True Random Number Generators, based on electronic noise: RAND232 & R232light
ABSTRACT
Today's computers very often act strange... yet they are deterministic systems and by that they are unable to produce real random events based on any program or math algorithm. To feed some delicate applications on statistics, simulation or cryptography with kilo- or even megabytes of real randomness, the use of an external entropy source is inevitable.
Such TRNGs / HRNGs (true/hardware random number generators) utilize physical effects of prooven randomness like radioactive decay, quantum-optics, thermal noise or even the intrinsic noise effects produced by semiconductors under certain conditions.
One viable approach to gain some randomly distributed data bits is to amplify and digitize the noise of a zener-diode. Almost any plug-and-play random number generator to be advertized on the net for unconscionable pay works exactly like that. It seems to me that none of these circuit's concepts takes reasonably enough efford in stability and electromagnetic shielding at all!
 | Fig.1: WHITE NOISE, simplified scheme Operating a zenerdiode close to the bottom of its plateau-voltage causes an inconstant current just about some µA. Due to quantum-physical effects in the PN-transition zone (tunnel/avalance), the sum signal is an analog noise of valueable random properties. In general, the "white noise" is defined as an area of constant energy within the noise spectrum. While sampling and digitizing takes place within the "white" frequency area, random values of highest entropy can be harvested. |
RAND-232
Here is my version of a serial interfaced TRNG; aiming at long-term stability and best resistance against possible interference. It delivers highly balanced random bits (+/- 0.01%), which are directly suitable for many interesting applications.Project cost: About 20 € with new components.
Fig.2: RAND-232 The "RAND-232" utilizes electronic noise to generate several kBytes of random data per second. PC's remote access takes place over some opto-isolated RS232 lines to block |  |
REMARKS
A low power Zener-diode (9V6, 1/4W) is operated with a high impedance voltage, adjusted slightly below the zener plateau. The resulting broadband noise rises from some Hertz up to several hundreds of kHz. DC-offset is removed simply by a capacitor. The desired noise spectrum gets amplified and digitized by a fast comparator. Polling its digital output (with a sampling rate not exceeding the white frequency spectrum) would already deliver some random bits of high entropy; yet these bits were most likely biased. This means, the number of ones and zeroes is not equally distributed.Even a small bias of just one percent cannot be tolerated for serious applications. That's why most primitive RNGs strictly recommend a post-balancing procedure performed by software. From an accurate point of view this is not acceptable, since all programming stuff can be corrupted much easier than a hardware solution. Thus an ideal TRNG has to deliver unbiased random bits by hardware!
On my RAND-232 concept the problem of thermal drifting was minimized at first by a generous voltage stabilization for the whole noisediode/amplifier/comparator stuff. Second, there is a digital balancing performed by a simple T-Flipflop! Just to remember: Frequency division of any periodical signal "by 2" will always give us an output signal with exactly 50% duty cycle in average. This works even fine on the digital broadband noise coming from the comparator, which can be seen as a mixture of many (infinite) different frequencies. By that, the whole balancing problem is solved with one system of a standard 74LS74TTL-chip!
The second system of the 74LS74 is wired as a D-FF to take probes out of the asynchronous balanced bitstream by request of the computer (digital sample-and-hold). Any time, the computer sends a sampling pulse, actually one bit is taken out of the stream and stabilized for reading access 'til the next sampling pulse arrives. Sampling random bits this way is less time-critical than sampling directly from the balancing-flipflop's output. Speed adjustment of the software has just to ensure that the white noise upper-bound frequency will not be exceed ("oversampling" worses entropy).
The PC's remote access is performed over three optocouplers to protect the TRNG from electromagnetic influences coming through the serial interface cable. Additional shielding against radio interference could be usefull in some environment. (Refer to the circuit plan included in RAND-232.ZIP for details!)
Remark concerning the optocouplers:
Instead of IL74 many other compatible optocouplers like CNY17-I or 4N25 are suitable, too!
Added 4/2002: R232"LIGHT"
 | Fig.3: Prototype of R232light "The same protocol as last year" but a slightly different philosophy: While RAND-232 was tuned for stability, that small module shown here is merely intended as a cheap "plug and play" device, powered directly by the RS232 port. |
SOFTWARE
Even those programming examples published once besides the RAND-232 circuit in german FUNKAMATEUR (issue 12/2001), will do fine with R232-light as well, but kindly have a look at my new RAND232-Tool !It compiles to RAND232.EXE which offers some basic feeling of comfort... Serial port is autodetected now and sampling rate is dynamically adjusted to the programmes momentaneous performance.
Due to these sensational improvements, random files of very high entropy can be generated carelessly even as a background process inside the "DOS-Box" within Windows - finally! There is one graphical and one statistical mode available to check if the TRNG works properly.
For more sophisticated tests on any large random number file, I suggest the RNG-Tester that can be downloaded freely at the University of Geneve.
original document 12/2001, rev.12/2002, rev.01/2004