Cryptography: True Random Number Generator

Entropy Sources

•A true random number generator (TRNG) uses a nondeterministic source to produce randomness.

•Most operate by measuring unpredictable natural processes, such as pulse detectors of ionizing radiation events, gas discharge tubes, and leaky capacitors.

•Intel has developed a commercially available chip that samples thermal noise by amplifying the voltage measured across undriven resistors.

•LavaRnd is an open source project for creating truly random numbers using inexpensive cameras, open source code, and inexpensive hardware.

•The system uses a saturated CCD in a light-tight can as a chaotic source to produce the seed.

•Software processes the result into truly random numbers in a variety of formats.

RFC 4086 lists the following possible sources of randomness that, with care, easily can be used on a computer to generate true random sequences.

•Sound/video input: Many computers are built with inputs that digitize some real-world analog source, such as sound from a microphone or video input from a camera.

–The “input” from a sound digitizer with no source plugged in or from a camera with the lens cap on is essentially thermal noise. If the system has enough gain to detect anything, such input can provide reasonably high quality random bits.

•Disk drives: Disk drives have small random fluctuations in their rotational speed due to chaotic air turbulence. The addition of low-level disk seek-time instrumentation produces a series of measurements that contain this randomness.

–Such data is usually highly correlated, so significant processing is needed. Nevertheless, experimentation a decade ago showed that, with such processing, even slow disk drives on the slower computers of that day could easily produce 100 bits a minute or more of excellent random data.