HRNG for One Time Pad

Question

I have just advanced to the last grade of high school (in Denmark). In this year, we all get to do one big project, where we can build/invent/create whatever we want to "solve a problem". As I study Math, IT and electronics, I would like to build something where all these 3 subjects are included. I have thought about a project for a long time, but I don't really know about how much cryptography is applied in companies, so I would like your guidance before I start working for almost a year on it.

Many big companies use enciphering algorithms to protect any third-party companies/hackers to get access to sensitive data, however, not all the algorithms are safe and easy to use. I have been thinking about this problem for a long time now, especially because I love C#, cryptography and electronics, and making a product related to this subject would be very interesting. (This school project is "just" a school project. We don't really sell our products anyhow when we have finished them, but it will get higher ratings if it really is useful).

I have though about making a Hardware Random Number Generator connected with a program, which will XOR the file and keyfile together. I have thought about making a simple circuit like this one, using white-noise from an NPN transistor and/or an FM radio antenna tuned to unused frequencies. I would then collect these random output bits and send them to an Arduino (An open source electronics platform), which helps us send it through to a computer via USB. I will then program a C# application that would extract the random bits from the ARDUINO and XOR it with a file that we want to encrypt (One Time Pad).

My questions are (if you assume that I started a company selling our product):

1. Would it be useful for companies who need to keep their data safe?
2. Would the files encrypted with our "product" be safe?
3. I am aware of many other portable HRNG (List can be found here), however none of them seem to come with a program where they can be used. Most of them seed the linux dev/random. Can we "outperform" their product? (assuming size and transfer speed is the same, and I calculated the price to be roughly 65 US dollars).
4. Any idea how to improve my product? What should I do different?

I hope you can answer my questions and feedback my plans for my project. Thank you in advance for any help you can provide!

Answer 1

1. Would it be useful for companies who need to keep their data safe?

   No, a one-time-pad is only useful in very rare circumstances.

   The main issue is key-management. You can only use each pad once, it's as large as the data you want to encrypt, and you need to get it to all parties in a secure way.

   The direct competition of a one-time-pad is a stream cipher. They don't come with a proof of security, but are much easier to use, since they only have a small key(32 bytes or so) instead of a giant pad. Thanks to IVs the key reuse problem is much smaller too, you just need locally generate a random value of around 16 bytes.

2. Would the files encrypted with our "product" be safe?

   If you manage to do everything correctly, yes. But the key management is so annoying that mistakes such as pad reuse are likely, and it's not solving a practical problem. So nobody will use it.

3. Can we "outperform" their product?

   Hardware PRNGs are not that useful on desktop systems, since those tend to have sufficient entropy sources to seed a PRNG. Embedded systems which often suffer from entropy issues on the other hand typically can't afford a specialized HRNG module.

   Intel is also working on putting a HRNG into their CPUs, making it practically free. You can't compete against that.

Answer 2

One-Time Pads only protect secrecy
Encrypting with a one-time pad only protects the secrecy of the message. It does not protect the integrity of a message. An attacker can flip bits in the cipher-text and that will flip bits in the plain-text. To protect the integrity of the message you need some sort of Message Authentication Code (MAC). This can be done with perfect security using a universal hash, but you'll burn through at least twice a much pad material.

All things considered, it's a much better option to use something like AES in GCM mode. OTPs + universal hashes sound great in theory but in practice they're so difficult to use properly that it might actually turn out to be less secure due to pad re-use etc. etc.

Answer 3

Would it be useful for companies who need to keep their data safe?

Not exactly. The One-Time-Pad is extremely inconvenient. If your client has to encrypt a piece of plaintext that's 4GB large, then they will not only have to generate 4GB of random data, they also will have to share that pad with the receivers of that message, making it a total of 8GB of noise to transfer. Now, information theory says that noise can't be compressed. There are already other secure ways to encrypt data which are a lot more convenient. So companies definitely won't use your HRNG.

Would the files encrypted with our "product" be safe?

Not necessarily. Safety of an OTP lies in the randomness and secrecy of the pad itself. An eavesdropper must not get hands on the random pad, which must be destroyed for good after every use. If the OTP is not kept secret, then it can no longer be secure.

...Can we "outperform" their product? ...

Maybe, but not as a product in the market. You could always make something innovative, but others might not want to buy it, as they can make one on their own. Also, as CodesInChaos♦ mentioned, it is tough to compete against Intel's HRNG.

Any idea how to improve my product? What should I do different?

One thing you should stop is trying to use it for OTP. Instead use it for research under the Random Oracle Model. Try building a Random Oracle using your HRNG.