AnonymousDecember 17, 2004 10:40 AM

Maybe this posting serves to show how "easy" it can be to generate good random bits with a hardware generator: It's so easy, it predates the space age.

Bruce SchneierDecember 17, 2004 11:40 AM

Sometimes I just don't have time to write a longish post about why I think a link is interesting. But you're right; I should do it more often.

To me, this paper is a historical cryptographic artifact -- and interesting simply for that reason. It's like Rand's book of random numbers from the 1950s.

AnonymousDecember 18, 2004 3:21 PM

Unfortunately, the advance of technology (and improvement of manufacturing precision) universally reduces the richness and availability of hardware noise, such as that used in the latter part of the article. For instance, in many existing PC's, the faint wobble of a spinning disk drive gives a very rich source of noise... but as manufacturers improve disk access speeds, this wobble is dwindling away to nothing.

So, what worked well in the 50's probably wouldn't work as well now, and will continue to work less and less as years go by. Ultimately, "explicit" RNG's (such as isotope-decay-based technologies) will need to become a standard component of all secure architectures (for which pseudo-random math functions just won't cut it).

Clive RobinsonDecember 20, 2004 5:06 AM

A couple of things, is it me or is the design very very similar to that that Intel used in their random chip and got a patent on five or six years ago.

The second is although "anonymous" has a point about manufacturing tolerances getting better random noise sources are and will be for the foreseable future all around in that as long as there is resestance and a temprature above absolute zero then there will be thermal noise.

There are several ways of getting at thermal noise one of which is the white noise from a sufficiently sensative CW receiver tuned to a blank part of the band with the antenna replaced by a dummy load held at a suitable temprature like 100 Celsius. If you read any of the Tom Clancy books he recons this is how the NSA do it (fiction is after all a wonderful thing).

The RNG circuit I designed last centuary (just over five years ago ;) used a Zenner Diode with a small value resister in series. The PD across the resistor was feed into the input of a differential instrumentation amplifier, the current in the diode was adjusted to give a high level of noise output, this was used to drive a VCO that was used to sample the output of an Xtal oscilator (sometimes called a roulette wheel circuit).

In practice any reverse biased semiconductor junction will produce suitable noise when correctly biased (ie the BE junction of an NPN transistor). The reason for using a zenner was that it is much easier to bias for noise.

The hard part of the circuit design was to keep extranious noise out from the supply lines and capacitive and inductive coupling from other parts of the circuit (a hint if doing it yourself use good RF circuit lay out techniques, balanced design in the analogue sections with zero volt gard rings around critical parts of the circuit like the diff amp inputs oh and get the PSU noise down well below the noise level of the diode).

Hard as this was, it is a heck of a site easier than correctly using the output, which I think even Bruce will admit is a hard problem ;)

Matt RDecember 20, 2004 7:22 AM

Another data point in the history of hardware RNG, especially for crypto, was SIGSALY, an early (1943) voice encryption system using one-time pads:

"Key generation was a major problem...This was accomplished for SIGSALY by using the output of large (four-inch diameter, fourteen-inch high) mercury-vapor rectifier vacuum tubes to generate wideband thermal noise. This noise power was sampled every twenty milliseconds and the samples then quantized into six levels of equal probability. The level information was converted into channels of a frequency-shift-keyed (FSK) audio tone signal which could then be recorded on the hard vinyl phonograph records of the time." --

ShunmuganathanJune 17, 2008 2:48 AM

Kindly help me to get a White Noise RNG
Hareware & s.w for Radionic Dowsing

MatthewOctober 21, 2010 11:44 AM

Speaking of the RAND book, I remember reading an anecdote (it was a long time ago so I forget the source except that it was a book) where the writer picked up the book and an erratum slip fell out.
It transpired that it was a correction for the statistical results rather than the random numbers themselves, but I still find it humourous.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.