Topic: I am going to build a true random number generator ... (Read 7864 times)

Formal introduction of concept here:
Alpharand; a do it yourself TRNG using an alpha emitter as a source of entropy

https://bitcointalksearch.org/topic/alpharand-a-do-it-yourself-quantum-random-number-generator-using-alpha-decay-585742

It isn't intended to be a commercial product, instead an open system that one can verify is accurate and transparent.  Still the idea that a radioactive source can't be in a commercial product isn't exactly accurate.  Take a look at the smoke detector aisle in your home improvement store for some examples.

It is going to be so much better not to use a radioactive material, otherwise you won't have something that can form the basis of a commercial product. I realise it makes it harder but it is totally worth it to find something else that works.

Well you are need to be careful to avoid a situation where there is bias in the output.  So when we say random we really mean a sequence of bits which are unpredictable (both forward and backwards), is a normal distribution, can be statistically shown to not have biases, and as you say is available at a useful rate.

You can use an entropy preserving operation on the pixels that contain predictable patterns  bitwise exclusive OR  (XOR) is such an operation.

There is entropy to be found.    The hard problem is to figure out how much.

If you XOR the value of a sufficient number of pixels from the RAW file together from a photo,  then you are bound to collect some entropy from the noise.   Shoot in low light -- set the ISO as high as possible -- adjust the exposure settings to maximize noise.


But if you XOR every pixel together...  you just get  one random number from all that work.     Which is inefficient -------  in fact,    it's not good enough to just get entropy: in order to generate random numbers at a reasonable rate,

You need a reliable approximation of how much entropy your source is giving you,  so you know how many pixels you need to XOR together  from the RAW output of your camera  to   get   32 bits of entropy,  And so you know at what point your program needs to take another picture.



I do think an analog radio receiver is a better idea;  preferably a microwave receiver that operates around the 160 Ghz range   that can be adjusted to a frequency nobody is really transmitting at besides random interference patterns,  and can pickup maximal cosmic background noise.

Plus with analog signals... you can use a feedback loop,  or setup your circuit to have electrical anomolies, such as ground loops,  to generate even more noise.

Thanks for confirming that, I was going off of (flawed) memory.  The clocks in modern microcontrollers are better than I remembered.  I did a similar set of test last night (although I had no pluse generator so I used a second microcontroller as a poor man PG).  I got similar results.  I am confident now that if I can keep loop latency under 50 us that means shooting for an average interval period of 500 us is feasible.  That would require  a source & tube combination capable of ~120K cpm, and would give us ~900 bps of filtered entropy.   At 240k cpm might be able to push that up to ~1600 bps.

I have no reason to believe they are flawed (they have been aproved for use by multiple gaming authorities).  Very cool stuff using single photon emitter to produce entropy quantum, however with solutions starting at $1K and being closed source it doesn't fulfill my goals.

these have been going for a long time (not sure if flawed or someone else has posted)

http://www.idquantique.com/component/content/article.html?id=9

noticed this statement here.... not sure if its been mentioned already but i regularly use the latest 32-bit microcontrollers from Arduino (Due) and chipKit (Max32). they can both run an accurate microsecond counter with 10s of microsecond program loop-time. so it seems well within needed resolution. processing the timestamps using some logic statements will increase the loop-time but i think you can very likely keep it under 50us.


edit: did some tests using a fairly reliable pulse generator (AMPI master-9, stated at <4us accuracy for up to a few days of running time)
 
1) loop-time of the max32 running only a microsec counter and a digitalWrite pin (TTL output) is about 5us loop-time

2) adding a serial connection (usb) and a printTimestamp routine to print the microsec timestamp is about 10us loop-time

3) adding a digitalRead routine with a 500hz square input on the pin takes us to about 45us
- printed timestamps have about a 2us jitter over a 2 min recording

4) adding another digitalRead routine on a second pin with 60hz input has little to no effect

... after 20min of testing, seems <50us was a decent guess

i dont get it...but its funny anyway lol...

btw you can also easily generate entropy with a microphone.

Q: Why did the chicken cross the road ?

A: To generate enough entropy.

I really like the way you explain stuff. Can't wait to see the result

How cheap can radioactive material be?  $50?  $20?  $10?  How about $3.99?  Went to Walmart (where else) looking for the cheapest ionizing smoke detector they had.  Found a $11.99 one and I almost missed this piece of junk on the bottom shelf.

http://i.minus.com/iooRCdj2MjLX.jpg
Sentry i9040 Smoke Alarm, Walmart price $3.99!  Score!

http://i.minus.com/iebvNWkZIH9dy.jpg

Bingo that is what we are looking for.  A quick tip about smoke detectors, most detectors in the US use Am-241 a radioactive isotope.  It might not be as common in other countries and the use of radioactive detectors may be completely outlawed.  Am-241 is chosen because it emits (mostly) alpha radiation which is blocked by even a piece of paper or about one inch of air.  The packages may say Am-241 on it or it may just was ionizing.  There are no radioactive smoke detectors which are optical based so if you see anything on the box about optical detection that is likely not the model you want.

http://i.minus.com/iY8PI0991vfKy.jpg
So there were some kind of clips holding the top on the detector I just broke them by putting a screwdriver between the top and base.  Nice thing about $3 smoke detector is the plastic was very cheap and weak.  That silver dome is the detection chamber.  It is the only part we are interested in.  So I just popped the circuit board out and cut the wires.

Safety:
Am-241 is pretty safe as far as radioactive isotopes go but don't be stupid with your health.  I recommend you wear gloves and operate on a clean and clear workspace.  Throw all the trashed components, your gloves, and any paper towels used to clean up dust into a plastic bag when complete.  Since Am-241 is primary an alpha emitted the greatest danger is if you ingest, breath in, or somehow get it into your bloodstream (i.e. cut yourself with a knife that you scrapped some Am-241 onto).

http://i.minus.com/iMWKEnHJ5ehB5.jpg
The backside of the circuit board.  Notice the board is covered in wax so if you notice white flakes coming off the board it isn't lethal radioactive material it is just wax.  You will notice there are three clips here (first one already destroyed) however that metal cap it actual held in place by the two long solder joints (one to the left of "TP2" and the other just above the arrow in the lower left).  You probably could desolder the shield and on a better made model you might have to but this is some cheap junk and after about 3 minutes with a screw driver, needle nose pliers, and some tin snips I ended up with this.  There is no exact science to this just use the minimum force necessary you don't want to damage the Am-241 slug.

http://i.minus.com/iSMXogIB9IWHC.jpg
The shield on the right covers the "white stand" which holds the Am-241.  The metal foil in the center of the photo is the top conductor.  It is attached to the top of the white stand and easy to remove with some pliers. The smaller inner/lower metal foil which is still attached to white stand is the second conductor.  When smoke particles enter the space between them they are ionized by the alpha particles emitted by the Am-241 and complete a circuit which trips the alarm.  The metal slug in the center of the white stand is what contains the Am-241.  We want to remove that as carefully as possible without damaging it.  The Am-241 is actually applied in a layer on the surface of the copper colored metal in the indention of the slug.  You want to avoid scrapping across that as you could produce dust containing Am-241.

http://i.minus.com/i3cjGPdStGzAB.jpg
I found it easiest to rip off the lower foil (needle nose pliers worked great).  The slug is wedged into the stand from the backside.  You may be able to knock it loose but I found it easier to just cut the cheap white stand down until the slug came free.  However you break it out the goal should be to destroy the material around the slug not the slug itself.  We are trashing everything else and we want to avoid disturbing the Am-241 on the surface of the slug.

http://i.minus.com/idYSfqiXrPNIx.jpg
Tada 0.9 microcuries of Am-241 for $3.99 and maybe 10 minutes of work.   1 microcurie scientific samples generally run $50 to $200 so this is quite a deal.  It would be a good idea now to clean down your workspace.  Dispose of all the other material, used gloves, and cleaning supplies. (in a sealed plastic bag).  The Am-241 doesn't need heavy lead shielding but keep out away from children and pets (consumption would be very bad).  I stored my sample in a used pill bottle and clearly marked.

DISCLAIMER:  Am-241 is relatively safe compared to other isotopes however all radioactive sources this information is provided as educational only and you accept full responsibility for your actions.  You are responsible for ensuring that the removal and/or possession of 0.9 microcuries of Am-241 is not prohibited by local law.

Possibly as a future project however at this point it really is just a proof of concept prototype.  It may not go beyond that.

So gonna integrate it with a hardware wallet .. like Trezor for the off-line keygen part too?

A normal photograph probably not. The pixels aren't random they are organized into all types of patterns, also subsequent photos won't be independent.  There is a project which uses a capped webcam as a source of entropy.  A perfect web cam would show a uniform black output but due to noise in the sensor it produces spots which if not random are at least a very complex chaotic system. 

http://sourceforge.net/projects/lavarnd/

It is a form of TRNG however I am more interested in the sub category of TRNG based on quantum observations.   Still there is more than one way to gather entropy.

Probably.  The G-M tube selected is very sensitive to alpha radiation.  This allows a high number of events (counts per minute) without needing to use a source with high beta or gamma activity (dangerous).  It is very possible that cheaper less sensitive tube will also work depending on the radioactive source and the throughput of random bits required.  I intend the design to use a simple two pin connector for attaching the tube using soldered on leads, and an adjustable high voltage power supply so the design could be adaptable to other tubes which operate in a 300V to 500V range.

this ?

Predicting movement of E. coli sounds unfeasible based on general chaos theory.

There aren't quantum computers powerful enough to predict the movement of E.Coli.

Depends on what purpose.  If someone knows exactly what time (ms) you generated a random number using it, then they could regenerate the same "random" number.  It's not 100% secure for generating things like Bitcoin addresses, but in all likelihood, you'd probably be fine using it.  A true RNG has results that are unreproducible.