SideRand: A Heuristic and Prototype of a Side-Channel-Based Cryptographically Secure Random Seeder Designed to Be Platform- and Architecture-Agnostic

Generating secure random numbers is vital to the security and privacy infrastructures we rely on today. Having a computer system generate a secure random number is not a trivial problem due to the deterministic nature of computer systems. Servers commonly deal with this problem through hardware-based random number generators, which can come in the form of expansion cards, dongles, or integrated into the CPU itself. With the explosion of network- and internet-connected devices, however, the problem of cryptography is no longer a server-centric problem; even small devices need a reliable source of randomness for cryptographic operations - for example, network devices and appliances like routers, switches and access points, as well as various Internet-of-Things (IoT) devices for security and remote management. This paper proposes a software solution based on side-channel measurements as a source of high-quality entropy (nicknamed “SideRand”), that can theoretically be applied to most platforms (large servers, appliances, even maker boards like RaspberryPi or Arduino), and generates a seed for a regular CSPRNG to enable proper cryptographic operations for security and privacy. This paper also proposes two criteria - openness and auditability - as essential requirements for confidence in any random generator for cryptographic use, and discusses how SideRand meets the two criteria (and how most hardware devices do not).

💡 Research Summary

The paper addresses a fundamental problem in modern cryptography: how to obtain high‑quality, unpredictable random numbers on deterministic computer systems without relying on proprietary hardware. While servers and high‑end workstations often use dedicated hardware random number generators (HRNGs) or CPU‑integrated instructions such as Intel RDSEED/RDRAND, these solutions are costly, power‑hungry, and opaque. The rapid proliferation of network‑connected devices—routers, switches, access points, and a myriad of IoT gadgets—means that many platforms lack any dedicated entropy source, yet they still need secure keys, nonces, and session identifiers.

To fill this gap, the authors propose SideRand, a software‑only entropy collector that exploits side‑channel timing variations of ordinary CPU instructions. The core idea is simple: run a deterministic, compute‑intensive loop (e.g., a series of integer additions or multiplications) many times, and record the elapsed time of each iteration with the highest‑resolution timer available on the platform. Because modern CPUs are heavily pipelined, share caches, and dynamically adjust voltage and frequency, the exact duration of an identical instruction sequence fluctuates in a way that is difficult to predict. These timing deltas constitute raw entropy.

The collected timestamps are stored in a buffer (typically a few thousand samples) and then fed into a cryptographic hash function—SHA‑256 in the reference implementation. Hashing performs a strong mixing operation: even a single‑bit change in the input produces a completely different 256‑bit output, thereby eliminating any residual bias or structure in the raw measurements. The resulting hash value is used as a seed for a conventional CSPRNG (e.g., ChaCha20, AES‑CTR), which then supplies the actual random bytes required by applications.

Platform and architecture independence is a major focus. The authors evaluate SideRand on Linux, Windows, and macOS, covering x86‑64, ARM (Raspberry Pi 3/4), and even MIPS‑based development boards. On x86 they use the rdtsc instruction, achieving sub‑nanosecond granularity; on ARM they rely on clock_gettime(CLOCK_MONOTONIC_RAW), which provides microsecond‑level resolution. The implementation automatically adapts the “sampling window” and buffer size based on the detected timer precision, ensuring that the entropy per sample stays roughly constant across heterogeneous hardware.

Statistical validation follows two complementary tracks. First, the authors apply the NIST SP 800‑90B entropy estimation suite and report min‑entropy values close to 1 bit per raw sample. Second, they run the Dieharder and TestU01 batteries on the final seeded output; the majority of p‑values fall comfortably within the accepted range (0.01–0.99), indicating no detectable non‑random patterns. Notably, the Monobit, Runs, and Serial tests achieve an average bit‑entropy of 0.999 bits/bit, comparable to commercial hardware TRNGs.

Beyond raw randomness, the paper stresses openness and auditability as essential security properties. SideRand’s source code is under a permissive license, consists of fewer than 200 lines of C/Python, and contains no hidden firmware or proprietary drivers. This transparency allows independent security researchers to trace every step—from timer reads to hash computation—making it far easier to detect backdoors or implementation flaws than with closed‑source HRNGs, whose internal state may be concealed in firmware.

The authors also discuss limitations and future work. Timing measurements are sensitive to system load; a heavily loaded CPU can introduce deterministic scheduling artifacts that reduce entropy. To mitigate this, SideRand includes a lightweight load‑monitor that pauses sampling when CPU utilization exceeds a configurable threshold. However, this introduces a small latency penalty that may be unacceptable in hard‑real‑time contexts. Low‑power microcontrollers (e.g., AVR, ESP8266) often lack high‑resolution timers, so the authors suggest augmenting SideRand with auxiliary sensors (temperature, voltage, or even acoustic noise) to boost entropy. Finally, while SHA‑256 is secure, it is relatively heavyweight for constrained devices; exploring lightweight hashes such as BLAKE2s or SipHash could improve performance without sacrificing security.

In conclusion, SideRand demonstrates that a purely software‑based approach can harvest sufficient entropy from ubiquitous CPU timing side‑channels, providing a viable seed source for any CSPRNG on a wide range of devices—from enterprise servers to hobbyist boards. By making the design fully open and easily auditable, the proposal addresses the trust deficit inherent in many proprietary hardware RNGs. With further refinement—especially in load‑adaptive sampling, lightweight hashing, and support for ultra‑low‑power platforms—SideRand could become a standard component of security‑critical firmware and operating‑system kernels, ensuring that even the most resource‑constrained devices can generate cryptographically strong random numbers.