[Cryptography] Fun with hardware RNGS: the Infinite Noise Multiplier

[Bill Cox]

I'm naming this circuit after my daughter.  We're a whole family of 
severely ADHD people!

I've been trying to crack a simple problem for a few years, thinking 
about it now and then: how do you generate "true" random numbers on an 
analog CMOS process designed to be "quiet"?  In 1998, I built a 
4-megabit/second hardware RNG that destroyed the DieHard tests back then 
(I found bugs in the prof's code, rather than his code finding bugs in 
my hardware).  It relied on zener noise from a breakdown of a Vbe on a 
N2222 transistor.  Every process is different, so I had potentiometers 
for tweaking gains and such.  It was a sweet little board, but not 
mass-production ready.

So, here's my dumb infinite noise multipier.  It's a switched cap 
circuit doing the following steps:

- Start with a voltage V > 0, but < Vref.
- Multiply V by 2X.
- If V > Vref, subtract Vref
- Repeat forever

The RNG output is 1 whenever we have to subtract Vref, and 0 otherwise.  
If there is a tiny bit of noise way down in say the 35th bit position of 
resolution, then about 35 cycles later, that noise will impact the 
output signal.  It really doesn't matter how quite the circuit is.  
Enough cycles later, you're output will be banging around quite 
randomly, kind of like some people I know.

Just some fun for the day... true RNGs in ANY process is now very simple...

Bill