Good comment, something I wanted to be asked. Thermal noise as mysterious (and awesome to play with) as it is - is not secure in its pure version.
ADC can only sample limited spectra
resolution.
Let's say at 48000Hz with amplitude of 12 bit - only limited amount of frequencies (eg complex ones - freq and phase) can be distinguished from one another by ADC. So spectra is not dense.
Plus analog filters reduce that amount too.
GPT-OSS obviously gives bullsh*t estimate of millions of variations to enumerate. It could be (likely) more, could be even less. Depends on a quality of "replica".
Implementation it wrote is super-naive obviously. It's too enthusiastic. I just take it as basis, to keep fixing.
But the human intuition is simple - if ADC was precise enough to sample super-high entropy, it would be a quantum computer already
.
Low-kilowatt energy device cannot generate anything complex, that is why it is enhanced with whitening and PRNGs.
------
To answer the implied question as of why it is not hacked yet, no one simply pays
enough attention -
1) literature on hardware overwhelms students (most hackers), and they're not disciplined to implement.
2) Illusion of social security overwhelms more disciplined engineers
. I'm lazy to even calculate the precise amount of frequencies that 12bit 48kHz ADC can distinguish, even though it was part of my uni program and I was good at it, like in 2009 or something. Financial industry dumbed me down.
We are not as smart as we think.
Thanks God (nature!), I still know that white noise is superposition of frequencies (+phases) with even amplitudes - it is literally not that many (and all freq must be present, no need to permute - I'm already overdoing it on my github).
And their lcm is small (especially for modern computers) - so the chunk of non-repetitive white noise is small.
At least I remember that. And it's enough. Every other alteration (spectra drift, small variation of amplitude, modulations) is some known transformer that can be guessed - I kinda agree with OSS here. But it is much more work than naive academic (GPT-OSS) would expect.
3) Plus don't forget - we say "defect" of resistor, but in reality - it is more like proper tune for the noise it generates. (match between resistor noise and ADC). So flaws are found every day, but the process is not organized - and feedback to regular users is limited (blogs instead of numbers).
As unfortunate as it is - security of obscurity works here temporarily, eg entropy pool of Ledger starts with DUK - it is undocumented (still bound to use low-entropy source).
But those are purely psychological defenses.Speaking of psychology: GPT-OSS is either too critical or too eager to suggest a model, literature either overcomplicates or oversimplifies.
-----
I'm not claiming that it can be modeled easily, it is a long-term project, but officially all those noises are known to be low-entropy. So it is a matter of work.
One of the reasons I made project open and introduced a fund (with like profit sharing etc) to support it long-term hopefully.
-----
What I can guarantee - is:
- that acedemia and govs will be sliding down slowly and permanently (maybe with few ups and downs, reason: limited food simply), so eventually randomness based on naive "cannot tell from noise" will be refuted in favor of randomness based on energy, physical one. Just to fit reality.
- TRNG crash-down will happen within my lifetime.
- my approach will allow to compensate the issue with already existing TRNGs: if there is a powerful cluster of public scanners - they will warn you in advance, since they'll come close to hacking your key faster than students (in reality it is a bit more complex - you have to look-up Public Service improvements aka Explorer in README). So even in apocalyptic scenario - you can just jump between secrets once a month or so.
Even now - it would be a very interesting explorer to show how unequal private keys, actually are, in terms of security, contrary to statistical claims. It has educational value in the present already.
And it makes much more sense than protecting against quantum nonsesnse and other pseudo-scientific stuff that keeps creeping in.
Plus it is more fun to model Ledger precisely, it's like writing a gaming console simulator
.
P.S. Obviously modeling low-entropy source as superposition of waves is no the only approach. There are more interesting ones, but this one is most straightforward to understand.
----
I tried to make this "white noise is something that iPhone generates for you to help you sleep (Nyquist aka thermal is approx white)", "super quality noise has computational power of brute-force" (it's an analog version of a digital counter) , "replay noise attack is the easiest attack possible on crypto, covering both symmetric (good one) and asymmetric (on the edge of pseudo-science) versions" insight as clear as possible, but hard to find "one size fits all" explanation.
You have to look at naive code while it's still is, there is also plot generator visualize.js in the repo, and ask questions maybe. The issue is obvious after you invest some time and work in DYR, but maybe someone will explain the issue better or nicer than me.
On the other hand, if it feels like too much explanation - I'm just trying to cover larger audience, since funds are critical for bypassing "psychological tricks" in favor of Computer Physiocracy. This is my goal here.
In case I run out of time/funds for posts and publishing.
Note for technical people:
The Explorer Protocol I described in README (where known numbers are published) is True TRNG.
From physical definition of random number "amount of energy investing in creating it", one can arrive at logical one:
"Number, so far unknown within locality" (or network).
This is holy grail, many of you can recognize. I cannot just implement it quietly - p2p network required.
-------
P.S.
1) There is no Satoshi, but unlike "Satoshi" I don't have Microsoft behind me, maybe for the best. Can fund truly p2p.
2) I know about freq envelopes, drifts etc. I know actual universal search as alternative (not the nonsense one that widely published). I know how hard is to optimize such searches (reachability/coverage).
note: I also used to briefly work and experiment with heuristic solvers (eg Z3, sledgehammers) - they useless.
It's all cool and all, but the first necessary steps have to be taken to not hurry any of it.
3) For non-technical people: "AI" loves my protocols and ideas a lot. It just does not mean that much to me, since it does not guarantee a working tool, protocol and service.
Small note for non-technical users: (proper) universal search I mentioned, as well as "AI" (and heuristics) can cover your
hidden passphrases and whatever obscurity framework you built: eg use Apple Enclave to generate password (thermal noise and IO events), add something from yourself (low-entropy: usually combo of names and birthdates, government hardwired through repetition, special symbols come from convenience of typing on keyboard), add input from gyro (low-frequency band thermal noise), compress your family picture, quantum "random" numbers (this is thermal noise from lasers etc).
It only creates illusion of security - human imagination is limited. You can see already that naive "AI" (GPT, Torry) gives you good fiction by gluing phrases together arbitrarily. So it outruns you. Algorithms I mentioned would outrun faster and better than "AI" (and more energy-efficient). Sooner or later misconceptions about halting problem and universal search will be wiped out from academia and engineering - that will open up some new possibilities.
And hopefully last note for advanced technical users (about DUN and thermal noise). Even if LCMs were high for thermal and PRNG expansion was used on Ledger's (Or whatever, Apple) factory...
Logically, generator always starts with zero as a seed - and then pipeline runs for limited time. And even if they run it for a year - improved binary search or guesses can be used (akin to libexplorer clock attack). Regulations and corporate environment limit them in capability anyways.
If seed is not zero - then it means another pipeline was used to produce seed. They all use same logical components (ChaCha, xors, SHA so on, all forward obviously) - they can be recombined within common sense. Not even mentioning insight info (kinda useless booster, but nevertheless).
Energy conservation limits the whole randomness of the result: no matter what pipelines, they spent finite, and due to realities, small amount of physical energy. The process is deterministic and bounded - it's just specific computation ran for a while, no mysteries.
"AI" makes it much easier to replicate the process for non-advanced users (in Node.js). There is no way to censor it - it would make it even worse.
Some "AI" models don't even require you to be polite.
We have advantage (over hackers) of knowing theory, FP, logic, proofs, hardware better, but we overthink how smart we are in those ape-descendant bodies.
Illusion of intellectual security.
And note for hackers: my experience with police suggests, that currently they simply stage successful attacks for you. Eg, I met French security guy, consulting police abroad (money laundering prevention on chain), they simply gave him tool that "works" (on few addresses) to test his credibility, they even asked immigration police to arrest and deport him for a "show". He did not know, he was in shock - I had to explain it to him.
So, whatever "secret scanner tool" you got from friend - that's likely police keeping you on a leash, since they don't know any better.
Meantime, our btc-audit tool among other things, has potential to prove this "police workflow" officially (since it removes the need for psychology and profiling - handouts will stop), so maybe send some of the funds they gave you here, lol. If you get a proof - you get more spending freedom, less profiling surveillance, and maybe profit from white-hat passively (see "profit sharing sharing for paid features" in README).
