Random Bit Generator

You might also want to think about most physical randomness is normally distributed rather than uniformly distributed as we think of perfect randomness

The central limit theorem implies that most collective systems, with many additive degrees of freedom, are normally distributed. Large bunches of particles (like the many charge carriers in a noisy diode) thus have a 'normal distribution' around the ground state. It's not because the system is physical, per se, just because the systems we use are all bounded and we want to choose our random ones from those that have boundaries so far away they don't matter to the randomness.

In the case of the UHF tuner, the AGC amplifier (automatic gain control) makes a distribution of light and dark pixels according to some rule, THEN you have to discard (for instance) the high four bits. That superimposes sixteen slices of the bell curve, and the resulting sum has very much less bell-curve-like distribution (is very nearly a uniform distribution). There are also techniques for more elaborate manipulations (XOR-ing two unrelated streams) that can turn a big pile of mainly-random digits into a smaller pile of so-random-it-can't-be-faulted-by-test digits.

I tried the sample and chuck away the MSB's method but it seems not to be possible to get a cryptographically acceptable result (to cryptographers on theoretical grounds) if you try to extract more than one bit.

The xor thing is a problem because it increases correlations and dependencies of all sorts.

Not true. Thermal or quantum presumed-random sources and that kind of guarding are how the best so-called random digit tables are made. No cryptographer has ever had any better source, that I've ever heard of.

A mathematician might not believe the randomness of such a gizmo is absolute, and the physical theory of thermal or quantum 'noise' might be wrong, though.

Which is why it ought to be done with unrelated sources. It is in no real sense 'a problem', rather it is 'a solution'. It is vulnerable to correlations, but in no sense that I can understand does it 'increase' them. If you used the 'xor thing' with two pseudorandom sequences, length N and M, it would result in a sequence that repeats at the least common multiple of N and M, which is rather a lot LESS repetitive than the originals (which repeated at N and M respectively).

Firstly your "not true" comment can be shoved where ever you like. I did work with random noise sources (Zener noise and thermal noise) and the results to cryptographers were unacceptable whenever more than 1 bit per sample was extracted.

Cryptographically acceptable means a provable bias of less than 2**-64 and some would say less than 2**-80. Random digit tables are not used in cryptography - simply printing the table makes it non random - don't confuse random numbers with magic constants

Of course you understand how correlations can increase - that is why you have now added the additional condition that "it ought to be done with unrelated sources". The problem is most users of random numbers do not have access to one fast generator of entropy let alone two. So whatever entropy source is available is often debiased by xoring one portion of the output with another. This does reduce bias but also increases correlations.

Create two bit sequences where the next bit has a 70% chance of being opposite (or if you want, the same) as the preceding bit. Xor the sequences together and check the bias and then do a runs or a correlation test. Like to post the result?

lly

Aha! A light dawns. You're referring to the possibility that the digitizing hardware has a bias toward some symbols (like, missing-codes in an ADC). That is a problem with a known solution, Lempel-Ziv compression. It gets less interesting when the solution is known.

Reread the original post; that condition was always stated.

You TRICKSTER, you! That example starts with a negative correlation, of COURSE entropy-adding tricks increase it! The goal is at zero correlation!

Yep. Back in the early 1970's there was a military HF radio modem that used them in pairs to demodulate rolling QPSK (45 degrees roll each frame). The Q would have to be pretty high to use them that way. They were demodulating some 15 tones simultaneously, and they were driven for one frame and used as reference for the next. The symbol rate was not very high, like 50 symbols per second, so they had to stay on phase for some time. I think the Qs were in the 10,000s range.