Re: TRNG with 18 Mbit/s using Thermal Noise

Rob Warnock wrote:
Jo Schueth <jo@xxxxxxxxxxxxx> wrote:
+---------------
| in a home-brew project, I recently built a TRNG based on thermal noise
| that achieves a net data rate of 18 MBit/s after post-processing.
....
| http://www.schlaupelz.de/TRNG/Highspeed_TRNG.html
| | The point is not that you can build a TRNG with good quality output
| from readily available parts at home, but rather the high bandwith
| achieved with this design. ...
+---------------

Congratulations! It's always rewarding to build something and get
it working.

I would just note, however, that since you already have a comparator
and at Atmel micro board, I don't see why you really need the
additional complexity of the LNB & antenna. A standard microwave
noise diode (of the sort used to calibrate pwoer meters) connected
to your comparator (possibly with a cheap op-amp pre-amp stage)
should give you thermal noise every bit as fast & good as your
LNB+antenna, but mountable right on your Atmel board.

Or if you're willing to settle for Zener noise a.k.a. avalanche noise
(*almost* as good as thermal, for RNGs at least), then you might want
to consider one of these approaches:

http://world.std.com/~reinhold/waynesrngcomp.gif
http://www.maxim-ic.com/appnotes.cfm/appnote_number/3469
http://willware.net/hw-rng.html
http://www.cryogenius.com/hardware/rng/
http://www.cryogenius.com/hardware/isarng/
http://www.ciphersbyritter.com/NOISE/NOISRC.HTM
http://electronicdesign.com/Files/29/6356/Figure_01.gif

I really don't get it. Does anyone realise the difference between "I cobbled this together and it worked (eventually) compared to "I designed this to be stable and reliable over a wide range of component tolerances and conditions"?

A while ago I put up two designs for a TRNG using a transistor junction in zenner mode as a noise source, just like most of the circuits here. Circuit technique wise, I used a small amount of feedback to broaden the range of acceptable transistors (or equivalently, to make the circuit less sensitive to component tolerances) while staying clear of instability and I pointed out that because there was capacitor coupling between stages, there would be some level of autocorrelation - which I minimised by making the time constants involved quite large. And I was criticised by a number of members of sci-crypt for such a "poor quality" circuit.

All the circuits posted above use the same capacitor coupling I used and consequently all have the same autocorrelations, but they have failed to mention it or to do anything to minimize it. I surmise that this is the result of not properly designing for cryptographic uses. When an input stream is correlated Von Neuman's method of de-biasing may result in even greater correlations.

Further, most of the circuits use a transistor buffer stage identical to the one I used but without any feedback at all. If my design was subject to horrendous and unacceptable drift and sensitivity to component selection then these designs also suffer - only more so!

There is one circuit that converts the analogue noise signal almost directly to a TTL signal (nice and practical idea, somewhat badly done). As well as autocorrelations, without painful and repeated calibration, or a debasing circuit, it presents a biased bit stream to whatever it is feeding. The problem with that is that the maximum amount of entropy per sample is less than optimum and one way or another your computer will have to waste time fixing it. With debasing from an edge triggered flip-flop, in the long run the number of 1's equals the number of 0's - that is, the entropy per bit approaches one, the optimal value. Since you can generate the noise much faster that you can sample it, this process reduces the demand on the CPU or system's I/O and/or improves the quality of the samples. The "add on" circuit is a single chip costing about $1.

My "favourite" one use an lm336 as a zener diode noise source (something about it being fully "specified"). The problem with this is the lm336 is a low noise voltage reference that can be used *like* a zener diode i.e. as voltage reference in a shunt circuit. It is *not* a zener diode. All the circuitry of the lm336 operates in the low noise forward biased mode rather than the inherently noisy reversed biased breakdown mode of a true zener (see page 10 of http://www.national.com/ds/LM/LM136-2.5.pdf there is no attempt to make or add a zener's noise). The noise specification in the data sheets is the *maximum* noise of the chip (no one deliberately makes a noisy voltage reference). So the circuit only works "as advertised" when the LM336 is out of specification. Since this low noise voltage reference is coupled to a relatively noisy lm386 you can guess where most of the noise for this circuit comes from. Do you think that particular circuit deserves some comment? Perhaps a dis-endorsement since the circuit design and idea behind it are both faulty?

Last comments.
A proper list of these circuits should look like this.

http://world.std.com/~reinhold/waynesrngcomp.gif
Interesting circuit. Uses op-amps rather than transistors. Has a limited frequency range (approx 1.5kHz to 10kHz). Assuming this is feed into a sound card then: The low frequency cut off will make autocorrelation effects more obvious (changing C4 to 2.2uF or a little larger will greatly reduce this). The upper frequency cut off is determined by the lm741 being used as a high gain stage and results in reduced entropy per sample. Changing the 741 to a TL071/TL081 or other higher Gain/BandWidth op amp would fix this (check that Vin Common mode is not exceeded for other op-amps). To drive into a sound card a chip with the drive capacity of the LM386 is not needed. Since you already have a dual polarity power supply then you could replace the '386 with almost any op-amp. Or replace both the 741 and 386 with a dual op-amp such as the TL072 etc. The variable resistor (VR1) is a point of failure. After the device is set up, it should be replaced by appropriate fixed resistors. May need care when selecting transistors.

http://www.maxim-ic.com/appnotes.cfm/appnote_number/3469
This is an Radio frequency noise source. The output of this source is about -50dbm which is approximately the starting point of the other designs. Also the graphs and circuit diagrams do not match. The circuit diagram shows the amplifier feeding via a 470pF capacitor into a 50 ohm load (according to the text). This produces a lower frequency cut of 6.7MHz which is not matched by the graph.

http://willware.net/hw-rng.html
This is a fragment of a circuit. May need care when selecting the transistors. You will have to design your own circuity for interfacing to anything. Speaks of using a micro-controller to interface to RS-232. That's already been done with a PICAXE chip ($5 for the chip, otherwise completely free - free software, needs no programmer, 9600 baud)

http://www.cryogenius.com/hardware/rng/
Two circuits. One uses a micro-controller. Same noise circuit as before for the same problems, common to both circuits. Autocorrelations and needs some care in selecting transistors Q1, Q2. Same fixes as before - increase the size of the relevant capacitor in this case C1. The positive end of R3 is incorrectly connected to the plus 12 volt rail. While probably not destructive (if the transistor fails +6v will be applied to the micro-controller input), many possible combinations of parts R2, Q3, R3, R4 and 74LS14 (or micro-controller) may not clock properly - the negative voltage threshold of the 74LS14 is .5 to 1 volt (NSD data ***). Fixing R3 to the 5 volt supply rather than 12 volt, deleting R2 and R4, plus adding an appropriate collector feedback bias resistor(Rfb = .5/.00081 * Hfe) will fix those problems.

http://www.cryogenius.com/hardware/isarng/
Same noise circuits and micro-controller again but fitted to an ISA card. The ISA card interface is nice and well done.

http://electronicdesign.com/Files/29/6356/Figure_01.gif
An RF design. Low level output. Exactly the same comments as the Maxim design.

http://www.av8n.com/turbid/paper/turbid.htm
Has excellent information, but no circuit designs. I am unconvinced about how entropy in correlated data is accounted for. The comment that a sound card has no memory is untrue. Both the sound card and a capacitively coupled noise source store the integral of the previous signal and subtracts that from current signal. Is it enough to be important? I don't know. I only know that it is there.

http://www.ciphersbyritter.com/NOISE/NOISRC.HTM
No. I have mentioned the problems earlier.



You would, of course, need to do de-biasing (Von Neuman or eq.)
and whitening (SHA-1 or eq., perhaps), but you need that anyway
for your LNB+antenna design...


The LNB design is nice.


-Rob

-----
Rob Warnock <rpw3@xxxxxxxx>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607

.

Loading