Entropy, how to calculate it from series of outcome

[Sanglotslongs2]

Hello,

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

Thanks

[1713915404]

1713915404

[bob123]

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

You can't say that, no.

The probability tells you that if you are doing up to an infinite amount of rolls, you'll have pretty close to 0.166666% of each result.
But this is NOT a guarantee. Especially with such a low number (300), this doesn't need to be the case at all. You'd need at least a few hundred thousands of tries to be sure the output is 'kind of random'.

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

No need to waste your time. The human brain is less than '1/10 random' as an PRNG.



If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

This is way more random than your brain or any dice rolls can ever be. And it only takes 5 seconds compared to a few hours.

[aplistir]

One sure way to ensure randomness is to generate 2 keys.
First generate one with whatever way you like, eg, coin, dice or manually by pencil.

Then generate the 2.nd one with urandom.

And combine the 2 keys with XOR.

Eg. If your keys are
1.st:    01101001...
2.nd:   01011011...
result:  00110010...
(in XOR you add binary bits together bit by bit. if they are the same the result is 0, if one is 0 and other is 1 the result is 1)

In this way, even if only one of your keys is truly random, the result is still random.

[Foxpup]

And combine the 2 keys with XOR.

Don't do this. In the unlikely event that there is any correlation between the two random sources, XOR will cancel them out, reducing entropy. The correct way to combine multiple entropy sources is to concatenate them, then hash the result.

[aplistir]

And combine the 2 keys with XOR.

Don't do this. In the unlikely event that there is any correlation between the two random sources, XOR will cancel them out, reducing entropy. The correct way to combine multiple entropy sources is to concatenate them, then hash the result.

Interesting
I have heard about the possibility of using hash for combining 2 keys, but never knew how to do it.

Can it be so simple.

[Sanglotslongs2]

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

I know but all this variables can be good enough to generate a private key.

No need to waste your time. The human brain is less than '1/10 random' as an PRNG.

Do you have a source for this ? I would like to read more about it  

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

I know that "randomness" is calculated from a lot of variables (memory usage in your message) is this process open ? Can we know what the variables are ? I know that INTEL'S CPU do it in a black box but it must be open process too. Thanks.

[odolvlobo]

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

I don't think there is a way to measure entropy of the generator from the outcomes. Also, when somebody says that something has "N bits of entropy", they are assuming an ideal RNG.

As for measuring the quality of your dice rolling, I think that simply measuring the uniformity of the distribution for a large number of rolls is probably sufficient, since a roll is probably not significantly affected by a previous roll or the time of the roll or the conditions during the roll.

If you want to be more thorough, then here is some information about other tests you can run: https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=906762

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

[HeRetiK]

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

Precisely.

You could also say the same about:

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

Both are deterministic in the end, as long as you dig deep enough (but not so deep as to enter the quantum realm). The latter being obviously more practical than throwing dice.

As long as the result looks random to an outside observer, ie. does not show any bias towards certain numbers, you're golden. That is, as long as an adversary is unable to acquire the input required to (re)create the pseudo-random output. Which can be reasonably assumed for both physical dice and /dev/urandom.

[Diamond Dallas Page]

Hello,

I want to generate my own private key with dice and/or other very entropic phenomenon. But how can I calculate if my data have a good entropy ? I mean if I throw dice in a certain way too much time maybe my outcome will not be trully random, maybe my dice is not a very good dice and have imperfection etc.

So can I just throw it 300+ and if I don't have 0.166666% each result (1,2,3,4,5,6) it's not good ?

Also I want to write my own series of dice result just to compare how deficient is my brain when I try to generate true randomness.

Thanks

Try using the an open source program called ent. Here are the results for rolling a die six times with the result vector of <666666>.

% echo -n "666666" | ./ent

Entropy = 0.000000 bits per byte.

Optimum compression would reduce the size of this 6 byte file by 100 percent.

Chi square distribution for 6 samples is 1530.00, and randomly would exceed this value less than 0.01 percent of the times.

Arithmetic mean value of data bytes is 54.0000 (127.5 = random). Monte Carlo value for Pi is 4.000000000 (error 27.32 percent). Serial correlation coefficient is undefined (all values equal!).

[bob123]

Dice rolls are never random.

If you knew all necessary information (exact surface conditions, air resistance, rotating speed, ..) you could predict each roll with your dice. That's far away from being 'truly random'.

That's an extreme statement. You could say the same thing about Brownian motion. In the end, it doesn't really matter if it is truly random or not. The end justifies the means when it comes to an RNG.

Precisely.

You could also say the same about:

If you want to create the private key yourself (without any wallet), i'd suggest to boot up a live linux, let it run a few minutes, open and close random programs, and then use /dev/urandom to generate a private key:

Code:

openssl ecparam -genkey -name secp256k1 -rand /dev/urandom

Both are deterministic in the end, as long as you dig deep enough (but not so deep as to enter the quantum realm). The latter being obviously more practical than throwing dice.

As long as the result looks random to an outside observer, ie. does not show any bias towards certain numbers, you're golden. That is, as long as an adversary is unable to acquire the input required to (re)create the pseudo-random output. Which can be reasonably assumed for both physical dice and /dev/urandom.

That's correct. I have never claimed that /dev/urandom is truly random.

I just wanted to clear out the 'how to be sure that dice rolls are truly random' question.

More precisely my statement was:

This is way more random than your brain or any dice rolls can ever be.

And that's still my opinion. Humans tend to throw the dice in a similar motion each time. Especially with hundreds of rolls.
The outcome will be less random. And the brain being one of the worst sources of entropy should be commonly known, at least if you really need a random number and are ready to spend a few minutes to read into this subject.

[HeRetiK]

That's correct. I have never claimed that /dev/urandom is truly random.

I just wanted to clear out the 'how to be sure that dice rolls are truly random' question.

More precisely my statement was:

This is way more random than your brain or any dice rolls can ever be.

Fair enough.

And that's still my opinion. Humans tend to throw the dice in a similar motion each time. Especially with hundreds of rolls.
The outcome will be less random. And the brain being one of the worst sources of entropy should be commonly known, at least if you really need a random number and are ready to spend a few minutes to read into this subject.

I have my doubts about the first -- at least when someone tries to properly roll the dice and not just fake it -- but I absolutely agree with the brain being one of the worst sources of entropy (and real world attacks seem to support that claim).

[Sanglotslongs2]

Thanks for your replies.

I wish to generate with dice my private key because I don't know if there is a risk to to not have a good random number if I run the prog on CPU. Is there documentation where they compare CPU random number ? If AMD / Intel / Broadcom have their specs. Because it's not only a software problem, I guess that true random number are also hardware dependant.

[theymos_away]

https://en.bitcoin.it/wiki/Passphrase_generation#Generating_keys.2C_seeds.2C_and_random_numbers_.28Advanced.29

On Linux, that's basically how /dev/{,u}random works anyway. It does something like sha1(past_randomness + new entropy from keyboard etc.) repeatedly in order to produce endless random data. (This is a slight simplification, but it's more-or-less like this.)

CPUs offer a randomness instruction, but it's not used on Linux because people don't trust it. The CPU behaves deterministically, and entropy is gathered from elsewhere.

You can analyze the quality of random data to *some* extent using eg. ent (http://www.fourmilab.ch/random/), but it is logically impossible to know whether some data is truly random. For example, the output of a secure hash function should on average always test as perfectly random, indistinguishable from perfect quantum randomness, even if it's a hash of "1234" etc. OTOH, highly ordered-looking data can come out of a true random source sometimes.

[RocketSingh]

I want to generate my own private key with dice and/or other very entropic phenomenon.

Bitcoin blockchain itself is a great source of entropy. Last digit of each block is itself random. There is a dedicated thread discussing this phenomenon - https://bitcointalk.org/index.php?topic=1493510.0

[Sanglotslongs2]

I want to generate my own private key with dice and/or other very entropic phenomenon.

Bitcoin blockchain itself is a great source of entropy. Last digit of each block is itself random. There is a dedicated thread discussing this phenomenon - https://bitcointalk.org/index.php?topic=1493510.0

Yes but since it's public and a lot of people know bitcoin is it secure to use it ? Some hacker can "datamining" the hash of each blocks to steal cryptos. The same way they did datamining on brain wallet, a lot of people wich passphrase was a poem get hacked because the passphrase was hashed to a private key so hacker can attack all brain wallet in the same time (it's different from a bruteforce because bruteforce is agains a sample of encrypted data).