Actually nowadays, optoelectronics (light emitters and detectors) can be integrated onto a chip. On the other hand, if it's DIY, or at least all the circuitry visible, you can be sure there's no hidden backdoor. I don't think accurate balancing is needed. The entropy per bit is S = -p log p - (1-p) log(1-p). So S(50,50) = 0.693, S(60,40) = 0.673 for a fractional loss of 3%. And S(75,25) = 0.562, a loss of 19%. That can be compensated by correspondingly increasing the key length. Beware of high bandwidth analog amplifiers. With a teeny bit of capacitance between input and output, you have an oscillator. Supposedly modern Intel CPUs already have a built in RNG, partly physical, partly pseudo. Has anyone used it yet, or know how to access it? -- Gene From: Warren D Smith <warren.wds@gmail.com> To: math-fun@mailman.xmission.com Sent: Saturday, March 19, 2016 6:25 PM Subject: Re: [math-fun] true random generators Salamin's idea with 2 photodetectors requires adjustment to make them balanced, otherwise you'll get, say 70% "1" bits and 30% "0" bits. E.g. an adjustable iris. Also, it is annoying to have to use funny components like light bulbs, which seem non-miniaturizable. More generally, I do not like any design idea involving explicit enormous amplification factors, such as 1 photon amplified all the way up to a logic signal, or tiny noise amplified all the way up to logic signal. The Intel idea -- using a bistable static RAM bit-cell, turn it on, it assumes randomly either an 0 or 1 state -- also requires careful balancing at manufacturing time, otherwise you may get cells which turn on 99.99% of the time to "1." Also it might behave differently at different temperatures. My idea -- iterating F(x) where F is an appropriate function computed by analog circuit -- seems immune to temperature issues. Maybe in theory it is immune to balancing issues but in practice it will not be. But even without balancing it still should be reasonably balanced. Although ultimately all its randomness comes from thermal and quantum noise, it only involves low amplification gains, like factor 2, which should enable higher speed operation. The Intel idea is the simplest and the fastest. Perhaps the Intel idea can be "actively tuned," i.e. if it produces too many 1s, some controller circuit turns a knob to cure that. That however removes a goodly amount of its simplicity advantage.