Last Modification: September 25, 2003
HAVEGE is now released under the LGPL terms and conditions, January, 2006.
New license, September 25, 2003
HAVEGE2.0 on PocketPC2002, January 24, 2003
New version HAVEGE2.0 (August 2002)
Most previous software algorithms for generating unpredictable random number sequences rely on entropy gathering from measuring unpredictable external events. The throughput of these generators are in the range of 10-100 bits per second. This limits them to being used as seeds for pseudo-random generators. Such unpredictable random number generators are needed for cryptography.
Modern superscalar processors feature a large number of hardware mechanisms which aim at improving performance: caches, branch predictors, TLBs, long pipelines, instruction level parallelism, ... The state of these components is not architectural (i.e. the result of an ordinary application does not depend on it), it is also volatile and cannot be directly monitored by the user. On the other hand, every invocation of the operating system modifies thousands of these binary volatile states .
HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a user-level software unpredictable random number generator for general-purpose computers that exploits these modifications of the internal volatile hardware states as a source of uncertainty.
During an initialization phase, the hardware clock cycle counter of the processor is used to gather part of this entropy: tens of thousands of unpredictable bits can be gathered per operating system call in average.
HAVEGE combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation.
The internal state of HAVEGE includes thousands of internal volatile hardware states and is merely unmonitorable. Therefore HAVEGE features a very high security level. HAVEGE can reach an unprecedented throughput for a software unpredictable random number generator: several hundreds of megabits per second on current workstations and PCs.
The throughput of HAVEGE favorably competes with usual pseudo-random number generators such as rand() or random(). While HAVEGE was initially designed for cryptology-like application, this high throughput makes HAVEGE usable for all application domains demanding for high performance and high quality random number generators, e.g. Monte Carlo simulations.
Last, but not least, more and more modern appliances such as PDAs, cell phones, etc are built around low-power superscalar processors (e.g. StrongARM, Intel Xscale) and features complex operating systems. HAVEGE can also be implemented on these platforms. A demonstrator of HAVEGE for such a PDA featuring PocketPC2002 and a Xscale processor is available.