An STM32 HAL demo of a true/hardware random number generator with a camera as the entropy source.
First of all, I'm sorry for the clickbait regarding the lava 🌋 Although I was inspired by the original Lavarand (AKA the Wall of Entropy)1, I decided to use dirt cheap tealights instead of the fancy lava lamps. To my surprise, a single tealight was sufficient to pass the NIST suite of tests. To my even bigger surprise, true random numbers can be generated just by staring blankly at the plain wall. In my case apparently the image sensor itself is a sufficient source of entropy for generating at least 256 random bits per image. I learned that by accident actually - the candle went out when I was gathering the data. Now my TRNG is pointed at the ceiling and it is doing fine. I should probably coin a new name for it - the Ceiling of Entropy? In fact the entropy is not harvested from the ceiling, which is far from a chaotic system such as lava lamps or double pendulums, but it comes from the sensor noise. And you can do it with any CMOS camera sensor - the accompanying noise is inherent in such semiconductor devices. My above-mentioned "being surprised" came from the privilege of being a rookie cryptographer - the relevant fallacy is described a couple of sections below.
In my example the OV2640 camera module is configured to output the image in the compressed JPEG format. The SHA256 is deployed as the entropy extractor.
Important
If the lossy compression is used, a part of the entropy introduced by the sensor is lost.
Important
Pointing the camera at a chaotic system increases the combined entropy.
Important
Hashing does not increase entropy because hashing is a deterministic process. Hashing can be used as an entropy extractor, not an entropy source.
You might ask why use a camera to generate random numbers when we have a (T)RNG peripheral present in the majority of STM32 microcontrollers. Because it's fun!2 Because it's interesting!3 And because you can learn a couple of things along the way. You probably know the drill by now 🙂 The main objective for this submission is to inspire you to play with the DCMI peripheral and a cryptographic library.
Tip
Some STM32 uCs have the HASH peripheral. SHA256 can then be calculated without bothering the main core. On all others one can use a cryptographic library, such as Mbed TLS, to hash data.
Don't worry 🙂 Just hit Alt-K to generate /Drivers/CMCIS/, /Drivers/STM32H7xx_HAL_Driver/, /MBEDTLS/App/ and /Middlewares/Third_Party/mbedTLS/ based on the .ioc file. After a couple of seconds your project will be ready for building.
- RealTerm: Serial/TCP Terminal - check the Capture tab 🛠️
- Tabby - because I like its modern look 🙂
- USB to UART converter (Waveshare) - just for the convenience of having two separate COM ports: one for debugging messages and the other one for streaming random bits to the computer for their statistical evaluation.
- https://en.m.wikipedia.org/wiki/Hash_function (Wikipedia)
- Cryptographic hash function (Wikipedia)
- Security Part3 - STM32 Security features - 28 - HASH theory (ST)
- STM32F7 OLT - 20. Peripheral - HASH (ST)
- Mbed TLS
- STM32 cryptographic firmware library software expansion for STM32Cube
- SHA-256 Hash example on mbed OS
- Hash Calculator Online
- Table of weight-5 binary primitive polynomials with (roughly) equally spaced coefficients
- PCG, A Family of Better Random Number Generators
- Poorman's Quite Random Number Generator (PQRNG) by Hardware
Tip
If your uC does not offer the HASH peripheral and you are desperate to do it outside the main core, consider experimenting with a CRC peripheral. The CRC peripheral is more prevalent in uCs - all STM32 uC (based on Arm Cortex cores) provide it [AN4187].
- JPEG: Syntax and structure (Wikipedia)
- How can I extract randomness from a JPEG file? (StackExchange)
- Is this truly a TRNG? (StackExchange)
- Extracting randomness from highly-biased RNG (StackExchange)
- Why does entropy halve during its extraction? (StackExchange)
- A Note on Randomness Extraction
- Google search: hash entropy extractor
- AN5020: Introduction to digital camera interface (DCMI) for STM32 MCUs
- BSP OV2640 Component
- Fully implementation library support OV2640 camera on STM32 platform (SimpleMethod)
- ArduCAM Library Introduction (ArduCAM)
- LibDriver OV2640
- MIKROE RNG Click
- Infinite Noise TRNG, Infinite Noise TRNG source
- A Fast, Cheap, High-Entropy Source for IoT Devices
- "Random Number Generators - Principles and Practices" by David Johnston
- Random Number Generators - Principles and Practices (programs and data to accompany the book)
- Random Number Generators. Part 1. Terminology. (TechyTime)
- Randomness test (Wikipedia)
- Random Bitstream Tester
- Diehard tests (Wikipedia)
- TestU01 (Wikipedia)
- Practically Random (SourceForge)
- gjrand random numbers (SourceForge)
One of the most common fallacies (Which came first, 🐔 or 🥚?4)
TRNG vs PRNG - Entropy? - the fallacy is discussed in the top answer. Don't fall into this fallacy and be aware that there exist no test that can tell apart a TRNG generated stream and a PRNG generated one, assuming that the former is properly whitened and the latter is of a good quality. Statistical tests, such as the ones standardized by the NIST5, do not test for true randomness - they test the probability that a perfect random number generator would have produced a sequence less random than the sequence that was tested, given the kind of nonrandomness assessed by the test.
Test results for the camera plus SHA256:
Test results for the camera plus CRC32:
The code lets you experiment also with a PRNG solely based on SHA256 algorithm: SHA256(seed++)6.
Test results for the PRNG SHA256(seed++):
- The function returning the p-value bigger than 1.0f - it's really baffling. A bug xor an incorrect nomenclature?
- Unable to find a configuration sequence for OV2640 that is free from write/read errors. Still I'm able to produce a viable JPEG file (tested by writing it to an STM32 USB MSC Device and displaying it on a PC). A different version of the chip? A knock-off/fake chip? No clue. Leaving it like this. The chip was officially discontinued in 2009, therefore probably the ones available today are all clones. No time to investigate that further - I will focus on incorporating OV5640 📷 with the autofocus function into my future projects7.
Explore more entropy sources. Maybe something from my to-do list: a digital mic plus the I2S peripheral, TC plus VREF + TIM8, resistors plus opamps9, a Zener diode plus opamps, two transistors plus opamps, and a physical dice roller plus computer vision (Pixy210).
Create your own home laboratory/workshop/garage! Get inspired by ControllersTech, DroneBot Workshop, Andreas Spiess, GreatScott!, ElectroBOOM, Phil's Lab, atomic14, That Project, Paul McWhorter, and many other professional hobbyists sharing their awesome projects and tutorials! Shout-out/kudos to all of them!
Warning
Automation and control engineering - do try this at home ❗
190+ challenges to start from: Control Engineering for Hobbyists at the Warsaw University of Technology.
Stay tuned!
Footnotes
-
Lavarand (Wikipedia) and The Lava Lamps That Help Keep The Internet Secure (Tom Scott) ↩
-
"Why Do We Do Physics? Because Physics Is Fun!" (James D. Bjorken) ↩
-
Prof. Andrzej Dragan - Między prawdą a niewiedzą | AI, Edukacja, Fizyka Teoretyczna | SGMK (SGMK_ Nicolaus Copernicus Superior School) ↩
-
There was no first chicken nor the first chicken's egg. We call it evolution 😉 ↩
-
Using SHA2 as random number generator? (StackExchange) ↩
-
Enable OV5640's autofocus function on ESP32 AI-THINKER Board and ESP32 Webcam With Autofocus: Using Adafruit Ov5640 Breakout With Esp32-s3-devkitC-1-N8R8 (Also, a Basic Guide to Using PlatformIO) (Instructables). ↩
-
Poorman's Quite Random Number Generator (PQRNG) by Hardware ↩
-
A true random number generator that utilizes thermal noise in a programmable system-on-chip (PSoC) by Shunsuke Matsuoka, Shuichi Ichikawa and Naoki Fujieda ↩