USB Hourglass

- A Random Source -

Introduction

The USB Hourglass combines a sand timer with a rotating mechanism and an optical beam through the center of the timer to observe the falling sand. The amount of light reaching a detector is digitized at frequent intervals and processed by a microcontroller to determine when to rotate the hourglass. The digitized light levels are also sent by USB to a host PC where they can be used as a source of random entropy. Power is supplied over the USB cable.

Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number– there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method..
                            – John von Neumann

USB HourglassOK, it's not something that is ever likely to be on desktops everywhere, but there are many uses for a verifiable source of random entropy, and relatively few ways to get them.

There are some good non-deterministic random sources disclosed on the Internet. They make use of radioactive decay, radios tuned to secret frequencies where there is no broadcast, dice rolling down a chute, and even lava lamps.

The USB Hourglass compares well with these sources in terms of bit-rate, cost, safety, reliability, and simplicity.  A skilled technician could build one in a few days for less than $100 and verify all of its software.

Other strictly electronic random sources are available, but not commonly used. The Commodore 64 had one based on its sound-chip; the Intel 80802 Firmware Hub chip had one base on noise-driven voltage controlled oscillators. Via processors since 2003 have the PadLock RNG based on multiple free-running oscillators. There are several dedicated peripheral products that offer hardware random sources, e.g. Comscire R2000KU or Protego R200-USB or QRBG121 or id Quantique's Qantis. These devices are probably secure and unpredictable, but that is extraordinarily difficult to verify. The hardware is proprietary, and the software is closed-source, or so complex that critical examination is infeasible.

With the USB Hourglass, the user can look at the sand falling through the center of the hourglass and monitor the randomness in the USB output data. And one can read the code line-by-line, compile it, and upload it to the microcontroller using only open-source and widely supported tools. The relatively low bitrate can be overcome by using the output to seed and then continuously perturb the state (entropy pool) of a fast pseudo-random number generator (PRNG) as is done by Linux's /dev/urandom.

Performance

The USB Hourglass outputs the raw analog-to-digital converter readings as 10-bit non-negative integers (0-1023) in text form at 100 samples per second. The hardware is capable of a higher data rate, but there's not much higher frequency information present. Using a conservative estimate of 9 bits of entropy per 10-bit sample, the USB hourglass produces 900 bits/second of true randomness. For most applications the raw data should be run through a good whitening algorithm, e.g. Fortuna.

Watch It In Action!

The USB Hourglass runs about 2 minutes before it is rotated. The rotation takes about 2 seconds. Data is produced continuously.

Use the links at the top of this page to explore Design, Output, and (soon) a Store to purchase kits or completed products.