The article is a little breathless about how "...physicists have long searched for other ways to make genuinely random numbers based on physical processes that produce random outcomes. "
My understanding is it's pretty straightforward to do so - here's a nice little device available on tindie:
And, not to be pedantic, but you really only need a small amount of entropy to seed your PRNG - for all practical purposes, the rest of the random bits can be computationally generated.
The niche for fast HWRNGs actually exists in the stochastic simulation business (physics, statistics, machine learning, finance, to some extent CG); "real" randomness helps in scaling over tons of cores and specialised hardware must be in principle faster than general hardware executing software PRNG.
The bar is set high, though; the dream is about 1GB/s, RDRAND achieves 500-700MB/s.
>The niche for fast HWRNGs actually exists in the stochastic simulation business
>The bar is set high, though; the dream is about 1GB/s, RDRAND achieves 500-700MB/s.
Why are PRNGs not good enough? A hardware implementation of algorithms in the SHA series can achieve multiple GB/s of throughput. With a good seed, wouldn't the output of a simple counter-based or iterative hash-based PRNG be sufficiently random for simulations?
Yes, PRNGs should be good enough, and PRNGs that are supposed to be cryptographically secure should definitely be good enough. (A PRNG that is not cryptographically secure still could be good enough for simulations.) Any method to distinguish a PRNG from true randomness would be the basis of a cryptographic attack on the PRNG. In fact, PRNGs are better for simulations because it allows the results to be reproduced exactly from a small seed.
Most noise is quantum noise (including the one quoted, even though electron avalanche is a classic phenomenon, in semiconductors it's going to have quantum effects)
But in the end it doesn't matter, any unpredictable, non manipulable source of randomness is fine. Other sources of noise in electrical circuits (apart from quantum noise origins) are interference (like the 60Hz hum, radio interference, and even background radiation)
Interesting, but I don't think this generates true random numbers.
The traditional quantum optics setup does, however. The basic design is also a lot simpler: you've got your source of photons, your half-silvered mirror, a bunch of detectors and you're ready to go.
Here are some devices from ID Quantique that use quantum optics:
> I don't think this generates true random numbers.
I'm interested in what makes you think that. If you could predict the precise course of electrons through a reverse biased pn junction, I would have thought that would be a breakthrough in quantum mechanics worthy of the Nobel Prize in physics.
I'm not in complete understanding of what differentiates a true random number from a non-true one in this instance.
I fully understand why algorithmic pseudo-random numbers can be said to be not 'true' random numbers -- if you know the algorithm that produces the numbers, and you know enough of the numbers output by any particular 'round' of random-number-generation production, you can in principle figure out how the algorithm was seeded -- or narrow it down to a few possible seeds -- and predict with greater accuracy its future outputs. (I'd like to know if I've got that wrong).
But in this case, that doesn't seem to be a concern. What could make someone think it's an 'un-true' RNG? What, to such a person, would a 'true' RNG look like? Is thermal noise an 'un-true' RNG? Why?
Some hardware RNGs had poor deskewing or correlated bits or no failure detection or were outputing other non-random noise or were using weird sampling rates.
I post a link elsewhere in the thread with some description. RFC4046 has some more information.
So, while the hole-electron moving[1] through the pn junction is quantum there's a bunch of other stuff that can be sent to the output stream and that poor software implementations include as random.
[1] apologies to physicists for inaccurate terminology. I never really know how to describe what hPpens with holes and electrons in semi conductors.
It's just that the optical system is simpler, and still predicts true randomness. So if I were forced to e.g. build a business based on true random numbers, I'd probably go for the simpler system.
It seems to me that this could be very innovative in therm of security by possibly supplanting CSPRNG (Cryptographically secure pseudorandom number generators - many of which (or their implementations) were discovered insecure in the past) in some practical scenarios.
My understanding is it's pretty straightforward to do so - here's a nice little device available on tindie:
https://www.tindie.com/products/ubldit/truerng-hardware-rand...
And here is the physical process it's based on from a (5 year old) paper.
http://cockrum.net/Implementation_of_ECC_on_an_8-bit_microco...
And, not to be pedantic, but you really only need a small amount of entropy to seed your PRNG - for all practical purposes, the rest of the random bits can be computationally generated.