Hardware random number generator

From OpenCircuits
Jump to navigation Jump to search

Extremely rough draft

How do I build a good hardware random number generator?

some applications of random numbers[edit]

Perhaps the most common application of random numbers is as part of the "https://" protocol for viewing websites. It, like many cryptographic protocols, uses special "one-time" nonce numbers that ideally are generated by a hardware random number generator.


After I build a hardware random number generator, what is a good way to feed the sequence of random numbers into such applications?


A few projects#radio projects "randomly" distribute the radio energy over a wide spectrum (spread spectrum). They use something like a random number generator to pick which frequency to use at any one instant. However, as far as I am aware, such systems never use unguessable hardware random number generators, because the receiver must be able to guess the sequence of frequencies used by the transmitter (or vice-versa). As far as I know, non-military spread spectrum radios don't even use a cryptographic pseudo-random sequence, but (to make synchronization between receiver and transmitter easier and to reduce cost and simplify the hardware) always use some non-cryptographic pseudo-random sequence, often a maximum-length sequence (easy to construct with a linear-feedback shift register (LFSR)) or Gold code system.

a few more-or-less open-source HRNG designs[edit]

endolith / probably_random.ino : Arduino hardware true random number generator [2]


Sergio Callegari; Riccardo Rovatti; and Gianluca Setti. "Embeddable ADC-Based True Random Number Generator for Cryptographic Applications Exploiting Nonlinear Signal Processing and Chaos" [4] [5] [6]

"Infinite Noise TRNG (True Random Number Generator): The world's easist TRNG to get right" by Bill Cox, who gives credit to Peter Allan. [7]

DAV: Callegari's ADC-Based True Random Number Generator looks very similar to the "Infinite Noise TRNG" approach. What is the difference, if any?




Whirlygig [11]

whirlyfly [12]


Some of these open-source hardware random number generators produce over 500 KBytes of high-quality randomness. While pseudo-random number generators running on commodity desktop machines run many times faster, I find it hard to imagine any application for high-quality random numbers where 500 KBytes/s is "too slow".


Will Ware. Hardware Random Bit Generator. [15]

Hardware Random Number Generator [16] "(Yet Another) avalanche noise hardware random number generator" " ... based upon a design by Will Ware." " ... The final device, after moving the whitening logic to firmware (for completeness sake, but at a significant speed expense), achieved 9 kB/sec random data."

"The Hardware Random Number Generator" page [17] lots of discussion of theory.


"what is the best method of testing a hardware random number generator?" [18]

I hear other people say that all modern Smart Cards contain a physical hardware random number generator ( [19] ).

sources of entropy[edit]

  • noise from reverse biased transistor, which apparently is due to quantum tunneling.
  • oscillator jitter (which requires at least 2 oscillators to detect),

which is apparently due to thermal noise (?) (How can we tell that the 2 oscillators are actually independent, and have not accidentally become phase-locked?)


A few notes on HRNG theory[edit]

"As of 2004, the best random number generators have 3 parts: an unpredictable nondeterministic mechanism, entropy assessment, and conditioner. ... If the estimate is good, the the conditioned output bits are unbiased full-entropy bits even if the nondeterministic mechanism degrades over time. In practice, the entropy assessment is the difficult part." -- [21]

With a properly implemented randomness extractor, as long as the HRNG is in a physically secure room, most conceivable "attacks" (through-the-air electromagnetic interference, through-the-power-lines electromagnetic interference, etc.) at worst merely slow down the rate at which high-quality random bits are produced; they don't reduce the quality of whatever bits are produced. (The randomness extractor automatically compensates for any reduced quality of the internal raw data samples, throwing out "suspicious" samples).

further reading[edit]