the device you received with our photos & the BOM list included in the schematic.