http://www.opencircuits.com/index.php?title=Hardware_random_number_generator&feed=atom&action=historyHardware random number generator - Revision history2024-03-29T13:09:25ZRevision history for this page on the wikiMediaWiki 1.34.2http://www.opencircuits.com/index.php?title=Hardware_random_number_generator&diff=77927&oldid=prevDavidCary: rough draft.2015-02-17T20:02:30Z<p>rough draft.</p>
<p><b>New page</b></p><div><br />
''Extremely rough draft''<br />
<br />
How do I build a good hardware random number generator?<br />
<br />
<br />
<br />
=== some applications of random numbers ===<br />
<br />
Perhaps the most common application of random numbers is as part of the "https://" protocol for viewing websites.<br />
It, like many cryptographic protocols,<br />
uses special "one-time" nonce numbers<br />
that ideally are generated by a hardware random number generator.<br />
<br />
[http://wiki.openssl.org/index.php/Random_Numbers]<br />
<br />
''After I build a hardware random number generator, what is a good way to feed the sequence of random numbers into such applications?''<br />
<br />
==== radio? ====<br />
<br />
A few [[projects#radio projects]]<br />
"randomly" distribute the radio energy over a wide spectrum (spread spectrum).<br />
They use something like a random number generator<br />
to pick which frequency to use at any one instant.<br />
However, as far as I am aware,<br />
such systems never use unguessable hardware random number generators,<br />
because the receiver<br />
must be able to guess the sequence of frequencies used by the transmitter<br />
(or vice-versa).<br />
As far as I know,<br />
non-military spread spectrum radios<br />
don't even use a cryptographic pseudo-random sequence,<br />
but (to make synchronization between receiver and transmitter easier<br />
and to reduce cost and simplify the hardware)<br />
always use some non-cryptographic pseudo-random sequence,<br />
often a maximum-length sequence<br />
(easy to construct with a linear-feedback shift register (LFSR)) or Gold code system.<br />
<br />
=== a few more-or-less open-source HRNG designs ===<br />
<br />
<br />
endolith / probably_random.ino :<br />
Arduino hardware true random number generator<br />
[https://gist.github.com/endolith/2568571]<br />
<br />
<br />
<br />
[http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/]<br />
<br />
<br />
Sergio Callegari; Riccardo Rovatti; and Gianluca Setti.<br />
"Embeddable ADC-Based True Random Number Generator for Cryptographic Applications Exploiting Nonlinear Signal Processing and Chaos"<br />
[http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1381779]<br />
[http://www.researchgate.net/publication/3319163_Embeddable_ADC-based_true_random_number_generator_for_cryptographic_applications_exploiting_nonlinear_signal_processing_and_chaos]<br />
[http://www.researchgate.net/profile/Sergio_Callegari/publication/3319163_Embeddable_ADC-based_true_random_number_generator_for_cryptographic_applications_exploiting_nonlinear_signal_processing_and_chaos/links/09e41511194d9d8d58000000.pdf]<br />
<br />
"Infinite Noise TRNG (True Random Number Generator): The world's easist TRNG to get right"<br />
by Bill Cox, who gives credit to Peter Allan.<br />
[https://github.com/waywardgeek/infnoise]<br />
<br />
DAV:<br />
Callegari's ADC-Based True Random Number Generator looks very similar to the<br />
"Infinite Noise TRNG"<br />
approach.<br />
What is the difference, if any?<br />
<br />
[http://robseward.com/itp/adv_tech/random_generator/]<br />
<br />
[http://www.cryogenius.com/hardware/rng/]<br />
<br />
[https://lwn.net/Articles/525459/]<br />
<br />
Whirlygig<br />
[http://hackaday.com/2010/02/06/hardware-based-randomness-for-linux/]<br />
<br />
<br />
whirlyfly<br />
[https://github.com/zdavkeos/whirlyfly]<br />
<br />
[http://forums.parallax.com/showthread.php/93061-Real-Random-Number-Generator-Object]<br />
<br />
<br />
Some of these open-source hardware random number generators produce over 500 KBytes of high-quality randomness.<br />
While pseudo-random number generators running on commodity desktop machines run many times faster, I find it hard to imagine any application for high-quality random numbers where 500 KBytes/s is "too slow".<br />
<br />
<br />
<br />
[http://hackaday.com/2014/02/10/the-two-component-random-number-generator/]<br />
<br />
<br />
Will Ware.<br />
Hardware Random Bit Generator.<br />
[http://web.jfet.org/hw-rng.html]<br />
<br />
Hardware Random Number Generator<br />
[http://iank.org/trng.html]<br />
"(Yet Another) avalanche noise hardware random number generator"<br />
" ... based upon a design by Will Ware."<br />
" ... The final device, after moving the whitening logic to firmware<br />
(for completeness sake, but at a significant speed expense),<br />
achieved 9 kB/sec random data."<br />
<br />
<br />
<br />
<br />
"The Hardware Random Number Generator" page<br />
[http://www.ciphersbyritter.com/NEWS4/HARDRAND.HTM]<br />
lots of discussion of theory.<br />
<br />
...<br />
<br />
<br />
<br />
"what is the best method of testing a hardware random number generator?"<br />
[http://security.stackexchange.com/questions/47475/testing-a-hardware-random-number-generator]<br />
<br />
<br />
<br />
I hear other people say that all modern Smart Cards contain a physical hardware random number generator<br />
( [http://crypto.stackexchange.com/questions/20068/are-there-some-problems-to-use-pseudo-random-number-generator-in-smart-card] ).<br />
<br />
<br />
<br />
<br />
=== sources of entropy ===<br />
<br />
* noise from reverse biased transistor, which apparently is due to quantum tunneling.<br />
<br />
* oscillator jitter (which requires at least 2 oscillators to detect),<br />
which is apparently due to thermal noise (?)<br />
(How can we tell that the 2 oscillators<br />
are actually independent,<br />
and have not accidentally become phase-locked?)<br />
<br />
<br />
[http://www.quantiki.org/wiki/Quantum_Random_Number_Generators]<br />
<br />
<br />
=== A few notes on HRNG theory ===<br />
<br />
<br />
<br />
"As of 2004, the best random number generators have 3 parts:<br />
an unpredictable nondeterministic mechanism,<br />
entropy assessment, and<br />
conditioner.<br />
...<br />
If the estimate is good, the the conditioned output bits are unbiased full-entropy bits even if the nondeterministic mechanism degrades over time.<br />
In practice, the entropy assessment is the difficult part."<br />
--<br />
[http://en.wikibooks.org/wiki/Cryptography/Random_number_generation]<br />
<br />
<br />
<br />
With a properly implemented randomness extractor, as long as the HRNG is in a physically secure room, most conceivable "attacks" (through-the-air electromagnetic interference, through-the-power-lines electromagnetic interference, etc.) at worst merely slow down the rate at which high-quality random bits are produced; they don't reduce the quality of whatever bits are produced. (The randomness extractor automatically compensates for any reduced quality of the internal raw data samples, throwing out "suspicious" samples).<br />
<br />
<br />
<br />
<br />
=== further reading ===<br />
<br />
* [http://crypto.stackexchange.com/questions/tagged/random-number-generator]<br />
<br />
* [http://crypto.stackexchange.com/questions/tagged/pseudo-random-generator]<br />
<br />
* [http://electronics.stackexchange.com/questions/tagged/random-number]<br />
<br />
* [[Wikipedia: Hardware random number generator]]</div>DavidCary