Entropy and The Arduino: When Clock Jitter is Useful

What do you do, when you need a random number in your programming? The chances are that you reach for your environment’s function to do the job, usually something like rand() or similar. This returns the required number, and you go happily on your way.

A shift register configured as a pseudo-random number generator.
A shift register configured as a pseudo-random
number generator. [by KCAuXy4p CC0 1.0]
Except of course the reality isn’t quite that simple, and as many of you will know it all comes down to the level of randomness that you require. The simplest way to generate a random number in software is through a pseudo-random number generator, or PRNG. If you prefer to think in hardware terms, the most elementary PRNG is a shift register with a feedback loop from two of its cells through an XOR gate. While it provides a steady stream of bits it suffers from the fatal flaw that the stream is an endlessly repeating sequence rather than truly random. A PRNG is random enough to provide a level of chance in a computer game, but that predictability would make it entirely unsuitable to be used in cryptographic security for a financial transaction.

There is a handy way to deal with the PRNG predictability problem, and it lies in ensuring that its random number generation starts at a random point. Imagine the  shift register in the previous paragraph being initialised with a random number rather than a string of zeros. This random point is referred to as the seed, and if a PRNG algorithm can be started with a seed derived from a truly unpredictable source, then its output becomes no longer predictable.

Selecting Unpredictable Seeds

Computer systems that use a PRNG will therefore often have some form of seed() function alongside their rand() function. Sometimes this will take a number as an argument allowing the user to provide their own random number, at other times they will take a random number from some source of their own. The Sinclair 8-bit home computers for example took their seed from a count of the number of TV frames since switch-on.

The not-very-random result of a thousand analogRead() calls.
The not-very-random result of a thousand analogRead() calls.

The Arduino Uno has a random() function that returns a random number from a PRNG, and as you might expect it also has a randomSeed() function to ensure that the PRNG is seeded with something that will underpin its randomness. All well and good, you might think, but sadly the Atmel processor on which it depends has no hardware entropy source from which to derive that seed. The user is left to search for a random number of their own, and sadly as we were alerted by a Twitter conversation between @scanlime and @cybergibbons, this is the point at which matters start to go awry. The documentation for randomSeed() suggests reading the random noise on an unused pin via analogRead(), and using that figure does not return anything like the required level of entropy. A very quick test using the Arduino Graph example yields a stream of readings from a pin, and aggregating several thousand of them into a spreadsheet shows an extremely narrow distribution. Clearly a better source is called for.

Noisy Hardware or a Jittery Clock

As a slightly old-school electronic engineer, my thoughts turn straight to a piece of hardware. Source a nice and noisy germanium diode, give it a couple of op-amps to amplify and filter the noise before feeding it to that Arduino pin. Maybe you were thinking about radioactive decay and Geiger counters at that point, or even bouncing balls. Unfortunately though, even if they scratch the urge to make an interesting piece of engineering, these pieces of hardware run the risk of becoming overcomplex and perhaps a bit messy.

The significantly more random result of a thousand Arduino Entropy Library calls.
The significantly more random result of a thousand Arduino Entropy Library calls.

The best of the suggestions in the Twitter thread brings us to the Arduino Entropy Library, which uses jitter in the microcontroller clock to generate truly random numbers that can be used as seeds. Lifting code from the library’s random number example gave us a continuous stream of numbers, and taking a thousand of them for the same spreadsheet treatment shows a much more even distribution. The library performs as it should, though it should be noted that it’s not a particularly fast way to generate a random number.

So should you ever need a truly random number in your Arduino sketch rather than one that appears random enough for some purposes, you now know that you can safely disregard the documentation for a random seed and use the entropy library instead. Of course this comes at the expense of adding an extra library to the overhead of your sketch, but if space is at a premium you still have the option of some form of hardware noise generator. Meanwhile perhaps it is time for the Arduino folks to re-appraise their documentation.

The subject of entropy and generating random numbers is one that has appeared on these pages many times. [Voja Antonic] made a in-depth study using uninitialized RAM as an entropy source for microcontrollers. If you have an insatiable appetite for understanding Linux entropy, we point you at [Elliot Williams]’ comprehensive examination of the subject.

[Arduino image: DustyDingo Public domain]

What is Entropy and How Do I Get More of It?

Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of a good PRNG sequence, guessing the next number is nearly impossible. But if you know, or can guess, the seed that started the PRNG off, you know all past and future values nearly instantly; it’s a purely deterministic mathematical function. This shouldn’t be taken as a rant against PRNGs, but merely as a reminder that when you use one, the un-guessability of the numbers that it spits out is only as un-guessable as the seed. And while “un-guessability” isn’t a well-defined mathematical concept, or even a real word, entropy is.

That’s why entropy matters to you. Almost anything that your computer wants to keep secret will require the generation of a secret random number at some point, and any series of “random” numbers that a computer generates will have only as much entropy, and thus un-guessability, as the seed used. So how does a computer, a deterministic machine, harvest entropy for that seed in the first place? And how can you make sure you’ve got enough? And did you know that your Raspberry Pi can be turned into a heavy-duty source of entropy? Read on!

Continue reading “What is Entropy and How Do I Get More of It?”

Follow the Bouncing Ball of Entropy

When [::vtol::] wants to generate random numbers he doesn’t simply type rand() into his Arduino IDE, no, he builds a piece of art. It all starts with a knob, presumably connected to a potentiometer, which sets a frequency. An Arduino UNO takes the reading and generates a tone for an upward-facing speaker. A tiny ball bounces on that speaker where it occasionally collides with a piezoelectric element. The intervals between collisions become our sufficiently random number.

The generated number travels up the Rube Goldberg-esque machine to an LCD mounted at the top where a word, corresponding to our generated number, is displayed. As long as the button is held, a tone will continue to sound and words will be generated so poetry pours forth.

If this take on beat poetry doesn’t suit you, the construction of the Ball-O-Bol has an aesthetic quality that’s eye-catching, whereas projects like his Tape-Head Robot That Listens to the Floor and 8-Bit Digital Photo Gun showed the electronic guts front and center with their own appeal.

Continue reading “Follow the Bouncing Ball of Entropy”

33C3: How Can You Trust Your Random Numbers?

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

mpv-shot0012-zoomCryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.

So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Continue reading “33C3: How Can You Trust Your Random Numbers?”

Modular Drum Machine Creates Random Rhythms

Don’t worry, the rhythms themselves aren’t random! That would hardly make for a useful drum machine. [kbob]’s creation does have the ability to randomly generate functional rhythms, though, and it’s all done on a breadboard.

The core of this tiny drum machine is two Teensy dev boards. One is an FM synth tuned to sound like drums, and the other is a random rhythm generator with several controls. The algorithms are from Mutable Instruments’ open source Eurorack modules. The entire thing fits on a breadboard with JIGMOD modules for the user interface. The machine runs on lithium batteries in the form of USB cell phone chargers. The battery holders were designed in Fusion 360 and 3D printed.

The function of the drum machine is pretty interesting as well. There are a set of triggers tied to the buttons on the machine. When a button is pressed, the drum machine plays that sound at the appropriate time, ensuring there are no offbeat beats. The potentiometers are polled once every millisecond and the program updates the output as required. There’s also a “grid” of rhythms that are controlled with two other knobs (one to map the X coordinate and the other for the Y) and a “chaos” button which adds an element of randomness to this mapping.

The modular nature of this project would make this a great instrument to add to one’s musical repertoire.It’s easily customizable, and could fit in with any of a number of other synthesizer instruments.

Continue reading “Modular Drum Machine Creates Random Rhythms”

True Random Number Generator for a True Hacker

How can you generate random bits? Some people think it’s not easy, others will tell you that it’s pretty damn hard, and then there are those who wonder if it is possible at all. Of course, it is easy to create a very long pseudorandom sequence in software, but even the best PRNG (Pseudorandom Number Generator) needs a good random seed, as we don’t want to get the same sequence each time we switch on the unit, do we? That’s why we need a TRNG (True Random Number Generator), but that requires special hardware.

Some high-end microprocessors are equipped with an internal hardware TRNG, but it is, unfortunately, not true for most low-cost microcontrollers. There are a couple of tricks hackers use to compensate. They usually start the internal free running counter and fetch its contents when some external event occurs (user presses a button, or so). This works, but not without disadvantages. First, there is the danger of “locking” those two events, as a timer period may be some derivative of input scan routine timing. Second, the free running time (between switching on and the moment the unit requests a random number) is often too short, resulting in the seed being too close to the sequence start, and thus predictable. In some cases even, there is no external input before the unit needs a random seed!

Despite what has already been discussed, microcontrollers do have a source of true randomness inside them. While it might not be good enough for crypto applications, it still generates high enough entropy for amusement games, simulations, art gadgets, etc.

Continue reading “True Random Number Generator for a True Hacker”

Powered Double Pendulum is a Chaotic Display

If you’ve never seen a double pendulum before, it’s basically just a pendulum with another pendulum attached to the end. You might not think that’s anything special, but these devices can exhibit extremely chaotic behavior if enough energy is put into the system. The result is often a display that draws attention. [David] wanted to build his own double pendulum display, but he wanted to make it drive itself. The result is a powered double pendulum.

There aren’t many build details here, but the device is simple enough that we can deduce how it works from the demonstration video. It’s broken into two main pieces; the frame and the pendulum. The frame appears to be made mostly from wood. The front plate is made of three layers sandwiched together. A slot is cut out of the middle to allow a rail to slide up and down linearly. The rail is designed in such a way that it fits between the outer layers of the front plate like a track.

The pendulum is attached to the linear rail. The rail moves up and down and puts energy into the pendulum. This causes the pendulum to actually move and generate the chaotic behavior. The rail slides up and down thanks to an electric motor mounted to the base. The mechanics work similar to a piston on a crankshaft. The motor looks as though it is mounted to a wooden bracket that was cut with precision on a laser cutter. The final product works well, though it is a bit noisy. We also wonder if the system would be even more fun to watch if the rotation of the motor had an element of randomness added to it. Or he could always attach a paint sprayer to the end. Continue reading “Powered Double Pendulum is a Chaotic Display”