I am going to build a true random number generator ...

[Bitcoin Magazine]

all u gotta do is dance around the room several times, and do 10 jumping jacks and 10 push ups and 10 sit ups and that should provide enough entropy.  lol

[1714721616]

1714721616

[1714721616]

1714721616

[1714721616]

1714721616

[Wilikon]

Why not use the feed from all those public webcams? Pixel and hue variations should be random enough as data.

[DeathAndTaxes]

using radiation is risky.. it has a known half-life which a mathematician could possibly abuse to work out the base number used to then create randomness..

If implemented poorly it is.  A good RNG is designed so that the results can't be recreated.

It won't be measuring anything against a base number.  It will be measuring the time between TWO particle detections (if time between this interval is larger than prior interval that is a "1" and if it is shorter it is a "0" and if it is equal we throw it out).  Quantum mechanics tells us that while the average rate of decay can be calculated the time between each individual decay can not.  Of course our understanding of the universe may someday change but today no scientist can predict how long the next decay will occur in an unstable isotope.

Still it is a good point.  There are a lot of ways to construct a BAD random number generator.  As I get further into the project I plan to make it open source (both hardware and software) and plan to subject the output to various statistical tests for randomness.

[pening]

You already have one installed: your mouse.  move your mouse around for 10 seconds, 30 or more for paranoia levels, and you'll have a nicely non-deterministic value.

[DeathAndTaxes]

You already have one installed: your mouse.  move your mouse around for 10 seconds, 30 or more for paranoia levels, and you'll have a nicely non-deterministic value.

My server doesn't have a mouse and even if it did nobody would be moving it.

[Wilikon]

how about making a deal with farmers. A couple of RasPi or Arduino and some IR detectors. Have them placed near those gigantic industrial chicken coop. their head movement would cut the beam and the timing would generate the data.

The farmers would be paid in Bitcoin for installing and maintaining those easy going Raspberry Pi with a secured WiFi connection to your website. Locations around the world for a 24/7 data stream. No radiation.

[MaxwellsDemon]

I am planning on using Americium (Am-241) for safety reasons (reasonably available and an alpha emitter).

Is it really reasonably available? I don't suppose you can order some from Overstock... You might have to buy a bunch of smoke detectors and take them apart  

Also, FWIW, it's not all that safe... It emits a bit of gamma as well, as do some of its decay products. Not too dangerous, but make sure not to eat it  

[MaxwellsDemon]

how about making a deal with farmers. A couple of RasPi or Arduino and some IR detectors. Have them placed near those gigantic industrial chicken coop. their head movement would cut the beam and the timing would generate the data.

Not safe. A clever attacker will hide a kinect in there and figure out your numbers. Nevertheless, it would certainly be the funniest RNG ever invented 

[The Avenger]

Bonus points if you can figure out what it is without using google.

I'd say it's an old LND INC 712, if I'm not mistaken.

[DeathAndTaxes]

how about making a deal with farmers. A couple of RasPi or Arduino and some IR detectors. Have them placed near those gigantic industrial chicken coop. their head movement would cut the beam and the timing would generate the data.

Not safe. A clever attacker will hide a kinect in there and figure out your numbers. Nevertheless, it would certainly be the funniest RNG ever invented 

There are ways to use securely use random numbers which are (or may be) known by other parties.  A simplistic option would be to XOR the random values with a large constant.  A more sophisticated option is to use something like HMAC with a private key only known to you to produce new numbers from the existing known stream.

your_random_number = HMAC_SHA256(<your 256 bit private key>, <the sequence of random but possibly not private numbers>)

Still not sure the CRNG (chicken random number generator) would be uniformly distributed.

[Wilikon]

how about making a deal with farmers. A couple of RasPi or Arduino and some IR detectors. Have them placed near those gigantic industrial chicken coop. their head movement would cut the beam and the timing would generate the data.

Not safe. A clever attacker will hide a kinect in there and figure out your numbers. Nevertheless, it would certainly be the funniest RNG ever invented 

Beside hacking the Raspberry themselves a camera of any sort would not work as the chicken's head are the seed providing the final calculation in the algorithm. Also it won't be in one location.

It is a fun concept would bring the farming world, RNG and bitcoin together  

[b¡tco¡n]

Hardware Rngs:

[MaxwellsDemon]

your_random_number = HMAC_SHA256(<your 256 bit private key>, <the sequence of random but possibly not private numbers>)

Ahh, but this assumes you already have a safe and random private key... If you had that, you wouldn't need the chicken to begin with. I call it the circular chicken paradox 

[DeathAndTaxes]

Is it really reasonably available? ... You might have to buy a bunch of smoke detectors and take them apart 

Just one should be sufficient.

Also, FWIW, it's not all that safe... It emits a bit of gamma as well, as do some of its decay products.

Well like you point out they are used unshielded in hundreds of millions of smoke detectors around the world.  The risk shouldn't be anymore than adding another smoke detector to your home.  My goal would be to have the source and detector sealed inside a metal box preferably one which can be mounted in a 3.5" drive bay and connect to the host via internal usb header.

1 uSv of Am-241 with no shielding produces an exposure of ~1.27 Sv per year assuming constant exposure at a distance of 1m.  That is less than 1/700th of the recommended annual exposure limit of 1000 uSv annually.  So "a little bit" in this case is almost zero which is why it is used in smoke detectors to begin with.

Not too dangerous, but make sure not to eat it 

Agreed.  Alpha emitter inside your body is not a good thing. 

[MaxwellsDemon]

1 uSv of Am-241 with no shielding produces an exposure of ~1.27 Sv per year assuming constant exposure at a distance of 1m.  That is less than 1/700th of the recommended annual exposure limit of 1000 uSv annually.  So "a little bit" in this case is almost zero which is why it is used in smoke detectors to begin with.

Ah, I hadn't realized such a small quantity will suffice to get your RNG working. This is indeed negligible. I work with beta emitters far more dangerous than that practically every day, and I'm still standing... kinda   

[precrime3]

A truly random generator is kinda impossible. Output numbers seem to be random, but there is some equation behind it.... I don't think its possible to make a truly random number. Maybe if you analyzed like something minute like the position of an atom or quantum mechanics?

[MaxwellsDemon]

A truly random generator is kinda impossible. Output numbers seem to be random, but there is some equation behind it.... I don't think its possible to make a truly random number. Maybe if you analyzed like something minute like the position of an atom or quantum mechanics?

Well, as OP already mentioned, radioactive decay is one of the few things in the universe that are truly random (at least as far as we understand physics today).

[DeathAndTaxes]

1 uSv of Am-241 with no shielding produces an exposure of ~1.27 Sv per year assuming constant exposure at a distance of 1m.  That is less than 1/700th of the recommended annual exposure limit of 1000 uSv annually.  So "a little bit" in this case is almost zero which is why it is used in smoke detectors to begin with.

Ah, I hadn't realized such a small quantity will suffice to get your RNG working.

Well it remains to be seen but that is my hypothesis.  The reason for this specific tube (LND 712) is that it is very sensitive to alpha emissions.  The source is going to be permanently attached to a screen on the window end of the tube.  There are more sensitive tubes but they are out of what I am willing to spend on a hobby project.  Looking at the test results of other homemade geiger counters it looks like 1 uCi of Am-241 will register 100K to 120K CPM with this tube.  Assume two counts per bit that works out to ~800 to 1000 bits per second peak throughput.

The source or the tube however isn't going to be the bottleneck (at least through 1 kbps).  The hard part is going to be getting a timing circuit which can register events with sufficient accuracy.  We are talking an average interval of 500 microseconds so a timer with microseconds scale accuracy (or at least tens of microseconds) is going to be necessary.  This is beyond the capability of most micro controllers, and it probably going to mean a dedicated real time clock ( something like http://www.maximintegrated.com/datasheet/index.mvp/id/4627/ln/en ).  

As a proof of concept I am going to start out without a RTC but that means much lower timer accuracy and lower throughput first.  Something in the order of <3,000 cpm which produce ~24 bps of entropy.  Even that will depend on micro controller having true 1ms clock accuracy.  For the early test I am going to use a gas lantern mantle (thorium & beta emitter) as the particle source.

[DannyHamilton]

It will be measuring the time between TWO particle detections (if time between this interval is larger than prior interval that is a "1" and if it is shorter it is a "0" and if it is equal we throw it out).  Quantum mechanics tells us that while the average rate of decay can be calculated the time between each individual decay can not.

Is this a good algorithm?

I know that what seems intuitive is often wrong when dealing with things like this, so I may not be thinking this through correctly...

It would seem that while you cannot know how long it will be to the next detection, there will be an oscillating tendency

Anytime you get a "0", it implies that the time was shorter than the previous detection.  While this is not a guarantee that the time is shorter than the average, it certainly is an indicator that the time is more likely to be shorter than the average. (If you average all the intervals when you get a "0", and compare it to an average of all the intervals, the average interval when you get a "0" should be shorter than the average of all intervals, shouldn't it?)

The reverse can be said about any instance where you get a "1".  This would seem to imply that after a "1", there is a higher than average chance that your next interval will be a "0" (and vice versa).

I suppose for these purposes the bias might not be significant enough to be a problem, but I can't help but wonder if there isn't a better solution.

[Come-from-Beyond]

Well, as OP already mentioned, radioactive decay is one of the few things in the universe that are truly random (at least as far as we understand physics today).

R u sure? Longer a particle is stable - higher chance that it will stay stable.