Ultimately you will need to test it somehow. A graph of all the random numbers after 10,000 samples? It should be flat, with some noise.

Like I said, following with interest.

My personal interest is cryptography. It would be possible to make a fairly secure system if you could transmit a really large random number via a secure physical medium, such as a thumb drive or CD. I have no use for something like this, but it is interesting to me. Governments as a class hate the whole concept of a truly unbreakable code.

 

That sounds perfect. The only hiccup is that I have no idea how to design the circuit, measure the input noise, or control the amplification to get the input for the ADC.
...

The circuit linked to by Bretm above is probably ideal already, you may just need a trimpot to trim the amplitude, and feed that to a 2 resistor divider to centre the waveform around 2.5v (which is only needed really to stop any chance of clipping).

...
I was thinking of possibly amplifying to beyond clipping points and ignoring min (0) and max (2^10) values, then using the least significant bit (or possibly XOR on the two LSBs).
...

You should avoid clipping as the micro's ADC will hit the limits and give min or max values, which are always the same so you lose all the "randomness" you might have gained from that sample. It's no big deal to use a simple circuit like the one linked to above and put a trimpot on the output.

If you don't have a 'scope to see the amplitude, you could examine all the ADC values like Bill suggested, or even just record and output the worst (min and max) values and that will show if the amplitude is clipping or not.

...
My personal interest is cryptography. It would be possible to make a fairly secure system if you could transmit a really large random number via a secure physical medium, such as a thumb drive or CD. I have no use for something like this, but it is interesting to me. Governments as a class hate the whole concept of a truly unbreakable code.

I originally had a web page trying to popularise this system but took it down for a re-write after so many complaints "this is just an old system before they knew better" or "it's no good because both people need to have the key and you can't transmit the key" etc etc.

Yep I too like the idea of totally unbreakable encryption, which is really not hard to do at all. But you and me are the exceptions I think?

 

I think Bretm's circuit is using avalanche noise. Call me a purist, but I'm really after quantum tunnelling!

I read a little about OpAmps and had a go at designing a zener and transistor based circuit (see attached). It looks almost too simple (though it doesn't centre around 2.5v yet).

If I understand it correctly, the amplification is controlled by the ration of R1 and R2 as:
Amplification = (R1 + R2) / R2

A few questions if I may
(1) will this work, or have I misunderstood anything
(2) given that I expect very weak signals to come through the semiconductor junctions, do I need R3 at all?
(3) if I end up with very high amplification (say 100,000) would the op amp end up adding it's own operating noise?
(4) if i need more amplification, is it wise to cascade op amps?
(5) does connecting both op amp inputs to ground prevent ground fluctuation being amplified? Anything to consider here other than aiming for short signal paths on the PCB?

 

The exact source isn't important, as long as the source is truly random. That is the real kicker.

I have a fuzzy image in my head of what a noise source to digital number would look like. Too fuzzy to be useful at this time. To me, this is as important as the actual noise source. I'm thinking of a system to convert the noise to one/zeros, after that a shift register would convert this to a random digit, be it 8 bit or 16, or whatever.

If you created a massive random number, say 4 Gig worth, simple mail would allow you to send it. That or sent it over the internet long before you need it. If you wait until someone is watching you are probably screwed anyhow. If you and the other person both have the same number it is a key.

I have heard of other random generators using mildly radioactive sources and small geiger tubes. That would be an excellent source too. You would be surprised what fits the mildly radioactive description out there.

 

I think Bretm's circuit is using avalanche noise. Call me a purist, but I'm really after quantum tunnelling!
...

Can you define the difference and why it may be better?

Since your micro samples the noise source voltage periodically, all that is necessary to achieve "truly random" is that the noise voltage is different at every time it is sampled. After that the only real differences come down to the spectral distribution (how high a freq the noise extends to) but that is meaningless when you are sampling with the micro at a relatively slow frequency.

The other issue is the 0-1 bias which is not likely to be a big issue since you are using a 10bit ADC and the noise will as likely be a 0 as a 1.

The exact source isn't important, as long as the source is truly random. That is the real kicker.
...

"Truly random" is a cinch with a micro (or even a logic circuit) provided you don't need too high a datarate compared to the spectrum of the noise.

Radioactive decay RNGs are cool but a little old fashioned. You could use something easier like a neon bulb relaxation oscillator as the neon will flash over at slightly different voltages on the charge time curve each time, so you just compare that instant to the LSB of a high speed digital counter.

When I was measuring the mains frequency using a 10MHz based timer it would have been trivial to grab the LSB of that timer on every mains half cycle, there is enough organic noise on the mains so the ZC point in time is truly random in reference to a 0.1uS counter's LSB. In fact the time variance in every mains cycle was in the hundreds of uS range.

 

Can you define the difference and why it may be better?

You're right of course, "good enough" random number generation is a piece of cake. I'm looking to design something outstanding, not because I need it, but because I enjoy it.

Most of my research is based on the wikipedia page:
http://en.wikipedia.org/wiki/Hardware_random_number_generator

Avalanche noise is essentially when a PN junction breaks down. It is a physical phenomenon and not truly random. In theory you could influence the device by manipulating its temperature.

Quantum tunneling is truly random, one well known example is radioactive decay. A lesser known one is the reverse biased PN junction where the reverse voltage is too small to cause avalanche, but randomly a small signal will make it through.

 

Thank you for the explanation.

"Truly random" may be mis-named. Radioactive decay has a higher time-entropy (larger randomness of the time periods between events) but that doesn't mean that it produces better randomness than a periodical event (like a neon discharge oscillator or capacitor oscillator, or mains frequency period example that I posted above).

All that is necessary for "truly random" is that the gating period is sufficiently small to be much smaller than the noise period attached to the events.

If that is the case then the data output is just as good, although there maybe less data output over time.

As an example the radioactive events maybe occur with periods ranging from 10uS to 10000uS between each decay event, so that noise time period can gate a timer to provide a random bit.

But a 100Hz mains freq system like I mentioned has periods averaging 10000uS, ranging from 9900uS to 10100uS (a 200uS noise period) so gating a 0.1uS timer is suffiently smaller than the noise period that the data output bit will be exactly as good *per event* as a data bit gated from the radioactive decay event.

It's the nature of random data that any data sufficiently random is just as good as other data which is sufficiently random, regardless of the method used.

So just because one noise source has a longer noise period than another source does not mean the data you make from it will be superior.

 

I think "truly random" here also means (the basis of the random function, not the interface circuit is) not affected by external forces. Quantum randomness is completely unaffected and is a unique source of randomness that can't be (in theory) computed, Radioactive decay may change only slightly from external events but in things like neon discharge, main derived, etc .. randomness can be manipulated fairly easily by external forces.

I've posted this before:
http://arxiv.org/abs/1004.1521

http://news.stanford.edu/news/2010/august/sun-082310.html

 

I understand that NSAspook, but I would make a couple of points in regards to this application;

1. Even if the zener circuit operates in "quantum" mode and not avalanche mode it is still possible that the noise it generates into the amplifier could also be manipulated, by EMF fields etc or have some additional noise component caused by EMF or coupling of other electrical activity. If you know an easy to make "quantum" source that is totally immune to all deliberate external influences please post details.

2. Even in the event that a noise component of a periodic signal can be manipulated there is no guarantee that the manipulation would produce any controllable output of the RNG or reduce the quality of the output of the RNG. Even deliberately manipulating the mains waveform by adding current or voltage to it would still be extremely hard to produce an effect that would cause more 0 or 1 bits to be reliably produced in a 0.1uS gated counter of unknown sync. And in this application we were not talking about high tech deliberate tampering, but about the quality of output of some simple examples.

3. In all cases the organic entropy fed into the micro should be hashed with some other internal RNG process, possibly more than one process, for whitening and also to reduce or negate any significant effect from imperfection in the organic entropy.

4. Regarding the exact point where a gas discharge tube starts to ionise and the way ionisation initiates, speed of ionisation before the gating occurs etc there is a very high random component, possibly qualifying as "quantum". We've all seen the random flickering of neon bulbs especially in an undervoltage situation.

Your first link is that the entropy produced by quantum effect is not computable, compared to psuedo RNG data produced from an algorithm. I'm not arguing that, what I'm arguing is that if you generate data from mains borne noise the data will be just as "incomputable" as the quantum data.

 

If you know an easy to make "quantum" source that is totally immune to all deliberate external influences please post details.

If totally immune means "sludge hammer" proof no.

2. Even in the event that a noise component of a periodic signal can be manipulated there is no guarantee that the manipulation would produce any controllable output of the RNG or reduce the quality of the output of the RNG.

There is also no guarantee that by being clever you can't modulate the noise source and create a bias as there is always a threshold for bit detection in systems where the noise is analog in nature.

I agree that just how much better a "True Quantum RNG" is and if you need it depends on the application worth requirements. If it's for testing your psychic ability to change random numbers then very good is fine.


If your application is security never forget that even if the hardware and software are perfect, people are not, especially where money is involved.

http://en.wikipedia.org/wiki/Walker_spy_ring
http://www.fas.org/irp/eprint/heath.pdf

Everyone makes a big deal out of the fact that I became a spy. It's because spying is such an unusual crime, but what they don't understand is that I became a spy because that is what I had access to. If I'd worked in a bank, I would have taken money. If I'd had access to dope, I would have sold drugs. The fact that I became a spy is really insignificant. The point is that I became a spy because I needed money. It was as simple as that.1
John Walker, quoted in Family of Spies

 

...
If your application is security never forget that even if the hardware and software are perfect, people are not, especially where money is involved.
...

Yep! And that is such a good point. I'm sure we can easily build simple little black boxes that produce uppredictable unbreakable "pure" entropy... But any spy could insert a process after the black box that produces something else,something that looks "random" but contains patterns easily exploited.

It would be nice to hear back from the OP, as it's a cool project idea building a little box that can output unbreakable data. Or like BrettM made, a little "desk toy" box to produce passwords. I have not seen a project like that on the forum before and it would be fun.

One of the pro RNG devices uses a light source and splitter, and gets the difference from two photosensors. You could do it with an incandescent bulb through a pinhole to razorblade edge and 2 photosensors into opamp + and - inputs. Ideally most external influences would be negated by the dual system and photons from a heated filament should be of "quantum" quality.