|
RDRAND (previously known as Bull Mountain〔〕) is an instruction for returning random numbers from an Intel on-chip hardware random number generator. RDRAND is available in Ivy Bridge processors and is part of the Intel 64 and IA-32 instruction set architectures. AMD added support for the instruction in June 2015.〔〕 The random number generator is compliant with security and cryptographic standards such as NIST SP 800-90A, FIPS 140-2, and ANSI X9.82.〔 Intel also requested Cryptography Research Inc. to review the random number generator in 1999 and 2012, which resulted in two published papers: ''The Intel Random Number Generator'' in 1999,〔 〕 and ''Analysis of Intel's Ivy Bridge Digital Random Number Generator'' in 2012.〔 〕 RDSEED is similar to RDRAND and suitable for producing seed material. The RDSEED generator and processor instruction rdseed are available with Intel Broadwell CPUs〔〕 and AMD Zen CPUs. == Overview == The CPUID instruction can be used to check whether the central processing unit (CPU) supports the RDRAND instruction on both AMD and Intel CPUs. If supported, bit 30 of the ECX register is set after calling CPUID standard function 01H. AMD processors are checked for the feature using the same test. RDSEED availability can be checked on Intel CPUs in a similar manner. If RDSEED is supported, the bit 18 of the EBX register is set after calling CPUID standard function 07H.. The opcode for RDRAND is 0x0F 0xC7, followed by a ModRM byte that specifies the destination register and optionally combined with a REX prefix in 64 bit mode.''Intel Secure Key'' is Intel's name for both the RDRAND instruction and the underlying random number generator (RNG) hardware implementation,〔 which was codenamed "Bull Mountain" during development.〔 Intel calls their RNG a "digital random number generator". The generator uses an on-processor entropy source, which passes the randomly generated bits to an Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner to distill the entropy into non-deterministic random numbers. A deterministic random-bit generator is seeded by the output from the conditioner, providing cryptographically secure random numbers to applications requesting them via the RDRAND instruction.〔Intel states that RdRand employs the NIST SP800-90 standard, which specifies four random number generators: CTR DRBG (used by RDRAND), Hash DRBG, HMAC DRBG,〔 and Dual_EC_DRBG. The latter is alleged to be kleptographic. However, Intel states that RDRAND only uses CTR_DRBG.The RDSEED instruction was added to Intel Secure Key for seeding another pseudorandom number generator, available in Broadwell CPUs. The entropy source for the RDSEED instruction runs asynchronously on a self-timed circuit and uses thermal noise within the silicon to output a random stream of bits at the rate of 3 GHz. The two instructions may appear to have similar functions. However, the RDSEED instruction is intended for seeding a software PRNG of arbitrary width, whereas the RDRAND is intended for applications that merely require high-quality random numbers.抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「RdRand」の詳細全文を読む スポンサード リンク
|