1

This question is inspired by a RNG question and some of the comments in the one of the answers. I have been designing random number generators in hardware recently and my results are significantly better than what I get from /dev/random and /dev/urandom. I took a sample of 10000 results from /dev/random and /dev/urandom and the results are as follows: enter image description here enter image description here

I ran this a few dozen times and the results are about the same with /dev/random being better than /dev/urandom, but that's not the crux of my curiosity.

Mathematically, of course, we want a completely decorrelated sequence of numbers for a random set. My question is if there is a maximum value for correlation in a set of random numbers that is acceptable? From the hardware standpoint, I can save a lot of power if I have slightly less random numbers and this is a very appealing idea for me. I don't know if it matters, but I use my random number generator for a ECC engine.

Update It seems that my /dev/random and /dev/urandom differences were outputs from the same device, but just with less entropy. My working theory is that the second read from the device has less entropy, but more than the OS minimum requirement. However, my question on the maximum correlation is still how much is the maximum acceptable correlation in a series of "random" numbers.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
b degnan
  • 5,110
  • 1
  • 27
  • 49

1 Answers1

2

There is no limit as to the amount of correlation you can have from an entropy source for it to be useful, but correlation then places a restriction on how you extract the entropy.

The restriction is this: you have to individually process an entropy block of a size that exceeds the length of correlation. Thus no correlation between blocks. For a Geiger tube you might have a slight settlement time after each reading that might be of length (n + 10). That means you have to deal with blocks of readings greater than 10. I use a web cam that outputs 25KB images, so I have to treat that as a full 25KB block (n+25K) to extract the entropy. If I try to process the image on a byte by byte basis, I fall foul of the JPEG file format that envelops the true entropy within the image.

Correlation is impossible to remove programmatically as that requires a complete theoretic model of the underlying physics of the source. My suggestion is to side step it and consume entropy in blocks greater than any possible length of auto correlation. If you're reading noise it might only be at most (n+2) anyway.

From your blog post that initiated all this:-

/dev/urandom is a pseudo random number generator, a PRNG, while /dev/random is a “true” random number generator.

I would argue that both random and urandom are pseudo random number generators, and you are just comparing like with like and getting differing results! /dev/random breaks my no more entropy out than in rule from this post hence I think that it's not a TRNG at all.

Community
  • 1
Paul Uszak
  • 15,905
  • 2
  • 32
  • 83