Entropy as a Service Protocol
Securing the Internet requires strong cryptography, which depends on good entropy for generating unpredictable keys. Cryptography is fundamentally important for protecting data in transit over the Internet or at rest on devices. Today, the security of data protected by cryptography depends not on secret algorithms, but primarily on having strong keys and keeping them secret. Generating strong cryptographic keys is no simple matter.
Experts recommend using deterministic random bit generators (DRBGs), but the sequence of numbers generated by a DRBG can be traced predictably to the seed (initial value) supplied to the generator. Thus, DRBGs must be seeded with hard-to-guess random data from a reliable source. In information theory, such so-called “high-entropy” sources provide true randomness. They are usually based on nondeterministic physical processes such as ring oscillators or some kind of quantum behavior. In contrast, most practical computer systems rely on events like mouse movements, keyboard stroke timings, network events, and hard-disk access times to generate hard-to-guess random data for seeding DRBGs. Although sometimes plausible, such sources often provide only a limited amount of unpredictability. This problem is exacerbated in computing environments that often lack the sources of nondeterminism harnessed by traditional computers for harvesting entropy: embedded devices, IoT devices with limited computational capabilities, cloud computing, etc.
This project introduces entropy as a service architecture and a related protocol EaaSP that provides entropy from a decentralized root of trust, scaling across diverse geopolitical locales and remaining trustworthy unless much of the collective is compromised. This novel approach is intended to address the proverbial Achilles’ heel of cryptographic security protection, namely the lack of strength of the keys used to protect critical data and enable clients on the Internet and IoT to benefit from high-quality entropy in order to unlock the full potential of cryptography.
The objective of this project is to define a protocol allowing independent implementation by all vendors of products that generate cryptographic keys to obtain strong random data from a remote source on the network to use in local key generation.
The development of an Entropy as a Service Protocol (EaaSP) that enables clients to obtain true random data from a remote server to strengthen local key generation.
If you want to contribute, please follow the simple rules below and send us pull requests.
- Updates to specs, JSON, etc should take place within the ./src/*.xml files.
- Prior to commit, merge, pull request, ensure all files can be processed correctly.
If you would like to talk to our developers, you may want to send email to our developers. You may also report bugs.