Clock drift refers to several related phenomena where a clock does not run at exactly the same rate as a reference clock. That is, after some time the clock "drifts apart" or gradually desynchronizes from the other clock. All clocks are subject to drift, causing eventual divergence unless resynchronized. In particular, the drift of crystal-based clocks used in computers requires some synchronization mechanism for any high-speed communication. Computer clock drift can be utilized to build random number generators. These can however be exploited by timing attacks.
Everyday clocks such as wristwatches have finite precision. Eventually they require correction to remain accurate. The rate of drift depends on the clock's quality, sometimes the stability of the power source, the ambient temperature, and other subtle environmental variables. Thus the same clock can have different drift rates at different occasions.
More advanced clocks and old mechanical clocks often have some kind of speed trimmer where one can adjust the speed of the clock and thus correct for clock drift. For instance, in pendulum clocks the clock drift can be manipulated by slightly changing the length of the pendulum.
A quartz oscillator is less subject to drift due to manufacturing variances than the pendulum in a mechanical clock. Hence most everyday quartz clocks do not have an adjustable drift correction.
Atomic clocks
Atomic clocks are very precise and have nearly no clock drift. Even the Earth's rotation rate has more drift and variation in drift than an atomic clock due to tidal acceleration and other effects. The principle behind the atomic clock has enabled scientists to re-define the SI unitsecond in terms of exactly 9192631770 oscillations of the caesium-133 atom. The precision of these oscillations allows atomic clocks to drift roughly only one second in a hundred million years; as of 2015, the most accurate atomic clock loses one second every 15 billion years.[1][2] The International Atomic Time (TAI) time standard and its derivatives (such as the Coordinated Universal Time (UTC)) are based on weighted averages of atomic clocks worldwide.
As Einstein predicted, relativistic effects can also cause clock drift due to time dilation. This is because there is no fixed universal time, time being relative to the observer. Special relativity describes how two clocks held by observers in different inertial frames (i.e. moving with respect to each other but not accelerating or decelerating) will each appear to either observer to tick at different rates.
In addition to this, general relativity gives us gravitational time dilation. Briefly, a clock in a stronger gravitational field (e.g. closer to a planet) will appear to tick more slowly. People holding these clocks (i.e. those inside and outside the stronger field) would all agree on which clocks appear to be going faster.
It is time itself rather than the function of the clock which is affected. Both effects have been experimentally observed.[citation needed]
Time dilation is of practical importance. For instance, the clocks in GPS satellites experience this effect due to the reduced gravity they experience (making their clocks appear to run more quickly than those on Earth) and must therefore incorporate relativistically corrected calculations when reporting locations to users. If general relativity were not accounted for, a navigational fix based on the GPS satellites would be false after only 2 minutes, and errors in global positions would continue to accumulate at a rate of about 10 kilometers each day.[3]
One way to build a hardware random number generator is to use two independent clock crystals, one that for instance ticks 100 times per second and one that ticks 1 million times per second. On average the faster crystal will then tick 10,000 times for each time the slower one ticks. But since clock crystals are not precise, the exact number of ticks will vary. That variation can be used to create random bits. For instance, if the number of fast ticks is even, a 0 is chosen, and if the number of ticks is odd, a 1 is chosen. Thus such a 100/1000000 RNG circuit can produce 100 somewhat random bits per second.
Typically such a system is biased—it might for instance produce more zeros than ones—and so hundreds of somewhat-random bits are "whitened" to produce a few unbiased bits.
There is also a similar way to build a kind of "software random number generator". This involves comparing the timer tick of the operating system (the tick that usually is 100–1000 times per second) and the speed of the CPU. If the OS timer and the CPU run on two independent clock crystals the situation is ideal and more or less the same as the previous example. But even if they both use the same clock crystal the process/program that does the clock drift measurement is "disturbed" by many more or less unpredictable events in the CPU such as interrupts and other processes and programs that run at the same time. Thus the measurement will still produce fairly good random numbers.
In 2006, a side channel attack was published[5] that exploited clock skew based on CPU heating. The attacker causes heavy CPU load on a pseudonymous server (Tor hidden service), causing CPU heating. CPU heating is correlated with clock skew, which can be detected by observing timestamps (under the server's real identity).