|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Acidyo
|
 |
April 08, 2014, 09:46:43 AM |
|
What's wrong with the randomness that is used on dice sites like Just-dice?
That one is pretty random too, to be honest.
|
|
|
|
|
|
Light
|
|
April 08, 2014, 09:53:32 AM |
|
What's wrong with the randomness that is used on dice sites like Just-dice?
That one is pretty random too, to be honest.
Because they are not per se truly random but instead pseudo-random being generated by a seed and combined with various other factors. So while they 'approximate' random numbers they are no truly random numbers themselves yet still good enough for the purposes of running a dice game. It's really all about how picky you want to be. |
|
|
|
|
bananaControl
Sr. Member
 Offline
Activity: 322
Merit: 250
Decentralize All The Things!
|
|
April 08, 2014, 10:46:03 AM |
|
While I don't really know anything about your setup or geiger counters in general, it does seem like an expensive component. Would the cheap geiger counters on ebay not be good enough for the task? |
|
|
|
|
MaxwellsDemon
Full Member
Offline
Activity: 187
Merit: 109
Converting information into power since 1867
|
|
April 08, 2014, 11:48:25 AM |
|
Following what I said above, I think it should be possible to use only one event per bit. Just check whether an interval is shorter or longer than the median of the exponential distribution, which is ln2 divided by the rate parameter (which can be estimated given the half-life).
This will create independent bits but there will be a bias towards 1 or 0, depending on the details of your particular setup. You need to compare two intervals created by the same process within the same system, instead of replacing one of them with an external constant. I agree the later is a better solution but using a Von Neumann filter, the bias of independent bits can be removed. For example in the setup proposed say the system was biased toward producing 0s over 1s. Since a 00 sequence (or 11 sequence) is discarded and a 01 and 10 sequence are equally likely the bias can be easily removed (01 = 1 and 10 = 0). Still you end up using at least 2 counts per bit after filtering. The actual number of counts required will depend on the amount of bias. The more biased the source the more counts it will take to produce the "rare" 1 needed to complete the sequence. For example if a system was biased 70%/30% in favor of zeroes then it will require on average 2.38 counts for each bit that passes out of the filter. Uhm, I don't think there will be a bias. That's exactly why I suggested the median. It's not an external constant, it's a parameter of the distribution of the measured variable. By definition, 50% of the intervals will be longer than the median and 50% will be shorter (a few may be exactly equal to the median, but you will discard them). Therefore, I don't think you'd need a von Neumann filter, nor do you need more than one count per bit. |
We're hunting for Leviathan, and Bitcoin is our harpoon.
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2324
Merit: 1204
The revolution will be digital
|
|
April 08, 2014, 11:53:04 AM |
|
How random is PHP math_rand(0,n) ?
|
|
|
|
superresistant
Legendary
Offline
Activity: 2128
Merit: 1120
|
|
April 08, 2014, 12:01:25 PM |
|
Is this real life ?
|
|
|
|
|
|
murraypaul
|
|
April 08, 2014, 12:31:43 PM |
|
Following what I said above, I think it should be possible to use only one event per bit. Just check whether an interval is shorter or longer than the median of the exponential distribution, which is ln2 divided by the rate parameter (which can be estimated given the half-life).
This will create independent bits but there will be a bias towards 1 or 0, depending on the details of your particular setup. You need to compare two intervals created by the same process within the same system, instead of replacing one of them with an external constant. I agree the later is a better solution but using a Von Neumann filter, the bias of independent bits can be removed. For example in the setup proposed say the system was biased toward producing 0s over 1s. Since a 00 sequence (or 11 sequence) is discarded and a 01 and 10 sequence are equally likely the bias can be easily removed (01 = 1 and 10 = 0). Still you end up using at least 2 counts per bit after filtering. The actual number of counts required will depend on the amount of bias. The more biased the source the more counts it will take to produce the "rare" 1 needed to complete the sequence. For example if a system was biased 70%/30% in favor of zeroes then it will require on average 2.38 counts for each bit that passes out of the filter. Uhm, I don't think there will be a bias. That's exactly why I suggested the median. It's not an external constant, it's a parameter of the distribution of the measured variable. By definition, 50% of the intervals will be longer than the median and 50% will be shorter (a few may be exactly equal to the median, but you will discard them). Therefore, I don't think you'd need a von Neumann filter, nor do you need more than one count per bit. But you suggested estimating the median from a known constant, not calculating it from the actual sample. That introduces the possibility of bias. |
BTC: 16TgAGdiTSsTWSsBDphebNJCFr1NT78xFW
SRC: scefi1XMhq91n3oF5FrE3HqddVvvCZP9KB
|
|
|
right wing authoritarian
Member
Offline
Activity: 73
Merit: 10
|
|
April 08, 2014, 12:48:50 PM |
|
You could use phosphorescence of fluorescence instead of radiation. They are quantum so random.
|
|
|
|
|
MaxwellsDemon
Full Member
Offline
Activity: 187
Merit: 109
Converting information into power since 1867
|
|
April 08, 2014, 01:20:14 PM |
|
But you suggested estimating the median from a known constant, not calculating it from the actual sample.
That introduces the possibility of bias.
Well, yea... The half-life of 241Am is well known and measured, I don't think there's a lot of wiggle room there... But I suppose you don't know the purity of your sample, plus the sensitivity of the counter might introduce some bias... Maybe it really is preferable to calculate from the actual sample. It's also very easy. You just let the counter run for a very long time, and calculate the average CPM (by "very long time", I mean very long relative to the average interval in the OP's setup, which OP expects to be some fraction of a millisecond. So a few hours are probably more than enough for the law of large numbers to really kick in). Then you just take ln2 divided by the average CPM, and that's your median interval right there. In fact, if you have the thing running all the time anyway, you could use the massive amounts of data points you collect to continuously fine-tune your measurement of the average CPM. Say, once a month you calculate the average CPM of the last month, and recalculate the median. That way you're continuously adjusting for the decay of your sample, degradation of the counter tube, and such. |
We're hunting for Leviathan, and Bitcoin is our harpoon.
|
|
|
sickpig
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
April 08, 2014, 02:55:29 PM |
|
Well to be clear this isn't "my" approach, just the one I am planning to use.  I don't want people to incorrectly give credit where no credit is due. Fourmilabs in switzerland has been providing true random numbers over the internet produced from observing radioactive decay for the better part of a decay. The interesting thing is that micro controllers have gotten fast and cheap enough combined with a lot of open source hardware information at there that it becomes economical for a hobbyist to build their own "hotbits" device at home. I didn't want to grant you the full paternity of the idea (i.e. provide true random numbers using quantum entropy). I just wanted to underline the fact that your idea has a potential since it could be produced on a large scale with low costs per unit. kudos in advance |
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
April 08, 2014, 03:27:56 PM |
|
Isn't casting dice enough random? Maybe the only problem is that the process of collecting those numbers and generating a key is lengthy  |
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 04:04:29 PM |
|
Isn't casting dice enough random? Maybe the only problem is that the process of collecting those numbers and generating a key is lengthy As long as the dice are fair it certainly is, so would flipping a lot of coins. The collection of data however is manual and slow. |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 04:43:14 PM |
|
How about an RNG based on the blockchain? |
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
April 08, 2014, 04:54:01 PM |
|
May I ask - what are you planning on using the RNG for? Because if it's for applications like generating passwords - it might not be that useful. If there are already quantumcomputers powerful enough to predict the movement of E.Coli..they will surely enough be powerful enough to just bruteforce the passwords.
There aren't quantum computers powerful enough to predict the movement of E.Coli. How random is PHP math_rand(0,n) ?
Depends on what purpose. If someone knows exactly what time (ms) you generated a random number using it, then they could regenerate the same "random" number. It's not 100% secure for generating things like Bitcoin addresses, but in all likelihood, you'd probably be fine using it. A true RNG has results that are unreproducible. |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 05:00:14 PM |
|
May I ask - what are you planning on using the RNG for? Because if it's for applications like generating passwords - it might not be that useful. If there are already quantumcomputers powerful enough to predict the movement of E.Coli..they will surely enough be powerful enough to just bruteforce the passwords.
There aren't quantum computers powerful enough to predict the movement of E.Coli. How random is PHP math_rand(0,n) ?
Depends on what purpose. If someone knows exactly what time (ms) you generated a random number using it, then they could regenerate the same "random" number. It's not 100% secure for generating things like Bitcoin addresses, but in all likelihood, you'd probably be fine using it. A true RNG has results that are unreproducible. Predicting movement of E. coli sounds unfeasible based on general chaos theory. |
|
|
|
phelix
Legendary
Offline
Activity: 1708
Merit: 1019
|
|
April 08, 2014, 05:55:34 PM |
|
Does this provide more entropy than something more common and practical, like the camera on your phone? I would imagine that if you hashed a 24-bit 10 megapixel random image you'd get a random number with pretty good entropy. After all, each pixel can be considered as an independent photon counter.
this ? |
|
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 05:57:04 PM |
|
While I don't really know anything about your setup or geiger counters in general, it does seem like an expensive component. Would the cheap geiger counters on ebay not be good enough for the task? Probably. The G-M tube selected is very sensitive to alpha radiation. This allows a high number of events (counts per minute) without needing to use a source with high beta or gamma activity (dangerous). It is very possible that cheaper less sensitive tube will also work depending on the radioactive source and the throughput of random bits required. I intend the design to use a simple two pin connector for attaching the tube using soldered on leads, and an adjustable high voltage power supply so the design could be adaptable to other tubes which operate in a 300V to 500V range. |
|
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 06:03:47 PM |
|
Does this provide more entropy than something more common and practical, like the camera on your phone? I would imagine that if you hashed a 24-bit 10 megapixel random image you'd get a random number with pretty good entropy. After all, each pixel can be considered as an independent photon counter.
this ? A normal photograph probably not. The pixels aren't random they are organized into all types of patterns, also subsequent photos won't be independent. There is a project which uses a capped webcam as a source of entropy. A perfect web cam would show a uniform black output but due to noise in the sensor it produces spots which if not random are at least a very complex chaotic system. http://sourceforge.net/projects/lavarnd/It is a form of TRNG however I am more interested in the sub category of TRNG based on quantum observations. Still there is more than one way to gather entropy. |
|
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2348
Eadem mutata resurgo
|
|
April 08, 2014, 08:09:36 PM |
|
So gonna integrate it with a hardware wallet .. like Trezor for the off-line keygen part too?
|
|
|
|
|
