New Method for Random Number Generation Developed

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

WiFi

[hey]

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Re:Hardware?

[eldavojohn]

TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

My guess would be custom though not completely different from everyday stuff. I was familiar with "metastability" from my college courses where it was mentioned as a classic problem in electronics [wikipedia.org]. I suppose there could be a way to harvest this data from hardware before it gets corrected. I never thought of this before but if you had a long length of optical fiber cable (longer than what it's rated for use) then you could send messages through that and collect them on the other end. I mean, we implement parity to remove these random flips of bits through transmission, couldn't we also use this to increase randomness of random numbers? I think I've read of the network guys fighting metastability [acm.org] so their incorrectly implemented hardware could probably be exploited as sources of random bits.

Metastable Flip flops still have bias

[wiredlogic]

There is no way they can prove that these flip flops don't have bias one way or the other. Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations. This makes it impossible to create a perfect Gaussian metastability function or to place a device at the apex of that function such that the probability is 50/50 of switching to 1 or 0. Hence, you will not achieve truly random results. Metastability is also affected by the power supply voltage and current. A cryptographic device employing this technique could be subject to attack by lowering or modulating the power supply in such a way as to create predictable "random" numbers. i.e. make sure all the flip-flops transition to 1 or 0.

Taken to the next level:

[jwietelmann]

Here [gamesbyemail.com] is a slightly-absurd-but-awesomme dice rolling machine.

Ratio sensitivity

[overshoot]

Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations.

That's one problem it won't have, since the initial condition is at the balance point of P vs. N. The bias would show up in the curvature of the gain function around the bias point. It's not a large bias, and it's likely to vary from one device to the next -- so the prudent designer would have to correct for each bit's history. Still, thermal noise is easier to work with than radioactive decay.

Re:What is "more random"?

[ticklemeozmo]

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Nothing can be ever be considered random. If it is, it's just in a state of "we just don't have a means of measuring it's next value."

You can call me guessing a "number between 1 and 10" random, but that's just because you don't know my method of choosing. If you did, it wouldn't be random at all. If you knew the order of the deck of cards, and precisely each transition of the shuffle, then the next card could easily be predicted. Since you don't have that power, it's considered "random".

Same thing with network traffic, moving the mouse or memory contents; if you had a way to quickly and accurately measure all the inputs and knew it's method of generation, you could very easily guess the outputs. In all these cases, "random" only means "you cannot guess the outcome with any statistical significance."

Re:This is a random comment.

[SilverHatHacker]

Humans tend to define 'random' as being evenly distributed, to the point that if you ask a group of twenty people or so to space themselves randomly around a room, they will end up the same distance away from each other. It's probably more likely for the elements in a true random sequence to be similar to each other than for them to be evenly divided.

Re:Or just flip a coin

[RAMMS+EIN]

Actually, I've heard on the radio that some researchers (didn't catch their names) have recently demonstrated that the probability of the coin landing with in the same orientation it started with is slightly higher than the probability of landing the other way. And you can train yourself to influence the probability. So 50/50 ... probably close, but not necessarily, and definitely not for every coin and every person.

Re:This is a random comment.

[Kozz]

Indeed. I listened to a podcast a while back in which Robert Krulwich (RadioLab?) discussed randomness with a researcher and how we think about randomness.

A scientist he interviewed stated that she assigned tasks to several different teams. For one team, she instructed them to flip a coin some fixed number of times (perhaps 100) and to then report the sequence of heads and tails (H H T H T T H T T T etc). For the second team, she instructed them to NOT flip a coin, but to simply write down a sequence that they think might be produced by the flipping of the coin. The teams each present their report, and she is not told which list was generated by which means.

However, she said it was easy to spot the "human" generated list, because it rarely contained a sequence of more than a few sequential entries of H H H H, for example. Whereas the truly random list might have even up to NINE sequential heads or tails. The average human just couldn't fathom such a "random" sequence [mathematicians excluded, naturally].

Re:This is a random comment.

[MartinSchou]

Keep in mind that it's possible for a 15-year-old to be a mother, 30-year-old to be a grandmother and a great grandmother at 45.

And since there are women who have given birth at 60 [wikipedia.org], you could technically be a great great grandmother at 60 AND have a kid who is younger.

Tacky, perhaps, but from a biological perspective you've certainly been successful.