TRNGs – True Random Number Generators
There are Random Numbers, and then there are Random Numbers. And in the world of computers (and the internet) we get random numbers by generating them. And we use them a lot! In particular we need and use random numbers to encrypt data that flies back and forth across the internet (like passwords, credit card numbers, etc.). In the world of Random Numbers there is also a notion of “TRUE Random Numbers.” Interested? Then…
Lock The Gates!
There are essentially 3 ways to generate random numbers. By using a:
- PRNG, (Pseudo-random Number Generator)
- CSPRNG (cryptographically secure pseudo-random number generator)
- TRNG (TRUE Random Number Generator)
A PRNG is a Pseudo-random number generator. For most of us our exposure to a PRNG is via one of the many RAND() or RANDOM() functions/classes that are part and parcel of virtually all programming languages like C, VB, Python, and so on. Here are some good treatments of Pseudo-random number generators (PRNGs)… They are not rocket surgery but they are well worth reading:
A CSPRNG is a cryptographically secure pseudo-random number generator (CSPRNG) or cryptographic pseudo-random number generator (CPRNG). They have properties that make them suitable for use in cryptography.
Both PRNGs and CSPRNGs have their benefits, but they have some drawbacks. In particular, they are NOT provably secure and may have backdoors and/or flaws that make their use for encryption “suspect.”
and LOTs of good stuff here:
And that finally brings us to TRNGs
which is the subject of this Post and the associated C# program (project). Read some good stuff here before we start:
So what is “True” random data good for? For one thing it’s what we would use for 100% security in encrypting data. That is,
we use “True” random data as the key of a OTP (One-Time Pad).
Read about One-Time Pads (OTP) here:
A TRNG is (always? generally?) based on physical phenomena like radioactive decay, rolling dice, flipping coins, and other stuff like “noise” from diodes. For my hobby experiment/project I chose to
Use Radio Static as the basis of a TRUE Random Number Generator
(I am not the only one).
I connected an FM radio to a microphone (connected to my computer) and tuned the radio to an unused frequency in order to get static. I could then write a program to “read” the microphone. But I found an easier way… MUCH EASIER for a variety of reasons.
Radio–>Mic –> computer/AUDACITY –> WAV file –> C# pgm–> “True Random Data”
What I did was to run the AUDACITY audio application (originally from Google). It’s a fabulous product. Look here:
I had Audacity record the radio’s static noise from the microphone and save it to a WAV file. Then my program (in C#) could read the WAV file and use the least significant bytes (LSBs) of the audio samples as my data. Note that processing a WAV file is more complicated than one might suppose at first glance. Anywho…
The theory is that the radio Static/Noise is random and that this randomness is carried forward to the LSB (least significant BYTE) of the corresponding audio sampling data of the resulting WAV file.
It’s important to note that by working from the WAV file it was tremendously easier to test and debug the program since tests were repeatable. And I could test with and compare various sources… Not just radio static. I could EASILY use Blondie or Dylan songs too!
Also, I had this notion that I could further ensure randomness of the data by constructing bytes of data by using ONLY the LEAST SIGNIFICANT BITs of the bytes of 8 audio samples. I.e. Read 8 audio samples and use the 8 LSBits to construct 1 byte of TRNG data. Then rinse and repeat.
It turns out that this “LS-Bit” technique does make a difference when using some “songs” as the data source but does NOT make a difference if using WAV files of “radio static” as the source. This gives us additional confidence as to the randomness of the “radio static.”
The end result of all this is that, for what it’s worth, I now have a homemade True Random Number Generator (TRNG) that can produce TRUE RANDOM DATA for a OTP that I can then use to encrypt data that can NOT be defeated… for what it’s worth.
Here are a couple of screen prints of the C# program… It’s pretty simple.
The following shows the DETAILS of the BYTES constructed from the LSBits in the audio samples (Show Final Stats ONLY is unchecked). Results are shown for both left and right audio channels.
The next example shows the SUMMARY results for 100,000 byte pairs of constructed data. Show Final Stats ONLY is checked so only summary counts are shown for each of the 256 possible byte values for left and right audio channels. 100,000 byte pairs of constructed data from the LSBits means that 800,000 stereo audio samples were read from the WAV file (fmradio.wav).
If you are interested in the C# program source (Visual Studio project) then just leave a comment and I will post it.
Open The Gates!