Fluid random number generator



  • I have a perhaps silly idea for a spare webcam I own, and I thought I'd see what TDWTF has to say.

    I'd like to make a hardware random number generator with it.

    My plan is to get a bucket or bin, and a collection of floating, multi-colored beads (say, some 50 of them). I would install some baffles in the bucket, and a small motor to cause the water to flow. The baffles, hopefully, would cause chaotic turbulence, and make the bead movements unpredictable.

    I would take this data and stream it into a hash function, using a sensible buffer size. Then I'd store it in a buffer, and serve it up via a web-app to all my virtual machine clients, some 128kB at a time.

    I'm sure the numbers will be unpredictable "long term", say, if I took a frame every 30 seconds. But how fast can I capture data and still maintain unpredictability?

    Does this seem even remotely plausible? Assuming you made it yourself, would you trust it for encryption?


  • Notification Spam Recipient

    Trust? Maybe. But it sounds so ridiculous I kinda want to see it in action as a modern-day Rube Goldberg machine.
    For some reason, there seems to be a somewhat luddite-esque attitude to using technology in those style of setups...


  • Considered Harmful

    @Captain said:

    Does this seem even remotely plausible? Assuming you made it yourself, would you trust it for encryption?

    To the first, yes.
    To the second, once it passed some really hard tests I'd use it as one of more than one entropy sources, I guess. But those tests are hard.



  • The noise generated by a webcam with each frame alone would most likely be enough for a decent RNG.

    Also, there are far easier RNGs to make that use quantum physics for something that, quite literally, could never be predicted. I'd trust those far more quickly, based on the mantra "don't roll your own crypto" - other people already use these sources for RNGs, so it's been more thoroughly explored than something new(er) (and with that, it's probably safer).



  • Your idea fits in to one of the paragraphs in the Wikipedia article @rc4 linked:

    Some have suggested using digital cameras, such as webcams, to photograph chaotic macroscopic phenomena. A group at Silicon Graphics imaged Lava lamps to generate random numbers (U.S. Patent 5,732,138). One problem was determining whether the chaotic shapes generated were actually random — the team decided that they are in properly operating Lava lamps. Other chaotic scenes could be employed, such as the motion of streamers in a fan air stream or, probably, bubbles in a fish tank (fish optional)....

    Emphasis added. I would also draw your attention to this statement in the previous sentence, which would also apply to your device:

    One problem was determining whether the chaotic shapes generated were actually random

    @rc4 said:

    Also, there are far easier RNGs to make
    Also yes (but I'm too lazy to find the image macro).



  • @HardwareGeek said:

    ...in properly operating Lava lamps.

    Grasshopper: Master, how does one tell the difference between a properly operating lava lamp and one that is not?

    Master: Well, Grasshopper, a lava lamp that does not operate properly is found to be non-random when tested with a randomness test.

    Grasshopper: But, then, Master, how do we know the randomness test works? What if the randomness test is broken?

    Master: We know the randomness test is not broken because it finds properly working lava lamps to be random.

    Grasshopper: Master, your circular logic continues to confound me.

    (Sorry..it's late.)


  • :belt_onion:

    StackOverflowException parsing logic


  • Considered Harmful

    There's some pretty good approaches to detecting those sort of circularities, you might want to check out.



  • @Gribnit said:

    There's some pretty good approaches to detecting those sort of circularities, you might want to check out.

    Hopefully they're not referenced with std::shared_ptr.


  • Notification Spam Recipient

    Two questions.

    1: Will it have multi coloured balls?
    2: Can I invest in your kickstarter?

    Have you looked at this http://www.instructables.com/id/Arduino-True-Random-Number-Generator/



  • @Captain said:

    I'm sure the numbers will be unpredictable "long term", say, if I took a frame every 30 seconds. But how fast can I capture data and still maintain unpredictability?

    If you decide to take a bit of a theoretic route, you can probably relate the Reynolds number of your flow to something that describes how much initially adjacent trajectories tend to diverge (IIRC the Lyapunov coefficient does this). A quick Google shows that people have of course already done that (example).

    From this you decide how long it will take the two adjacent particles to tend to diverge sufficiently for the results to be largely unpredictable.

    (And after this you realize that the real world likes a word with you, and stuff like surface tension will make your beads stick together etc etc. Nevertheless, it's a cool idea.)

    Does this seem even remotely plausible? Assuming you made it yourself, would you trust it for encryption?

    Probably and no.



  • Attacking a RNG is very difficult in practice, even if it's "vulnerable". You need to predict its outputs. If you know the exact deterministic algorithm, you can maybe try to brute-force the seed, but if you're using a method like this you'd have to find some hidden statistical pattern (e.g. maybe red beads are more likely to float to the top after the blue beads do and this makes it slightly more likely for a 1111 string to come after a 0000).

    There are tests that can find a lot of such patterns, so if it passes those, chances are virtually no one will be able to attack it without many hours of mathematical study, and that's assuming they know the method you're using AND that method is indeed vulnerable.

    Still, I don't see any reason to use this other than for entertainment or research purposes. If you want random numbers, there are dozens of other, better tested methods to generate random numbers: electrical circuit noise, ambient pressure changes, lava lamps, radiation decay (just stick a Geiger counters next to a radiation source and you have perfect randomness). You can find open designs and commercial projects. Not to mention every modern Intel CPU has a built-in one (although of course that one's backdoored).



  • Your logic is approved for Discourse design decisions!

    Someone ship this being to the disco-team!



    1. Yes
    2. Yes

    I don't want an electronic device. I want to make an art that could be useful. 😄



  • @izzion said:

    Your logic is approved for Discourse design decisions!

    Someone ship this being to the disco-team!

    That would be by orders of magnitude better than feeding half-rotten rainbow trout to clowns.

    Edit: which would make a decent random number generator by itself, too.

    and fridge art, too (warning already delivered) http://selkiecomic.com/comic/selkie24/ , http://selkiecomic.com/comic/selkie96/



  • @Captain said:

    Does this seem even remotely plausible? Assuming you made it yourself, would you trust it for encryption?

    One way to find out - make one and test the output stream for randomness.


  • 🚽 Regular

    Why not just put it in a light-shielded box and just use a bit of Radium to give you randomness via decay? It's less mechanically complicated and it seems like it would be a better source of randomness?

    Edit: Just tried it. You get this, nice little white blobs. The intensity is also variable as well as the position.



  • @PWolff said:

    feeding clowns with half-rotten rainbow trout to clowns.

    That seems like a rather random thing to say.


  • Considered Harmful

    Someone could easily (*) interfere with that by introducing a stronger source.



  • Thanks. Corrected. I'm rather sure I deleted that before I submitted the post...

    (The Discourse Experience didn't speed up the last hours.)


  • 🚽 Regular

    I think that would be OK because all radioactive decay is a stochastic process. @Rhywden might be able to confirm?


  • BINNED

    I have only one question: will you stream it? 😛


  • Notification Spam Recipient

    So what we need is

    1: a quiet kitchen aid with see through bowel
    2: multi coloured balls
    3: spare camera to record balls swirling.
    4. spare laptop to stream and calculate number
    5. ?
    6. profit



  • @DogsB said:

    see through bowel

    I hope you keep your pants on at all times.


  • BINNED

    @DogsB said:

    multi coloured balls

    @Maciejasjmj said:

    I hope you keep your pants on at all times.

    Agreed



  • Why did you doooooooooooooooooooooo that?!



  • @aliceif said:

    Why did you doooooooooooooooooooooo that?!

    Why did I do what? Feeding rainbow trouts to clowns? Well, why not, what's wrong with a bit clown barf?



  • @Cursorkeys said:

    I think that would be OK because all radioactive decay is a stochastic process. @Rhywden might be able to confirm?

    Depends on the strength of the source. A Geiger counter (or anything else which detects ionization) has a minimal dead time between signals due to its function principle so you could indeed "drown" the signal. Would be trivial to detect that, however. Anything below that threshold would still be random.



  • @Rhywden said:

    Anything below that threshold would still be random.

    You still have to be careful what you are measuring. For example, if you measure the time between detection events and call a case where the time between the first and second event is less than the time between the second and third event a one and if it's greater, a zero - then you will end up with a tendency to produce alternate bits rather than pure randomness. If you compare the time between tick one and two to the time between tick three and four, then you get much more random data.

    Same problem with comparing to a threshold - if the time between two ticks is over the threshold time it's a one and under is a zero. This will tend toward alternation and will give you a number stream that trends lower over time as your source is depleted.



  • You distracted me from getting stuff done by posting links ...



  • @aliceif said:

    You distracted me from getting stuff done by posting links ...

    YMBNH

    Edit: You didn't know abandoned little amphibian girl Selkie? I hope you enjoy that comic too!



  • @Jaime said:

    For example, if you measure the time between detection events and call a case where the time between the first and second event is less than the time between the second and third event a one and if it's greater, a zero - then you will end up with a tendency to produce alternate bits rather than pure randomness.

    That one you'll have to explain. Because this statement of yours says that decay processes are not random. In essence, you're postulating that the decay of particle 1 and particle 2 somehow influences particle 3.

    And the part about something being "more random" is also of dubious quality.



  • @Rhywden said:

    Because this statement of yours says that decay processes are not random

    They can be damn well random, just not independent. (Which means Poisson distribution for the number of events within a fixed time interval, and an exponential distribution for the time span between two consecutive events (or any fixed number of intervals between two events).)

    I'd like to know the explanation too, nevertheless.



  • But decay processes are independent.



  • Complete my statement by putting

    Provided Jaime's statement is true,

    before it.

    @Rhywden said:

    But decay processes are independent.

    For very low decay rates. Fission bombs and reactors otoh...



  • @PWolff said:

    For very low decay rates. Fission bombs and reactors otoh...

    Should still be random - you cannot predict in which direction the neutrons will charge (pardon the pun) and thus not predict when/if they'll smash another atom / run into a moderator / crash into the shielding / fly off into the wild beyond.



  • @Rhywden said:

    random

    Sure they're random. By no means independent anymore, though.



  • I think that's where the border between dependent and independent becomes blurred, rather.

    I mean, sure, the neutron smashing the atom has to come from somewhere. But it's a random neutron (could be from a direct neighbour, could be from the other side of the object).


  • Considered Harmful



  • It's supposed to be art, so I wouldn't be against it, except that streaming the secret kind of defeats the point of having a secret.



  • @Rhywden said:

    That one you'll have to explain.

    Go to this page. Scroll down until you see this picture:

    They explain why measuring the center delay instead of the one marked in blue will introduce non-randomness. The actual decay is random, but you get alternating biased-high and biased-low values.



  • If the count is Poisson, the waiting time is exponential. What you're suggesting must be an artifact of binning (a serious problem, to be sure).



  • Imagine we were measuring the duration of the first and second valleys. If the second pulse comes later (completely independently of the other two pulses), then it will both make T1 longer and T2 shorter. We've introduced an inter-dependency between the two measurements. By skipping a valley, the two measurements are uncoupled.


  • Considered Harmful

    However, at this point you have another exploitable weakness of your measurement method.



  • Actually, they don't explain that.



  • I just re-read it and I agree with you. I have to find where it is on the site.


  • BINNED

    @Captain said:

    It's supposed to be art, so I wouldn't be against it, except that streaming the secret kind of defeats the point of having a secret.

    Well, that's the real question, isn't it. Are you more interested in showing off something cool or using it as a genuine thing?

    Personally, I'd go for the cool factor, the actual number generation would be a bit clunky and overly complicated just to achieve the effect you could have with a few bucks worth of electronics gear, would it not?



  • I suppose the feed would be a pretty cool source of entropy for other people (i.e., they stick in a large random seed and use my data to mix up their pool). I'm not sure how the networking infrastructure for something like that would work though.



  • @Captain said:

    would install some baffles in the bucket, and a small motor to cause the water to flow

    Interesting. What if you used air to drive the beads? And instead of having them coloured, paint a number on each one. Then air the whole thing on national TV and watch people throw their money away.


  • BINNED

    And you stream it on national television and get even more money from people paying their silly subscriptions?


    Filed under: no, I'm not letting the streaming thing go


Log in to reply