Right-click here and choose "Save as..." to download the

Or just browse the source code here.

Interface

The theoretical ORB bit-rate for a fast host system can be calculated from r = 64 / (64 t₂ + 63 t_3,1 + t_3,2). This yields r = 1133 bits/sec in the typical case, without any host delays. Tested through the ISA bus on a 100 MHz Pentium PC, a bit-rate of 1050 bits/sec was typical. 

Two quirks in the ORB's behavior should be considered when designing an interface with the ORB. First, during the time that the ORB waits for BReq to be raised, it will enter a standby mode after about 1.5 ms. If Breq is raised by the host at the exact moment that ORB enters standby, ORB will fail to respond. The host should then toggle BReq low and high again to wake the ORB. Second, a single instruction drops the BAvail line and puts the bit on the Bit line. Depending on lead lengths and capacitances, the logic state of the Bit line may not have changed when the falling edge of BAvail is detected. It is prudent to wait a short time before reading the Bit line. 

See the Application Examples for more interface information. 
 

Entropy Generation

During each round, 261 bits are processed through the circuit. The 261 bits used to determine the stimulus defy description in plain english, and the following notation will be used: 

Bits r_i, i = 1...256 are the residual data from the MD2 hash function 
Bits u_i, i = 1...128 are the unique ID number of the chip 
Bits s_i, i = 1...261 are the stimulus bitstream 
Bits d_i, i = 1...261 are the resulting LSBs from the A/D 
Bits e_i, i = 1...248 are the entropy pool 
Symbol Å denotes the XOR function

s₁ = 1, s₂ = 0, s₃ = 1, s₄ = 0, s₅ = 1 
s_i = r_i-5 Å d_i-1, i = 6...261

The last 248 A/D result LSBs are XOR'ed into the entropy pool: 

e_i = e_i Å d_i+13, i = 1...248

The distribution of voltages on the capacitor in response to a random stimulus stream has not been analytically determined, but a simulation gives the following distributions for three resistor values. This motivates the choice of the 100K value, because it "explores" a wide range of charge states but does not spend much time at the extremes, where entropy generation would be reduced. 

Data Flow

Bits h_i, i = 1...128 are the MD2 hash result 
Bits c_i, i = 1...32 are a rounds counter 
Bits t_i, i = 1...8 are the PIC's internal TMR0 timer

1) The entropy pool is hashed using MD2 producing both the hash h and the residual data r. The MD2 hash was chosen because it is simple and compact enough to be implemented on the PIC12C67X, and despite considerable effort since 1992, it has not been "broken." It also has the nice property of producing the residual data (normally discarded) which is nominally white. Symbolically: 

[h,r] = MD2(e)

r_i = r_i Å u_i, i = 1...128

r_i = r_i Å (~u_i-128), i = 129...256

3) The rounds counter c is incremented. This counter functions to reduce the likelihood of cycles in the process. In continuous use at 1000 bits/sec output. The rounds counter will overflow every 8.7 years. Symbolically: 

c = c + 1 mod 2³²

e_i = e_i Å h_i, i = 1...128

e_128+i+8j = e_128+i+8j Å t_i, i = 1...8, j = 0...6

e_184+i+32j = e_184+i+32j Å c_i, i = 1...32, j = 0...1

When the chip is first powered up, the entropy pool is initialized to the unique ID and the first 120 bits of its complement. The rounds counter is initialized to zero. Steps 1) through 7) above are then repeated 40 times to accumulate entropy. After that the first 64 bits of the hash result are sent to the host before each round. 
 

Design Objectives

ORB is not designed to be physically secure. For example, most of the entropy generation can be thwarted by grounding Pin 7. A user requiring physical security would need to take additional appropriate measures. 

Through Release 0 (licensed chips) and Release 1 (Open Source) the design has been thoroughly tested and appears to meet its objectives.