 I'm Mark, I'm going to talk about hardware random number generators and broadly talk about why you might need random numbers, some good sources of them and we'll show you when you can build yourself if you need a source of entropy in your pocket. So that's what is they, why do we need them, where can we find them and they want to build yourself. So very quickly what are they, five is random number, so it's eight. Eight, yeah it could be, who knows, that's the thing, you can't need a big set of them to decide whether they're random. Two or three probably, maybe they're enough, it depends what the application is to a great extent. So the idea is they're unpredictable, unrelated, generally you use a uniform probability or a profile of your choice depending on again the application. And they've got a low auto correlation for offsets greater than one, so if you have a big set of random numbers they'll obviously match themselves to a great extent but they'll match other sets of random numbers to a very little extent, so that's an important property of them, low cross correlation. So here's a graph of the auto correlation of a random series that I picked earlier. So when it's correlated with itself, very big, any other offset with itself, very very small and that is useful in some applications which we'll come to. And there are lots of tests for randomness because as we saw, sometimes you can get two numbers the same, very close to each other, is it still random? Well there are lots of tests you can do to try and convince yourself that you've got some random numbers and I don't intend to go through any of these in fact. Because again it really depends on what your application is. If you're playing Cludo then you probably don't need such a great choice, you can use a mechanical solution. If you're in crypto maybe you need something a bit more reliable. So different properties for different applications, not all random numbers are equal apart from those two we saw earlier. Ok, so some applications of them. And then if you come across Monte Carlo simulations this is a way of doing numerical integration. So if you want to cover the parameter space of a function which could have been infinitely, very large space, or infinitely fine space if you've got as many decimal places as you want. You can use random numbers to sample that and get, sort of start to converge on the real value of the integral. Used a lot in finance and things like that. We have an odd one audio noise makers so you can sometimes find these in alarm clocks. If you want to get to sleep it produces a nice whooshing noise. The sound of the sea or a breeze through the trees. And so again with that you probably don't need a mathematically rigorous random number generator. You just need something that sounds good. Background noise in telephone systems so that you know that the other caller hasn't dropped the line. In older systems the noise came for free but the digital systems there's just no noise. So you can create your own and ruin all that effort in making noise-free amplifiers. Picking premium bomb winters, of course Ernie, a great exhibit at the Science Museum. If you get a chance to do that it just fills a room. But yeah, it's just wonderful to see the original Ernie. It needs to be fair and they need to get their numbers right because they're paying out when they assign winners. So it's worth their while getting that correct. Test equipment, testing frequency response and so on of circuits. CDMA, quite an exciting one. If you have a chance to read about this so you know about it, it's terrific technique for encoding digital signals. All the GPS satellites use it and they encode their low data rate navigational information on top of a very high rate pseudo random sequence. Which lets all the satellites talk on the same frequency and your device can pick them out of the noise because it knows what noise it's looking for. You should think of the autocorrelation graph earlier. There's a very strong autocorrelation with these sequences have a strong autocorrelation with themselves. And so you can use that correlation to pick out the particular satellite you're looking for out of the noise of all the other satellites. And it's also used in DAB transmission. If you have lots of regular patterns in digital data it can mess up the output spectrum of your transmission. You'll get a lot of energy in one particular area. If you mix that with a noise sequence then you know that the statistical properties of that signal have certain statistical properties which aren't affected by the data you're trying to transmit over it. Ironically, the random noise makes the signal more predictable. The most important application is in 1970s sound generators. You'll remember fondly Space Invaders from 1978. And this used a linear feedback shift register from discrete logic to generate noise. There's the shift register, there's a bit of a clock there and something for squirting some ones into it when you first power it up. And that will just sit and generate noise for the system. And then this is the missile sound which uses fully a glow generator to add an envelope to that. We can listen to that now, I think. You can hear that noise generator there. And now you know what it looks like. Great. Oh yeah, cryptography as well. It's quite useful for that. Generating keys, digitalisation pictures, so on. And these numbers, they do need to be unpredictable and used once. Otherwise, you get yourself into, well, it just undermines the security of that system. So some sources of these, so I'll probably go through these fairly quickly, but there's two types. There's a true random number generator which are unpredictable and no matter how much of the sequence you've seen. And then there's two random generators. And these exhibit the same properties to random processes, but they are deterministic, so completely reproducible. Predictably unpredictable. So again, those sequences used for the GPS satellites you need to know. Everyone who's got to receive it needs to know what those sequences are. And so you can tell someone that this is what the generator is. You can still generate that random sequence, but everyone's generating the same one. Is it really random then? So maybe one for the philosophers. Easy to implement in software, very fast, they are periodic. So some of them are quite short, so the spacing values, shift register, probably a similar length to the number of bits in the shift register. The one for the GPS precision code takes about nine months to transmit. So that's a much longer one. This is the kind of thing they look like. This is a functional generator, so it's an iterative function. And by selecting A, X, B and M, you get a different sequence of numbers. It doesn't seem to be a very good idea to pick those numbers at random. They don't tend to get good numbers. You might have short sequences or patterns in there. So one of those things that I certainly would leave to the experts, rather than trying to build my own. Another source, probably more of a hardware source if you want to build something, is the linear feedback shift register. So here's a 16-bit shift register, and we just take some taps at various points, X all them together, stick the output back in the start, and as we shift that along, we get pseudo-random bits out of the end. And that's a nice, simple way of doing it. Again, those sequences are sort of related to the number of bits in there. So maybe 65,000 before it will start repeating the sequence again. Mercen Twister is another one popular. I have no idea how it works. I'm not going to even attempt to describe that one. I opened the book at that page, and it just quietly closed it again. But maybe someone can explain it to me afterwards in the pub. Lipty Curve Generator is including Dual ECDRBG, which of course is famous because it looks like this. So it's quite similar to the congruential generator we just saw. But the exciting thing about this one was that it was claimed that the NSA had compromised this and forced it to be part of a standard suite of random number generators. And apparently if you could see 32 bits of output from this generator, you could then start to predict all the rest of the sequence, which clearly isn't great if you're using it to generate encryption keys and so on. Bruce Schneier, and I'm paraphrasing here because again I copied it out of a book in the library, and I didn't write it down properly, but this is a gist anyway. I'd like to assign something to him that he didn't really say. But these sequences have funny correlations of use in a certain way, and it's these weaknesses that can be used to attack cryptosystems. I've got an example of that here. So this is a very simple example. This is a linear feedback shift register I've got, and it's generating six bit numbers and it's taking pairs of numbers and plotting them in this space. I'll take x and y and plot those, and I think we can actually listen to it as well. And so if we just take pairs of numbers, six bit numbers out of this shift register, you get, it sounds like noise, it looks pretty random. Great, okay, we can use that for whatever you want to do with it. But you can have hidden patterns within there. With that generator, if I take numbers out of it until I get a number less than 10, and then take the next pair of numbers and plot that instead, rather, well, if they're unconditional, we'd expect to see the same pattern. We're just waiting for a 10, and then taking the next pair. And if they're all unrelated and uncorrelated, then we should just see a random pattern. And we don't. It wouldn't be much of a demonstration if we did. You could argue that there's a pattern forming in there. It still sounds pretty noisy, so you can't trust your ears, but there it is. That's the kind of thing that can catch you out. And I definitely think that those pseudo-random generators are best left to the experts because the key is, encryption keys are the weak point to any security system. So, all these pseudo-random generators need a starting state, or seed. And again, this is where people can make mistakes, even with a good generator. So picking seeds like millisecond since EpoC or millisecond since Boot, amazingly seems random, or unpredictable at least, but there's at least two examples I've found. There's a hack and use hack where someone could predict session keys for a hack and use website based on the fact they knew when the server was started. Planet Poker, you know, put a poker site where they found out the seed to the generator and from then on you could predict how the cards would help, which is clearly an advantage when playing poker. So you need a source, a real source of entropy that's unpredictable and that's where these true generators come in. So, lots of sources of randomness in the physical world. Atmospheric noise, so lightning strikes, whatever. Cosmic noise, big bang rows of you, that's exciting. And this is the kind of stuff you used to get if you tune your analog telly between channels, static, off-radios and so on. So that's a great source, but possibly prone to interference, quite literally. You know, it's clearly outside source, so you have to be pretty sure that no one's interfering with that. But a good source, unless you can guarantee its ability. But as you've seen, something can sound perfectly hissy, not look perfectly random, but there are hidden correlations in there that they might be trying to fool you. Thermal noise, so, for instance, carbon resistors are pretty noisy. If you build an amplifier out of carbon resistors, or in fact, only an amplifier in the early 80s, just hissed, when you send it up, it hissed and that's a nice source of thermal noise, quite a low level. So it's useful, but there are better sources. Radioactive decay, this is an exciting one, because this is a quantum process, so if you don't give a radioactive atom, you don't know when it's going to decay. If you've got a whole bunch of them, although the overall activity might be constant, you can look at the time between subsequent decays and use that as a source of entropy. Another exciting quantum process is single photons moving through a beam splitter. So if you have a beam splitter that's got a 50 chance of transmission or reflection, if you can fire a single photon at it and measure whether it's reflected or transmitted, you've got the ideal coin flip. And again, there's no way, even in knowing that having full knowledge of the system, you can't predict that all the hardware required to produce single photons and measure them, it's not affordable, it's kind of expensive. There's probably better ways. Oh, diode noise, well, what a coincidence. So this is a great source because they're cheap, they're small, they're not using any outside source, it's all internally generated. They're not without their problems, I'm sure we'll talk about. But there are two sort of processes involved in diode noise. There's no effect and avalanche noise. So this is how you generate that diode noise. So if a reverse bias diode with a current limiting resistor and use a harness voltage and the junctional breakdown, and if you pick a nice big value for that resistor, it'll be a non-destructive process. It sounds destructive breakdown, but it's fine if the current's kept low, it's only the heating effect that's going to destroy it. So we can generate a breakdown. Now, I should say these diodes that have a low reverse breakdown voltage are generally used for voltage regulators, and they're all called zenediodes, but there are two effects here, the avalanche effect and the zener effect. So next time you're buying zenediodes, you can ask avalanche diodes and see how far that gets you. So the zener diodes have a very narrow depletion layer between the P and the N side, and when the electric field is strong enough, when you put a large amount of voltage on them, those electrons can turn across the barrier, and this is another super exciting quantum mechanical process. So again, you have full knowledge of the position of all those atoms. You can't predict this, this is great. This is the majority of effects in diodes where the breakdown voltage is less than 4 volts. As temperature increases, the barrier level decreases, so the probability of current tunneling increases. So this is my picture of tunneling, not very good. It doesn't really make sense when you say the barrier level decreases because it tunnels, but that's because these things are hard to draw. So this has a, if the diodes get hot, then their breakdown voltage will decrease. On the other hand, there's avalanche breakdown. At high field strengths, the electrons get enough energy to ionize other atoms in the semiconductor, and those electrons are accelerated, and ionize other atoms and so on and so on. There's a large number of electrons moving about and current flows. This is the majority effect in diodes where the breakdown voltage is greater than 6 volts. Here's another terrible diagram. It's like a chain reaction, that's what it's supposed to be. So when it comes to temperature, as the semiconductor gets hot, the lattice starts to vibrate, and basically the electrons get scattered sooner than if they weren't vibrating. The path between collisions becomes less, so they don't have a chance to accelerate as much as previously for the same applied voltage. So you need a bigger voltage to cause the avalanche effect. So then a process, the voltage goes down with temperature, avalanche, the voltage goes up, and this is a handy way. If all your zener and avalanche diodes get mixed up in the box, this is a great way to sort them out again. I think we can go now and actually see this effect in action. I've got two diodes here. One's a zener diode, a breakdown of about 3.5 volts. One's an avalanche diode with about 12 volts. And if we look at the... This is the zener diode without. You can see there's some noise there. Purely quantum noise, very exciting. I really think that's more of a marketing thing, to be honest. Don't believe any practical value. This is the avalanche diode. You might notice a slight difference in amplitude there. It changes the scale of my very expensive oscilloscope. So that's the avalanche diode noise. And that's the zener diode noise. So while the avalanche noise is a classical mechanical process, can you really predict that? You can't possibly measure the state of the semiconductor. I think from... As far as the marketing department is concerned, the quantum stuff sounds great, but in all practicality, I don't think this is any worse. And it's also got a much higher output, which makes it easy to build one. So I'm going to use the avalanche effect in demo. So here's one you can build yourself. It's cheap, it's simple, it has a charge pump. This is what it looks like, by the way. So it uses a 9-volt battery. It uses a charge pump to boost that to 12-13 volts. Of course, breakdown in a reverse biased PN junction. An amplifier, an ADC, and a display. And it just uses an ATML. So an ATML microcontroller part to do everything from this side. And you can even listen to it as well. So it just plays it on the screen. So this is the previous one I built, which doesn't have the sound output. So feel free to pass those around if you want to do it. And meanwhile, I'll just show you the circuit. So ironically, it uses anodide in the power supply, but it doesn't use it in the noise make-up part. So this is the business end. So it uses 9 volts from the battery. It uses these diodes to create a charge pump, to create a higher voltage here. It actually uses a reverse biased base emitter junction rather than a diode. Well, frankly, I was buying a whole bag of these things anyway, and it seemed a shame to have another part in the bill of materials. And also, it turns out that these transistors, those junctions are really noisy, much more noisy than that diode we saw there. I guess they're not designed to be using this way and so there's no effort made to make them quiet. And so it just means if amplified, it doesn't have to have so much gain for it to work. So it's part of the cost optimization process. So you can use that as a source of random numbers. Instantly, there seems to be any number of companies out there offering different ways to generate numbers, so quantum numbers using light, using xenodiodes, using avalanche diodes, radioactive sources, you name it. Each group says that they're more random than the next group. But you can spend as much as you like. If that makes you feel better. Or it could be a great opportunity to get in yourself and start selling them. So I hope you found that interesting. If you have any questions, I have to answer them. Also, this isn't probably part of the demo, probably one for Arthur if you're interested, but we can heat up the diodes and we can see the voltage go up and down depending on the, so I can prove to you the effects they are. IBM was actually right when they said there is a place for the hair dryer in the laboratory. So yeah, if you've got any questions.