# [Cryptography] The ultimate random source

Joseph Ashwood ashwood at msn.com
Thu Feb 13 23:08:56 EST 2014

```From: Phillip Hallam-Baker
Sent: Friday, February 07, 2014 8:14 AM
Subject: [Cryptography] The ultimate random source

> I have a solution to the random number generator problem that can be built
> for about \$50 and is completely verifiable.
> [shake a flask of candy, take a picture]

I'm not confident it will have as much entropy as you think. The design is a
fairly basic modification of the lavarand design. Just as with lavarand the
actual entropy comes form the entropy in the movement source (the heating
coil in lavarand, the shaking in this design). So the total entropy in the
random source at any given time will be a function largely of the
variability of the arm motions, along with sensor noise (I'll get there).
This will certainly have a fairly significant amount of entropy but I doubt
the average person's vigorous arm movements will collect 256-bits quickly
enough.

Of more interest to me is the sensor noise. With sensors of any kind as you
push the limit of the sensor there is noise of various kinds. In the case of
a webcam sensor on the flask the primary noise will be diode over-power
noise from the shiny white areas. You'll also find some noise that will
appear because the temperature of the sensor will change over time creating
heat noise in the system. With proper sampling the heat noise and sensor
overpower noise should be sufficient to provide reasonable amounts of
entropy.

Maximizing this entropy requires the user of incandescent lights, and shiny
candy. The incandescent lights have their own noise pattern which will be
echoed in the shiny candy, and the flask, as well as the heat from the
light, especially if the light is close to the webcam, will induce heat
noise in the webcam.

Will these be sufficient? Honestly it depends on the webcam. Using the cheap
webcam that is in your laptop, phone, tablet will almost certainly not be
enough. You need to have enough precision to actually collect the noise, so
you'll be looking for at least 10 stops (10 bits per color) in the camera.
These are not that difficult to find, but are notably more expensive than
the really, really cheap cameras generally used.

As an example of just how bad it can be, even with a camera that is vastly
better than the one in your laptop/phone/tablet the GoPro Hero3 Black has a
significant amount of apparent noise in the image. This noise is almost
exclusively deterministic and can be virtually eliminated with simple
post-processing. So the 1/2.3" sensor in the Hero3 Black is just not enough
sensor. At the other extreme, fighting the sensor noise in the Red Scarlet
Dragon can be a nightmare if you want the maximum sensitivity, same with the
BlackMagic Pocket Cinema Camera, these both have large amounts of apparently
non-deterministic components to their noise, but it is worth noting that the
Dragon sensor has 20 stops (basically 16-bits per color) while the
BlackMagic has 13 stops (slightly over 10-bits per color). In both of these
cases though the noise is a tiny fraction of a bit per sensor site.

The next big problem you will find is that modern sensors use a Bayer
pattern (some use a modified, but fundamentally the same here), this is a
system where a given sensor node will have a red, green, or blue filter, but
to count the resolution of the device you actually count all the sensor
nodes. So for example a 2048x2048 sensor will likely have 1024 red and 1024
green on a single row, the next row will have 1024 green and 1024 blue
sensors, alternating in both cases. The debayering process is used to
calculate the approximate color at each of these sensor nodes. The process
itself is quite complex. The result though is that to acquire maximum
entropy will require getting the pure RAW data. This actually eliminates all
cheap cameras, they all have built in debayering. Moving to more powerful
sensors it actually eliminates using the Red cameras as well, they
exclusively use a lossy compression based on wavelets which works very well
at reducing and virtually eliminating the noise, normally a good thing, but
we want the noise. That pretty much leaves only the CinemaDNG cameras, at
this point that is largely just the BlackMagic cameras. If you were to build
your own camera there are a wide range of sensors available, and the RAW
data could be easily fed completely uncompressed into the hash function.

I know you thought you found one that is simple, and assuming the color
blocks are big enough and that the rearrangement of candy is good enough,
yes it is, but I don't have any evidence that either is genuinely true. It
will take a detailed analysis of the entropy sources, and the harvest engine
to determine.
Joe

```