It Turns Out CPU Speculative Execution Can Be Useful For Random Entropy / RNG
Written by Michael Larabel in Hardware on 29 September 2019 at 12:00 AM EDT. 16 Comments
HARDWARE --
While CPU speculative execution has caused a lot of frustrations over the past two years due to the likes of the Spectre vulnerabilities, it turns out CPU speculative execution can be exploited to be a viable source of random entropy for random number generators.

Particularly on newer Intel/AMD CPU microarchitectures where speculative execution is much more advanced than hardware from years ago, it's been found that measuring the execution time of loops relying upon speculation is random enough to be a cheap and speedy source of entropy. Straight-forward loops without any extra instructions obviously don't work out but with adding "useless" instructions in the mix does yield non-deterministic execution times when measured via RDTSC (reading the CPU timestamp counter).

Longtime kernel developer Thomas Gleixner who has been involved with a lot of the Spectre/Meltdown mitigation work was the one presenting his preliminary code and research on the topic. It's not necessarily as strong as some of the more rigid sources of entropy data, but it's quick and seems to work well particularly with newer CPUs as outlined in this mailing list post.

Linus Torvalds commented and he believes that this is not very reliable and a simple jitter entropy implementation. But he did post his own proof-of-concept code for improving the jitter entropy code based upon this.

We'll see where this work heads and if a future Linux kernel code could be making use of speculative execution for another source for random number generation.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week