The Development Of A Hardware Random Number Generator


[Ian] had a need for a lot of random numbers. There are dozens of commercial offerings when it comes to RNGs, but there are also hundreds of different ways for an electronics hobbyist to shoot random bits at a serial port. One of these methods is an RNG based on the avalanche breakdown noise in a PN junction. As with any circuit in hobbyist electronics, there are dozens of prototypes floating out there on the web, but not too many finished projects. [Ian] decided he would build one of these RNGs as a prototype and bring it to something resembling a finished project.

An avalanche noise RNG takes advantage of the fact that a strongly reverse-biased PN junction, like one found in a transistor, will create a condition where one electron knocks another electron out of place, leading to a sustained chain reaction. It’s quantum, it’s chaotic, it makes for a great source for a random number generator, and there are already dozens of prototype circuits around the Internet.

[Ian] took one of these circuit designs by [Will Ware] and started the iterations that would lead to a finished design. Round one was a simple PCB with the basic circuit and a power supply. Just a few transistors, resistors, and a DC/DC boost converter. Confirming the circuit was generating noise, the next iteration brought in an ADC and an ARM micro with a USB interface. Iterating over this again with an improved ADC – 20 megasamples per second – the design finally reached a point where a final PCB could be designed.

In the end, [Ian] turned a simple circuit that could have been built on a breadboard into a USB device that throws 9kB/s of random data into a computer. The data are actually good, too: the project passed most of the Dieharder test suite, making it very useful for whatever crypto or gaming application [Ian] has in mind.


  1. Dajgoro says:

    I built a random number generator in a different way using only discrete logic gates, take a look:

  2. S says:

    Schneier’s Law also applies to secure RNGs.

    • arachnidster says:

      I’m not so sure it does. He’s building a device based on well-known physical principles; this is more or less akin to implementing a public key cipher or other crypto primitive with strong mathematical proof of correctness.

      • Ian Kilgore says:

        It definitely does. I point out a few weaknesses in the article. And a few of the links have much more considered analyses. I’ve said that I don’t think anyone should use this (or any similar device), nor does anyone really need to. It’s an exercise. The editor has made it seem like I really intended this to be used.

        • Ian Kilgore says:

          The same principle would apply if I were implementing even a well-known cryptographic algorithm, by the way. There are so many seemingly-ancillary implementation details that can be screwed up (and have, even by the people who are supposed to be doing these things!) in subtle ways that drastically compromise security. Even if the mathematics are correct.

      • Truth says:

        Component aging, bias drift, thermal drift, AC leakage, no EM shielding. There are loads of ways that TRNG’s from a quantum/non-quantum source are exactly the same as Schneier’s Law. The core might be solid, but there are subtleties that can be missed.

  3. onebiozz says:

    i have used the 2 transistor method similarly in the past … but i added a Dflipflop to the end thats reset with a clock pulse thats adjusted for the most entropy

  4. Mike Lu says:

    What about take some LSBs from the ADC, append them to the previous random number “block” (or more LSBs on the first start), and then use a cryptographic hash to derive the next random number block?

    • arachnidster says:

      What you’re describing is a hash-based cryptographically secure PRNG. They’re useful primitives in crypto, but this device generates truly random numbers, without relying on the security of any crypto primitive.

  5. Hattori Hanzo says:

    I do not agree with the sentiment that this would be a good hardware RNG to use based on it passing the dieharder suite. Those are rather basic tests you can pass with PRNGs and randomness sources with rather low entropy.

    This might be a good hardware RNG, but not for the reasons given here.

    • Ian Kilgore says:

      You’re right (except about it being a good hardware RNG :), “the data are [...] good” is the editor’s assertion, not mine. In the article the only claim I make about the security of this device is that nobody should use it. This device (and the other several dozen like it on the internet) suffers from a few critical weaknesses.

      • Hattori Hanzo says:

        I’ve now actually read the article and I think you did assess the fitness for cryptographic applications correctly ;)

        But what’s up with HaD editors then? It seems the quality of their work has gone down since there’s so many and they get paid.
        Don’t forget the actual core of the site over product development and PR-stunts.

  6. Trui says:

    Like many similar projects, this design is at an awkward point, where it’s not yet good enough to thwart attack by a skilled and determined adversary. On the other hand, it’s complete overkill for a casual hacker.

  7. euler357 says:

    There are several other projects that do this: Entropy Key, TrueRNG, etc.

    These can really help to eliminate delays due to waiting on the Linux entropy pool to refill without compromising security like some software solutions do (feeding the pool with pseudo-random numbers to reduce Linux desktop/server lag).

  8. Malcolm says:

    You can also use the ANU quantum vacuum fluctuation random number generator.

    • Truth says:

      The numbers are random, but having to transfer them across the Internet to use them is a problem for anything security related. But still great for things like Monte Carlo Simulation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 97,511 other followers