This week I had a chance to add a NeuG, a True Random Number
Generator, to the Free Software Foundation network. The NeuG
exclusively uses free software and was developed in Japan by
NIIBE Yutaka. A random number generator (RNG) is a device used to
generate random numbers for computers. Without getting into a
philosophical argument, we humans tend to take the concept of
entropy (randomness) for granted. If we wish to produce random
data, we simply do so. Computers, on the other hand, do as we
tell them to do. They follow a set of instructions provided by a
programmer and follow each instruction precisely. So there is no
way to ask a computer to give us a random number because we would
have to tell the computer in advance what the number is. There
are some ways around this. For example, we could use a system's
current timestamp as a seed, or starting point, for producing
random-seeming numbers by using an algorithm. This approach will
create the illusion of entropy, but if someone else knows both
the timestamp used for the seed and the algorithm used to
generate the random numbers, the sequence of the random number
generator can be calculated and predicted.
To solve this problem, a True Random Number Generator (TRNG) is
needed. A TRNG takes samples from various sensor data. Then it
either uses the collected samples as a raw source of entropy or
passes the collected sensor data to a final step for
conditioning. The process of conditioning is used to remove
bias (trends in the samples taken from sensor readings) from the
random numbers produced by the TRNG. In general, conditioning is
the process of passing samples collected by the entropy source to
a cryptographic hashing algorithm (a one-way mathematical
function). Thus, the bias is stripped out of the output and true
random numbers can be collected.
At this point, you might ask, "But why are random numbers so
important in the first place?" The most common uses of a TRNG
include generating cryptographic keys, input for a simulation,
and games (including video games and slot machines). If you have
a program that requires non-deterministic data, a TRNG can be
used to provide it. Our use case at the FSF is to generate strong
cryptographic keys. In the age of mass surveillance, the ability
to generate strong keys is increasingly important.
Most RNGs function by taking samples from various sources of
input from analog sensors. A NeuG uses four sensors for
input, and reads them with a STM32F103 microcontroller. These
sensors take input from the voltage reference pin on
the STM32F103 (VRef), a temperature sensor (Temp), and two analog
input pins on the STM32F103 (A0 and A1). These inputs are then
combined into the following pairs: VRef and A0, Temp and A1, VRef
and A1, and Temp and A0. Next, the sensor data is converted into
a digital signal and passed four times through a cyclic
redundancy check (CRC) module. Finally, the data is sent to a
SHA-256 function to condition the output before it is ready for
use via USB.
Overall, the NeuG is easy to set up and install on a network. The
device appears as /dev/ttyACM0 and requires no extra software for
use on GNU/Linux operating systems. In the coming weeks, I will
use a NeuG and am very curious to see how it performs for our use
cases at the FSF. Here's more information about the
NeuG,
including the full source code. To try one out yourself, pick up
a NeuG TRNG from the FSF Shop.