Re: TRNG with 18 Mbit/s using Thermal Noise

David Eather wrote:
I really don't get it. Does anyone realise the difference between "I cobbled this together and it worked (eventually) compared to "I designed this to be stable and reliable over a wide range of component tolerances and conditions"?

I sure realise the difference :-) The TRNG was not meant as an industrial
grade design. The whole point is its speed, obtained from easily avaiable
parts. And it is a complete design, not just the noise source, or a theory
how to build one.

By the way, it worked right away rather than eventually - and I think the
set-up can be reproduced easily.


A while ago I put up two designs for a TRNG using a transistor junction in zenner mode as a noise source, just like most of the circuits here. Circuit technique wise, I used a small amount of feedback to broaden the range of acceptable transistors (or equivalently, to make the circuit less sensitive to component tolerances) while staying clear of instability and I pointed out that because there was capacitor coupling between stages, there would be some level of autocorrelation - which I minimised by making the time constants involved quite large. And I was criticised by a number of members of sci-crypt for such a "poor quality" circuit.

All the circuits posted above use the same capacitor coupling I used and consequently all have the same autocorrelations, but they have failed to mention it or to do anything to minimize it. I surmise that this is the result of not properly designing for cryptographic uses. When an input stream is correlated Von Neuman's method of de-biasing may result in even greater correlations.

Further, most of the circuits use a transistor buffer stage identical to the one I used but without any feedback at all. If my design was subject to horrendous and unacceptable drift and sensitivity to component selection then these designs also suffer - only more so!

There is one circuit that converts the analogue noise signal almost directly to a TTL signal (nice and practical idea, somewhat badly done). As well as autocorrelations, without painful and repeated calibration, or a debasing circuit, it presents a biased bit stream to whatever it is feeding. The problem with that is that the maximum amount of entropy per sample is less than optimum and one way or another your computer will have to waste time fixing it. With debasing from an edge triggered flip-flop, in the long run the number of 1's equals the number of 0's - that is, the entropy per bit approaches one, the optimal value. Since you can generate the noise much faster that you can sample it, this process reduces the demand on the CPU or system's I/O and/or improves the quality of the samples. The "add on" circuit is a single chip costing about $1.

My "favourite" one use an lm336 as a zener diode noise source (something about it being fully "specified"). The problem with this is the lm336 is a low noise voltage reference that can be used *like* a zener diode i.e. as voltage reference in a shunt circuit. It is *not* a zener diode. All the circuitry of the lm336 operates in the low noise forward biased mode rather than the inherently noisy reversed biased breakdown mode of a true zener (see page 10 of http://www.national.com/ds/LM/LM136-2.5.pdf there is no attempt to make or add a zener's noise). The noise specification in the data sheets is the *maximum* noise of the chip (no one deliberately makes a noisy voltage reference). So the circuit only works "as advertised" when the LM336 is out of specification. Since this low noise voltage reference is coupled to a relatively noisy lm386 you can guess where most of the noise for this circuit comes from. Do you think that particular circuit deserves some comment? Perhaps a dis-endorsement since the circuit design and idea behind it are both faulty?

Last comments.
A proper list of these circuits should look like this.

http://world.std.com/~reinhold/waynesrngcomp.gif
Interesting circuit. Uses op-amps rather than transistors. Has a limited frequency range (approx 1.5kHz to 10kHz). Assuming this is feed into a sound card then: The low frequency cut off will make autocorrelation effects more obvious (changing C4 to 2.2uF or a little larger will greatly reduce this). The upper frequency cut off is determined by the lm741 being used as a high gain stage and results in reduced entropy per sample. Changing the 741 to a TL071/TL081 or other higher Gain/BandWidth op amp would fix this (check that Vin Common mode is not exceeded for other op-amps). To drive into a sound card a chip with the drive capacity of the LM386 is not needed. Since you already have a dual polarity power supply then you could replace the '386 with almost any op-amp. Or replace both the 741 and 386 with a dual op-amp such as the TL072 etc. The variable resistor (VR1) is a point of failure. After the device is set up, it should be replaced by appropriate fixed resistors. May need care when selecting transistors.

http://www.maxim-ic.com/appnotes.cfm/appnote_number/3469
This is an Radio frequency noise source. The output of this source is about -50dbm which is approximately the starting point of the other designs. Also the graphs and circuit diagrams do not match. The circuit diagram shows the amplifier feeding via a 470pF capacitor into a 50 ohm load (according to the text). This produces a lower frequency cut of 6.7MHz which is not matched by the graph.

http://willware.net/hw-rng.html
This is a fragment of a circuit. May need care when selecting the transistors. You will have to design your own circuity for interfacing to anything. Speaks of using a micro-controller to interface to RS-232. That's already been done with a PICAXE chip ($5 for the chip, otherwise completely free - free software, needs no programmer, 9600 baud)

http://www.cryogenius.com/hardware/rng/
Two circuits. One uses a micro-controller. Same noise circuit as before for the same problems, common to both circuits. Autocorrelations and needs some care in selecting transistors Q1, Q2. Same fixes as before - increase the size of the relevant capacitor in this case C1. The positive end of R3 is incorrectly connected to the plus 12 volt rail. While probably not destructive (if the transistor fails +6v will be applied to the micro-controller input), many possible combinations of parts R2, Q3, R3, R4 and 74LS14 (or micro-controller) may not clock properly - the negative voltage threshold of the 74LS14 is .5 to 1 volt (NSD data ***). Fixing R3 to the 5 volt supply rather than 12 volt, deleting R2 and R4, plus adding an appropriate collector feedback bias resistor(Rfb = .5/.00081 * Hfe) will fix those problems.

http://www.cryogenius.com/hardware/isarng/
Same noise circuits and micro-controller again but fitted to an ISA card. The ISA card interface is nice and well done.

http://electronicdesign.com/Files/29/6356/Figure_01.gif
An RF design. Low level output. Exactly the same comments as the Maxim design.

http://www.av8n.com/turbid/paper/turbid.htm
Has excellent information, but no circuit designs. I am unconvinced about how entropy in correlated data is accounted for. The comment that a sound card has no memory is untrue. Both the sound card and a capacitively coupled noise source store the integral of the previous signal and subtracts that from current signal. Is it enough to be important? I don't know. I only know that it is there.

http://www.ciphersbyritter.com/NOISE/NOISRC.HTM
No. I have mentioned the problems earlier.


Thanks for this extensive list of references, many of which are new to me.
I had searched the web for TRNG designs earlier and also before making my
post. I could not find any non-industrial design that provides comparable
speed. From the commercially available ones, the fastest I found is a PCI
card with four quantum optical modules that generates 16 Mbit/s. So I
thought publishing my design was worthwile - for those who like to build
things themselves. Note that I am not trying to sell my design, and also
do not recommend it for industrial applications...

Joachim
.