SeedFlurry

SeedFlurry extracts secure IID entropy bytes from reliable onboard hardware.

Pricing

SeedFlurry proprietary license compliance includes a yearly fee of 1 BTC.

Example

The following C program is a POSIX SeedFlurry example (requiring C99-compliant bit widths in stdint.h for uint8_t, int32_t and uint32_t).

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>

void error(void) {
  exit(EXIT_FAILURE);
}

uint32_t allocate(uint32_t *mix_a, struct timespec *s) {
  int32_t is_clock_measurement;

  if (!(*mix_a)) {
    is_clock_measurement = clock_getres(CLOCK_REALTIME, s);

    if (is_clock_measurement == -1) {
      error();
    }

    is_clock_measurement ^= s->tv_nsec ^ 1;
  } else {
    is_clock_measurement = clock_getres(CLOCK_REALTIME, s);

    if (is_clock_measurement == -1) {
      error();
    }

    is_clock_measurement ^= s->tv_nsec;
  }

  if (s->tv_nsec != 1) {
    error();
  }

  *mix_a += is_clock_measurement;

  if (!(*mix_a)) {
    is_clock_measurement = clock_gettime(CLOCK_REALTIME, s);

    if (is_clock_measurement == -1) {
      error();
    }

    is_clock_measurement ^= s->tv_nsec ^ 1;
  } else {
    is_clock_measurement = clock_gettime(CLOCK_REALTIME, s);

    if (is_clock_measurement == -1) {
      error();
    }

    is_clock_measurement ^= s->tv_nsec;
  }

  *mix_a += is_clock_measurement;
  return s->tv_nsec;
}

uint8_t oscillate(uint32_t mix_a,
                  uint32_t *mix_b,
                  struct timespec *s) {
  uint32_t allocations[2] = {0, 0};
  uint8_t i;
  uint8_t j;

  while (allocations[0] == allocations[1]) {
    i = 0;

    while (i < 2) {
      allocations[i] += allocate(&mix_a, s);
      mix_a += allocations[i];
      *mix_b += mix_a ^ allocations[i];
      j = 0;

      while (j < 5) {
        mix_a += (mix_a >> 8) + *mix_b;
        *mix_b += 11111111;
        allocations[i] += allocate(&mix_a, s);
        mix_a += allocations[i];
        *mix_b += mix_a ^ allocations[i];
        j++;
      }

      i++;
    }
  }

  return mix_a;
}

uint8_t collapse(uint32_t mix_a, struct timespec *s) {
  return (mix_a + s->tv_nsec) & 7;
}

uint8_t seedflurry(void) {
  struct timespec s;
  uint32_t mix_a = 111;
  uint32_t mix_b = 1111;
  uint8_t entropy = 1;

  mix_a += allocate(&mix_a, &s);

  while (!(entropy >> 6)) {
    mix_a += oscillate(mix_a, &mix_b, &s);
    entropy = (entropy << 2) ^ collapse(mix_a, &s);
  }

  mix_a += oscillate(mix_a, &mix_b, &s);
  entropy = (entropy << 2) ^ collapse(mix_a, &s);
  return entropy;
}

int main(void) {
  uint8_t i = 0;

  while (i < 10) {
    i++;
    printf("Result %u is %u.\n", i, seedflurry());
  }

  return 0;
}

Qubit Emulation

SeedFlurry uses CPU oscillation measurements to mimic qubits (without either qubit decoherence or round-trip quantum computer errors).

oscillate mimics qubit superposition and quantum error correction.

allocate mimics auxiliary qubit allocation for quantum error correction.

collapse mimics qubit measurement.

seedflurry returns the entangled result of each collapse measurement.

Independence

Each seedflurry procedure entangles measurements of independent CPU time fluctuations within a pool of system-wide CPU time fluctuations.

The insignificance of system-wide CPU time fluctuations to an IID seedflurry byte is similar to the insignificance of rain drops to an IID coin flip.

Therefore, each seedflurry byte is independent.

Randomness Test Results

seedflurry returns 8 bits (with near-perfect entropy) as a conditioned result from entangling at least 1470 bits of sequential CPU time measurements.

SeedFlurry randomness tests were performed on an AMD A4-9120C with gcc -O3.

SeedFlurry yields excellent test results among several NIST SP 800-90B IID entropy assessment runs that each generated 1 million seedflurry bytes.

In ea_iid and ea_restart, SeedFlurry had an H_original of 7.86+ (out of 8), an H_bitstring of 0.997+ (out of 1) and no statistical test failures.

Entropy estimates improved (an H_original of 7.95+ and an H_bitstring of 0.999+) as the count of seedflurry bytes increased to 10 million.

Furthermore, SeedFlurry yields excellent results in statistical test suites (such as PractRand 0.96) without post-processing seedflurry output.

During a theoretical clock-setting attack in a compromised system, 52 is the worst-case precision of CPU time measurement bits per seedflurry byte.

After a simulated clock-setting attack (truncating each tv_nsec result to 1 bit), the aforementioned randomness quality estimates persisted.

Speed

oscillate uses fast PRNG mixing procedures for simultaneously generating CPU fluctuations and conditioning sequential CPU time measurements.

SeedFlurry speed tests were performed on an AMD A4-9120C with gcc -O3 in a #pragma GCC unroll 0 loop.

569 milliseconds was the fastest process execution speed among several test runs that generate (and hash) 1 million seedflurry bits sequentially.

Constrained SeedFlurry speed (compared to CSPRNGs) is suitable for generating sparse sequences of high-entropy bytes for cryptography.

Parallel seedflurry function invocations can increase speed in application-specific cases (within hardware capacity).

Compatibility

SeedFlurry is compatible with platforms that have a readable clock (with nanosecond-precision measurements and nanosecond-interval continuity).

Each platform-specific SeedFlurry implementation (POSIX or Windows) requires a brief evaluation of oscillate procedures (for entropy quality).

Reliability

SeedFlurry leverages the already-vetted hardware reliability of CPUs and OS system clocks.

SeedFlurry entropy quality is resistent to physical environment factors, VM constraints and entropy pool starvation.

seedflurry returns PQC-ready entropy that's non-blocking (aside from elapsed CPU time) and non-depletable (within hardware capacity).

Defensive code in seedflurry is resistant to -O3 compiler liberties (without requiring -O0) that could interfere with CPU time measurements.

Anomalous system clock measurement failures in seedflurry should fall back to alternative clock interfaces (instead of aborting with EXIT_FAILURE).

Auxiliary bit allocation with time measurement variance validation in allocate increases resistance against rapid clock-setting attacks.

Adversarial cases should be tested in a sandbox environment by setting the appropriate clock to a fixed time in parallel with seedflurry procedures.

Adversary testing ensures that seedflurry maintains high entropy even with up to 1 nanosecond of time continuity between each clock-setting attack.

Clock functions should be verified as immune to Y2K38 (for example, POSIX.1-2024 requires that the width of time_t is at least 64 bits).

SeedFlurry hasn't experienced any system clock measurement failures through substantial stress testing.

Open Source

SeedFlurry contributes to relevant open-source innovation by creating (and maintaining) the following hyper-efficient pseudorandom number generators.

GhostScramble is the hyper-efficient 64-bit PRNG.

RobotBurst is the hyper-efficient 64-bit CSPRNG.