[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-82072-en":3,"doc-seo-82072-105":28,"detail-sidebar-cat-0-en-105":90},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":11,"language":21,"language_code":22,"site_id":23,"html_lang":22,"table_of_contents":24,"faqs":25,"seo_title":13,"seo_description":14,"update_tm":26,"read_time":27},82072,13056703019404,"Miles","https://ap-avatar.wpscdn.com/davatar_29158cc5080c5b710cf443261637dec0",8,"Research & Report","Entropy Bootstrapping for Wireless Embedded Systems","Weak randomness undermines deployed cryptography due to implementation bugs, scarcity of boot entropy, and backdoored random generators. The risk concentrates in inexpensive wireless sensors that boot or operate under highly deterministic conditions while relying on basic or opaque RNGs. For ESP32-class boards, an RF-disabled WDEV state outputs pseudorandom bytes yet passes identical statistical screens, so output tests cannot replace source-state admission. The work presents an admission-controlled, defense-in-depth boot path using SRAM startup material, radio-burst extraction, and signed asymmetric entropy capsules.","arXiv :2607 .08865v 1 [ cs .CR] 9 Jul 2026  \nEntropy Bootstrapping for Wireless Embedded Systems  \nJavier Blanco-Romero∗1, Florina Almenares Mendoza 1 , Daniel Díaz-Sánchez 1 and Andrés  \nMarín-López2  \n1 Department of Telematic Engineering, Universidad Carlos III de Madrid, Spain  \n2 Department of Telematic Systems Engineering, Polytechnic University of Madrid, Spain  \nJuly 13, 2026  \nAbstract  \nWeak randomness has broken deployed cryptography through implementation bugs, boot entropy scarcity, and backdoored generators. Inexpensive wireless sensors concentrate the risk because many boot or operate in highly deterministic conditions while relying on basic, rudimentary, or opaque RNGs. On ESP32-class boards, RF-disabled wireless device RNG register (WDEV) output is pseudorandom by specification yet passes the same statistical screens as RF-active states, showing that output tests cannot replace source-state admission.  \nWe propose a defense-in-depth boot path for ESP32-class IoT nodes that combines SRAM startup material, radio burst extraction, and asymmetric entropy capsules under explicit source-state admission. In radio burst extraction, a trusted node in the local IoT network, such as a gateway or dedicated entropy node, sends a public packet burst to open a measurement window. The client samples its own WDEV output and packet timing during that window, then credits only the local response. Capsules cover the cold-start case with a pre-provisioned asymmetric key pair. The trusted node encrypts fresh seed material to the client’s public key and signs the capsule; the client verifies, decapsulates, and hashes before it has local entropy. We benchmark the ESP32 RNG under several radio operating modes, the fixed-burst extraction window, the deterministic capsule client path, and SRAM startup reads. Together, these measurements support an admission policy in which each root is credited only when its required source state and protocol checks hold.  \nKeywords: boot entropy, embedded systems, defense-in-depth, radio burst entropy, SRAM PUF, ESP32, Zephyr, entropy as a service, ML-KEM, MLDSA  \n1 Introduction  \nCryptography begins before the first secure packet. A device wakes, initializes drivers, joins a wireless network, and asks a random number generator for values that must already be unpredictable. If these first values are weak, later cryptography inherits the weakness, often invisibly.  \nThe historical record is blunt. The Debian OpenSSL bug collapsed a distribution’s effective key space [1]; Internet-wide scans later traced shared and factorable RSA keys to headless devices generating keys at first boot [2], [3]; smart cards repeated primes [4]; and Dual EC and Juniper show the same danger from deliberate backdoors [5], [6] . The common design error is not that a particular statistical test was missing. It is that the system trusted one opaque source, while the output did not reveal that the source had failed.  \nEmbedded devices are fertile ground for this mistake. Thousands of units may run identical firmware on identical silicon, wake into the same reset vector,  \nand perform the same short network task. The RNG API can keep returning plausible bytes even when the physical source behind it has changed state, a failure mode seen in firmware studies [7] . On ESP32-class boards, for example, the RNG register still returns bytes when documented analog entropy inputs are inactive; in that state, the output is pseudorandom by specification [8] . Section 7.1 shows that this rejected state passes the same statistical screens as RF-active states. Output tests can support a source model, but they cannot replace it.  \nTo mitigate this, we propose a defense-in-depth boot path in which a sensor mixes several roots with different trust bases. The first seed survives the loss, absence, or misbehavior of any one root, as long as at least one credited root remains unknown to the adversary. The network-assisted roots require a connection t","cbCaih8XBVlbKaZ4","https://ap.wps.com/l/cbCaih8XBVlbKaZ4","pdf",562041,1,"English","en",105,"# Introduction\n# Related Work","[{\"question\":\"Why do weak boot-time randomness failures remain hard to detect in practice?\",\"answer\":\"Early RNG values are trusted before secure packets exist, and output may still look statistically plausible even when the physical entropy source is inactive or altered. This makes later cryptography inherit weakness invisibly.\"},{\"question\":\"How does the proposed method handle ESP32-class RF-disabled RNG behavior?\",\"answer\":\"It introduces source-state admission so the boot path credits entropy only when required conditions hold. Radio burst extraction and asymmetric entropy capsules ensure the client accepts local, response-derived and verified seed material.\"},{\"question\":\"What roles do SRAM startup material, radio burst extraction, and entropy capsules play?\",\"answer\":\"SRAM startup provides PUF-based device-bound variability, radio burst extraction samples RNG and packet timing during a public measurement window without entropy credit to the burst, and entropy capsules cover cold-start via a trusted-node encrypted, signed seed that the client verifies and hashes.\"}]",1784178050,20,{"code":4,"msg":29,"data":30},"ok",{"site_id":23,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":26},"entropy-bootstrapping-for-wireless-embedded-systems","",{"@graph":34,"@context":84},[35,52,67],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/entropy-bootstrapping-for-wireless-embedded-systems/82072/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"inLanguage":22,"description":14,"dateModified":60,"datePublished":61,"encodingFormat":59,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":64,"interactionType":65,"userInteractionCount":20},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"Why do weak boot-time randomness failures remain hard to detect in practice?","Question",{"text":74,"@type":75},"Early RNG values are trusted before secure packets exist, and output may still look statistically plausible even when the physical entropy source is inactive or altered. This makes later cryptography inherit weakness invisibly.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How does the proposed method handle ESP32-class RF-disabled RNG behavior?",{"text":79,"@type":75},"It introduces source-state admission so the boot path credits entropy only when required conditions hold. Radio burst extraction and asymmetric entropy capsules ensure the client accepts local, response-derived and verified seed material.",{"name":81,"@type":72,"acceptedAnswer":82},"What roles do SRAM startup material, radio burst extraction, and entropy capsules play?",{"text":83,"@type":75},"SRAM startup provides PUF-based device-bound variability, radio burst extraction samples RNG and packet timing during a public measurement window without entropy credit to the burst, and entropy capsules cover cold-start via a trusted-node encrypted, signed seed that the client verifies and hashes.","https://schema.org",{"og:url":50,"og:type":86,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":88,"canonical":50},"index,follow",{"doc_id":7,"site_id":23},{"code":4,"msg":5,"data":91},[92,96,100,104,109,114,119,122,126,129,133],{"id":20,"doc_module":4,"doc_module_name":44,"category_name":93,"show_sort_weight":94,"slug":95},"Story & Novel",90,"story-novel",{"id":45,"doc_module":4,"doc_module_name":44,"category_name":97,"show_sort_weight":98,"slug":99},"Literature",80,"literature",{"id":51,"doc_module":4,"doc_module_name":44,"category_name":101,"show_sort_weight":102,"slug":103},"Exam",70,"exam",{"id":105,"doc_module":4,"doc_module_name":44,"category_name":106,"show_sort_weight":107,"slug":108},5,"Comic",60,"comic",{"id":110,"doc_module":4,"doc_module_name":44,"category_name":111,"show_sort_weight":112,"slug":113},6,"Technology",50,"technology",{"id":115,"doc_module":4,"doc_module_name":44,"category_name":116,"show_sort_weight":117,"slug":118},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":44,"category_name":12,"show_sort_weight":120,"slug":121},30,"research-report",{"id":123,"doc_module":4,"doc_module_name":44,"category_name":124,"show_sort_weight":27,"slug":125},9,"Religion & Spirituality","religion-spirituality",{"id":27,"doc_module":4,"doc_module_name":44,"category_name":127,"show_sort_weight":27,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":44,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":44,"category_name":135,"show_sort_weight":105,"slug":136},19,"General","general"]