Newsgroups: sci.crypt
Path: cactus.org!cs.utexas.edu!usc!elroy.jpl.nasa.gov!decwrl!purdue!mentor.cc.
+     purdue.edu!snap.stat.purdue.edu!hrubin
From: hrubin@snap.stat.purdue.edu (Herman Rubin)

Subject: Re: Nuclear random number generator
Message-ID: 
Sender: news@mentor.cc.purdue.edu (USENET News)
Organization: Purdue University Statistics Department
References:  <35750004@opus.hpl.hp.com>
Date: Wed, 2 Feb 1994 15:10:50 GMT
Lines: 30

In article <35750004@opus.hpl.hp.com> jewett@opus.hpl.hp.com (Bob Jewett) writes :
>> >But why use a radioactive source when thermal noise is sufficient and
>> >probably has a wider bandwidth/bit rate?
>
>> Because for me, at least, it is trivially easy to build and TEST a 
>> radioactive material-based generator while it is difficult to 
>> build a truly random generator and even more so to verify it.
>> I suppose I could buy a source but that takes all the fun out of it.
>
>But you have to apply the same final test to the bits of either RNG.
>There's no guarantee that you haven't made some kind of subtle goof
>in the design of the radioactivity-based generator.

It depends on what you want the physical random numbers for.  If you
want something good enough for Monte Carlo, it is impossible to test
for it, because to test, say, that the bits are accurate to .001,
a sample of about 10^7 will be needed, and for any complicated 
Monte Carlo, this is nowhere near good enough.  Mere testing is
not good enough.

For cryptographic purposes, lack of equiprobability should not be
a major concern, but lack of independence is likely to be very bad.
This is the harder item to test for, but a good nuclear RNG is 
likely to be good here.  This is a place where thermal noise can
be very deceptive, and this dependence can be considerable.
-- 
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
Phone: (317)494-6054
hrubin@snap.stat.purdue.edu (Internet, bitnet)  
{purdue,pur-ee}!snap.stat!hrubin(UUCP)