Entropy, how to calculate it from series of outcome

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: RocketSingh on October 24, 2018, 04:04:09 PM

Bitcoin blockchain itself is a great source of entropy. Last digit of each block is itself random. There is a dedicated thread discussing this phenomenon - https://bitcointalksearch.org/topic/how-random-the-last-digit-of-a-block-hash-really-is-1493510

Except that it's far less secure/random if it's used improperly, Thoughts on this private key stealing mystery have detailed case about it.
CSPRNG is still more secure and attacker almost have no information to correctly guess private key with balance.

Sanglotslongs2

full member

Activity: 260

Merit: 129

Quote from: RocketSingh on October 24, 2018, 04:04:09 PM

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

I want to generate my own private key with dice and/or other very entropic phenomenon.

Bitcoin blockchain itself is a great source of entropy. Last digit of each block is itself random. There is a dedicated thread discussing this phenomenon - https://bitcointalksearch.org/topic/how-random-the-last-digit-of-a-block-hash-really-is-1493510

Yes but since it's public and a lot of people know bitcoin is it secure to use it ? Some hacker can "datamining" the hash of each blocks to steal cryptos. The same way they did datamining on brain wallet, a lot of people wich passphrase was a poem get hacked because the passphrase was hashed to a private key so hacker can attack all brain wallet in the same time (it's different from a bruteforce because bruteforce is agains a sample of encrypted data).

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

I want to generate my own private key with dice and/or other very entropic phenomenon.

Bitcoin blockchain itself is a great source of entropy. Last digit of each block is itself random. There is a dedicated thread discussing this phenomenon - https://bitcointalksearch.org/topic/how-random-the-last-digit-of-a-block-hash-really-is-1493510

theymos_away

member

Activity: 82

Merit: 26

https://en.bitcoin.it/wiki/Passphrase_generation#Generating_keys.2C_seeds.2C_and_random_numbers_.28Advanced.29

On Linux, that's basically how /dev/{,u}random works anyway. It does something like sha1(past_randomness + new entropy from keyboard etc.) repeatedly in order to produce endless random data. (This is a slight simplification, but it's more-or-less like this.)

CPUs offer a randomness instruction, but it's not used on Linux because people don't trust it. The CPU behaves deterministically, and entropy is gathered from elsewhere.

You can analyze the quality of random data to *some* extent using eg. ent (http://www.fourmilab.ch/random/), but it is logically impossible to know whether some data is truly random. For example, the output of a secure hash function should on average always test as perfectly random, indistinguishable from perfect quantum randomness, even if it's a hash of "1234" etc. OTOH, highly ordered-looking data can come out of a true random source sometimes.

Sanglotslongs2

full member

Activity: 260

Merit: 129

Thanks for your replies.

I wish to generate with dice my private key because I don't know if there is a risk to to not have a good random number if I run the prog on CPU. Is there documentation where they compare CPU random number ? If AMD / Intel / Broadcom have their specs. Because it's not only a software problem, I guess that true random number are also hardware dependant.

HeRetiK

legendary

Activity: 3122

Merit: 2178

Playgram - The Telegram Casino

Quote from: bob123 on October 24, 2018, 03:54:04 AM

That's correct. I have never claimed that /dev/urandom is truly random.

I just wanted to clear out the 'how to be sure that dice rolls are truly random' question.

More precisely my statement was:

Quote from: bob123 on October 21, 2018, 05:41:44 AM

This is way more random than your brain or any dice rolls can ever be.

Fair enough.

Quote from: bob123 on October 24, 2018, 03:54:04 AM

And that's still my opinion. Humans tend to throw the dice in a similar motion each time. Especially with hundreds of rolls.
The outcome will be less random. And the brain being one of the worst sources of entropy should be commonly known, at least if you really need a random number and are ready to spend a few minutes to read into this subject.

I have my doubts about the first -- at least when someone tries to properly roll the dice and not just fake it -- but I absolutely agree with the brain being one of the worst sources of entropy (and real world attacks seem to support that claim).

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: HeRetiK on October 22, 2018, 05:24:21 AM

Quote from: odolvlobo on October 22, 2018, 02:23:59 AM

Quote from: bob123 on October 21, 2018, 05:41:44 AM

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

Precisely.

You could also say the same about:

Quote from: bob123 on October 21, 2018, 05:41:44 AM

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

Both are deterministic in the end, as long as you dig deep enough (but not so deep as to enter the quantum realm). The latter being obviously more practical than throwing dice.

As long as the result looks random to an outside observer, ie. does not show any bias towards certain numbers, you're golden. That is, as long as an adversary is unable to acquire the input required to (re)create the pseudo-random output. Which can be reasonably assumed for both physical dice and /dev/urandom.

That's correct. I have never claimed that /dev/urandom is truly random.

I just wanted to clear out the 'how to be sure that dice rolls are truly random' question.

More precisely my statement was:

Quote from: bob123 on October 21, 2018, 05:41:44 AM

This is way more random than your brain or any dice rolls can ever be.

And that's still my opinion. Humans tend to throw the dice in a similar motion each time. Especially with hundreds of rolls.
The outcome will be less random. And the brain being one of the worst sources of entropy should be commonly known, at least if you really need a random number and are ready to spend a few minutes to read into this subject.

Diamond Dallas Page

newbie

Activity: 7

Merit: 7

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

Hello,

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

Thanks

Try using the an open source program called ent. Here are the results for rolling a die six times with the result vector of <666666>.

% echo -n "666666" | ./ent

Entropy = 0.000000 bits per byte.

Optimum compression would reduce the size of this 6 byte file by 100 percent.

Chi square distribution for 6 samples is 1530.00, and randomly would exceed this value less than 0.01 percent of the times.

Arithmetic mean value of data bytes is 54.0000 (127.5 = random). Monte Carlo value for Pi is 4.000000000 (error 27.32 percent). Serial correlation coefficient is undefined (all values equal!).

HeRetiK

legendary

Activity: 3122

Merit: 2178

Playgram - The Telegram Casino

Quote from: odolvlobo on October 22, 2018, 02:23:59 AM

Quote from: bob123 on October 21, 2018, 05:41:44 AM

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

Precisely.

You could also say the same about:

Quote from: bob123 on October 21, 2018, 05:41:44 AM

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

Both are deterministic in the end, as long as you dig deep enough (but not so deep as to enter the quantum realm). The latter being obviously more practical than throwing dice.

As long as the result looks random to an outside observer, ie. does not show any bias towards certain numbers, you're golden. That is, as long as an adversary is unable to acquire the input required to (re)create the pseudo-random output. Which can be reasonably assumed for both physical dice and /dev/urandom.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

I don't think there is a way to measure entropy of the generator from the outcomes. Also, when somebody says that something has "N bits of entropy", they are assuming an ideal RNG.

As for measuring the quality of your dice rolling, I think that simply measuring the uniformity of the distribution for a large number of rolls is probably sufficient, since a roll is probably not significantly affected by a previous roll or the time of the roll or the conditions during the roll.

If you want to be more thorough, then here is some information about other tests you can run: https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=906762

Quote from: bob123 on October 21, 2018, 05:41:44 AM

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

Sanglotslongs2

full member

Activity: 260

Merit: 129

Quote from: bob123 on October 21, 2018, 05:41:44 AM

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

I know but all this variables can be good enough to generate a private key.

Quote from: bob123 on October 21, 2018, 05:41:44 AM

No need to waste your time. The human brain is less than '1/10 random' as an PRNG.

Do you have a source for this ? I would like to read more about it Cool

Quote from: bob123 on October 21, 2018, 05:41:44 AM

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

I know that "randomness" is calculated from a lot of variables (memory usage in your message) is this process open ? Can we know what the variables are ? I know that INTEL'S CPU do it in a black box but it must be open process too. Thanks.

aplistir

full member

Activity: 378

Merit: 197

Quote from: Foxpup on October 21, 2018, 07:24:02 AM

Quote from: aplistir on October 21, 2018, 06:34:22 AM

And combine the 2 keys with XOR.

Don't do this. In the unlikely event that there is any correlation between the two random sources, XOR will cancel them out, reducing entropy. The correct way to combine multiple entropy sources is to concatenate them, then hash the result.

Interesting

I have heard about the possibility of using hash for combining 2 keys, but never knew how to do it.

Can it be so simple.

Foxpup

legendary

Activity: 4542

Merit: 3393

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: aplistir on October 21, 2018, 06:34:22 AM

And combine the 2 keys with XOR.

Don't do this. In the unlikely event that there is any correlation between the two random sources, XOR will cancel them out, reducing entropy. The correct way to combine multiple entropy sources is to concatenate them, then hash the result.

aplistir

full member

Activity: 378

Merit: 197

One sure way to ensure randomness is to generate 2 keys.
First generate one with whatever way you like, eg, coin, dice or manually by pencil.

Then generate the 2.nd one with urandom.

And combine the 2 keys with XOR.

Eg. If your keys are
1.st: 01101001...
2.nd: 01011011...
result: 00110010...
(in XOR you add binary bits together bit by bit. if they are the same the result is 0, if one is 0 and other is 1 the result is 1)

In this way, even if only one of your keys is truly random, the result is still random.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

You can't say that, no.

The probability tells you that if you are doing up to an infinite amount of rolls, you'll have pretty close to 0.166666% of each result.
But this is NOT a guarantee. Especially with such a low number (300), this doesn't need to be the case at all. You'd need at least a few hundred thousands of tries to be sure the output is 'kind of random'.

Quote from: Sanglotslongs2 on October 21, 2018, 02:21:24 AM

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

No need to waste your time. The human brain is less than '1/10 random' as an PRNG.

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

This is way more random than your brain or any dice rolls can ever be. And it only takes 5 seconds compared to a few hours.

Sanglotslongs2

full member

Activity: 260

Merit: 129

Hello,

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

Thanks

Topic: Entropy, how to calculate it from series of outcome (Read 410 times)