Evaluating Entropy Sources for True Random Number Generators by Collision Counting

  • Maciej SkórskiEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 651)


The general approach to evaluate the quality of entropy sources used in true random number generators is to estimate min-entropy, which is based on estimating frequencies of all possible source outcomes. This method is space inefficient, for example for a source producing 30-bit outputs it needs \(30\,\mathrm {Gb}\) of storage to get an error smaller than one bit per sample.

We show that for some popular designs estimating min-entropy can be replaced by much more efficient counting the number of collisions between consecutive samples. Namely, we propose an estimator for the collision entropy of a sequence of i.i.d samples \(X_1,\ldots ,X_n\). The estimator utilizes a simple collision counting technique, and has the following features
  • Is memory-efficient (reads samples in a forward-only mode, uses O(1) storage)

  • Can be coupled with every min-entropy extractor, losing only extra \(\log (1/\epsilon )\) bits.

We implemented our estimator with an iPhone accelerometer as the entropy source, and Toeplitz-matrix based universal hashing as an extractor. The quality of this TRNG was confirmed by applying the NIST tests suite.


Security Level Entropy Rate Weak Source Provable Security Atmospheric Noise 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BKMS09]
    Bouda, J., Krhovjak, J., Matyas, V., Svenda, P.: Towards true random number generation in mobile environments. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 179–189. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04766-4_13 CrossRefGoogle Scholar
  2. [BL05]
    Bucci, M., Luzzi, R.: Design of testable random bit generators. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 147–156. Springer, Heidelberg (2005). doi: 10.1007/11545262_11 CrossRefGoogle Scholar
  3. [BRS+10]
    Bassham, III, L.E., Rukhin, A.L., Soto, J., Nechvatal, J.R., Smid, M.E., Barker, E.B., Leigh, S.D., Levenson, M., Vangel, M., Banks, D.L., Heckert, N.A., Dray, J.F., Vo, S.: Sp. 800-22 rev. 1a. a statistical test suite for random and pseudorandom number generators for cryptographic applications, Technical report, Gaithersburg, MD, USA (2010)Google Scholar
  4. [BS]
    Bedekar, N., Shee, C.: A novel approach to true random number generation in wearable computing environments using mems sensorsGoogle Scholar
  5. [BST03]
    Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45238-6_14 CrossRefGoogle Scholar
  6. [Cac97]
    Cachin, C.: Smooth entropy and Rényi entropy. In: Fumy, W. (ed.) Advances in Cryptology, EUROCRYPT 1997. LNCS, vol. 1233, pp. 193–208. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_14 Google Scholar
  7. [DGP07]
    Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the windows random number generator. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 476–485. ACM, New York (2007)Google Scholar
  8. [dRHG+99]
    de Raadt, T., Hallqvist, N., Grabowski, A., Keromytis, A.D., Provos, N.: Cryptography in OpenBSD: an overview. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 1999, p. 33. USENIX Association, Berkeley (1999)Google Scholar
  9. [GW96]
    Goldberg, I., Wagner, D.: Randomness and the netscape browser (1996)Google Scholar
  10. [Haa]
    Haahr, M.: homepage. Accessed 01 July 2016Google Scholar
  11. [HN09]
    Halprin, R., Naor, M.: Games for extracting randomness. In: Proceedings of the 5th Symposium on Usable Privacy, Security, SOUPS 2009, pp. 12:1–12:12. ACM, New York (2009)Google Scholar
  12. [JK99]
    Jun, B., Kocher, P.: The intel random number generator. In: White Paper Prepared for Intel Corporation (1999)Google Scholar
  13. [KKHD14]
    Kaplan, D., Kedmi, S., Hay, R., Dayan, A.: Attacking the linux PRNG on android: weaknesses in seeding of entropic pools and low boot-time entropy. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14). USENIX Association, San Diego (2014)Google Scholar
  14. [Kra]
    Krawczyk, P.: A NIST tests implementation.
  15. [LPR11]
    Lauradoux, C., Ponge, J., Röck, A.: Online entropy estimation for non-binary sources and applications on iPhone. Rapport de recherche, Inria (2011)Google Scholar
  16. [LRSV12]
    Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited, Cryptology ePrint Archive, Report 2012/251 (2012).
  17. [Mar96]
    Marsaglia, G.: DIEHARD: a battery of tests of randomness. Technical report, Florida State University (1996)Google Scholar
  18. [Sun09]
    Sunar, B.: True random number generators for cryptography. In: Kaya, K.C. (ed.) Cryptographic Engineering, pp. 55–73. Springer, US, (2009) (English)Google Scholar
  19. [TBK+]
    Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.:Google Scholar
  20. [vN51]
    von Neumann, J.: Various techniques used in connection with random digits. J. Res. Nat. Bur. Stand. 12, 36–38 (1951)Google Scholar
  21. [VSH11]
    Voris, J., Saxena, N., Halevi, T.: Accelerometers, randomness: perfect together. In: WiSec 2011, pp. 115–126. ACM (2011)Google Scholar
  22. [Wal]
    Walker, J.: Hotbits homepage. Accessed 01 July 2016Google Scholar
  23. [Zim]
    Zimmermann, P.: PGP user’s guideGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2016

Authors and Affiliations

  1. 1.University of WarsawWarszawaPoland

Personalised recommendations