Not sure I’d call it analog. Mechanical it is, but all the computation control is digital. A mechanical one would probably have a camshaft for storing the program and use gears to make measurements and computations.
Would probably need a large engine to power it as well, with careful control because the resisting force would vary along the machine cycles (this could be used as a side channel attack vector to figure out internal state from resisting force).
This is pleasingly insane, congratulations! Is there a program to test the fairness of a given dice or coin? Is that a program that's even feasible to write?
You've always got the standard way to get fair random numbers from a fairness-unknown coin. Flip it twice. Restart if you get both heads or both tails. If you get H then T or T then H, those are equally probable, so take the first one of those as the final outcome.
This generalizes to a die of N sides. Roll it N times. If you don't get all N distinct results, restart. If you do, then take the first result as your final outcome.
(That may take a lot of trials for large N. It can be broken down by prime factorization, like roll 2-sided and 3-sided objects separately, and combine them for a d6 result.)
It may be more likely that H or T happens (an unfair coin), but in a pair of H and T, both HT and TH are equally likely. Therefore which is "first" is equally likely H or T.
Only holds if no spooky effects change results based on last result. (like a magic die that counts upwards or a magic coin that flips T after H no matter what)
Your second paragraph is correct and may be where the previous poster's intuition was disagreeing, that the method doesn't necessarily hold for repeated iterations in a physical system where one trial starts from where the last one ended.
It's not even really "spooky" - all you need is a flipping apparatus that's biased towards an odd number of rotations, and so then THTH is more common than THHT and you get a bias towards repeating your last result.
I love the slow pace of the video, including a few minutes presentation of all available programs. And indeed, there are programs to test dice and coin bias:
Love it. I wonder what the distribution of rolls/tosses for this looks like. This also reminds me of an automated dice roller thingy that someone built with a hopper of dice, a conveyor to bring the dice to the top of a ramp and ocr to record all of the rolls, a "Dice-o-matic" [0]. And a vidja of it in action [1].
At 5:44, the vid shows a webcam facing up to photograph the bottom of the coin/die through the shaker window. I guess there's some CV to read the item.
During the cold war, the Washington-Moscow "nuclear" hotline was set up with teleprinters and one-time pad keys for both directions. I imagine they had an analogue randomness key generator on both ends to generate the key material.
Presumably they're using ~Dual-EC DRBG~ some kind of quantum randomness generators these days.
> The noise values used for the encryption key were originally produced by large mercury-vapor rectifying vacuum tubes and stored on a phonograph record.
That's sure a hardcore way to run an analogue randomness generator.
This looks interesting, but there are much better (higher bitrate) sources of pure randomness, and I'm not sure what advantage this has over those. If I don't trust the machine that's generating the randomness, that doesn't only apply to the randomness component, I similarly mistrust this machine's code, the hardware, etc.
I'm not sure what this would add over, for example, entropy derived from a hash of the image of a camera's thermal noise profile.
Well said. I find the creator did a delightful job in his presentation. So much pride in the craftsmanship visible in his presentation as well as the finished product. I subscribed and hope for more videos..
I think the cloudflare video wall is a more practical way to mass generate entropy but this is suitably madcap I enjoy it. There are also other existing methods but they're not as... clearly demonstrable... as this like is used in existing hardware TRNGs.
Well... I think the comments are mostly "this is insane and great". I guess you could view the insane part as negative if it was intended to be serious. Kind of hard to tell tbh!
I am super dubious of mechanical systems for randomness... Newtons laws are fully predictable after all...
I suggest that any system like this has the output XOR'ed with another random source. If two random sources are XOR'ed together, then both need to be predictable for the output to be predictable.
Are these like public randomness beacons? NIST[0] and Cloudflare[1] have them.
I guess use cases are lotteries that are publicly verifiable, election auditing...
Not sure I’d call it analog. Mechanical it is, but all the computation control is digital. A mechanical one would probably have a camshaft for storing the program and use gears to make measurements and computations.
Would probably need a large engine to power it as well, with careful control because the resisting force would vary along the machine cycles (this could be used as a side channel attack vector to figure out internal state from resisting force).
This is pleasingly insane, congratulations! Is there a program to test the fairness of a given dice or coin? Is that a program that's even feasible to write?
You've always got the standard way to get fair random numbers from a fairness-unknown coin. Flip it twice. Restart if you get both heads or both tails. If you get H then T or T then H, those are equally probable, so take the first one of those as the final outcome.
This generalizes to a die of N sides. Roll it N times. If you don't get all N distinct results, restart. If you do, then take the first result as your final outcome.
(That may take a lot of trials for large N. It can be broken down by prime factorization, like roll 2-sided and 3-sided objects separately, and combine them for a d6 result.)
Hmm my intuition isn't agreeing with this. Does this have a name so I can read more about it?
Von Neumann randomness extractor
https://en.m.wikipedia.org/wiki/Randomness_extractor#Von_Neu...
It may be more likely that H or T happens (an unfair coin), but in a pair of H and T, both HT and TH are equally likely. Therefore which is "first" is equally likely H or T.
Only holds if no spooky effects change results based on last result. (like a magic die that counts upwards or a magic coin that flips T after H no matter what)
P(TH) = p(T)*p(H) = P(HT)
Your second paragraph is correct and may be where the previous poster's intuition was disagreeing, that the method doesn't necessarily hold for repeated iterations in a physical system where one trial starts from where the last one ended.
It's not even really "spooky" - all you need is a flipping apparatus that's biased towards an odd number of rotations, and so then THTH is more common than THHT and you get a bias towards repeating your last result.
Exactly right, I was thinking an unfair coin could have "memory" but then the method doesn't hold.
I love the slow pace of the video, including a few minutes presentation of all available programs. And indeed, there are programs to test dice and coin bias:
* https://youtu.be/bJiOia5PoGE?si=IEhbNJk0C0-7_2Nj&t=229
* https://youtu.be/bJiOia5PoGE?si=3Se3lYFVAAkElx0w&t=245
You can measure the Shannon entropy of a sequence
i love everything about this, including the absurd impracticality. which i, personally, would call "art".
Love this. Is the private key printed on a separate piece of paper? I saw only #####'s. How long does it take to generate a full key using dice?
Love it. I wonder what the distribution of rolls/tosses for this looks like. This also reminds me of an automated dice roller thingy that someone built with a hopper of dice, a conveyor to bring the dice to the top of a ramp and ocr to record all of the rolls, a "Dice-o-matic" [0]. And a vidja of it in action [1].
[0] http://gamesbyemail.com/news/diceomatic
[1] https://www.youtube.com/watch?v=7n8LNxGbZbs
It would be nice to access it from /dev/random on a normal machine (at a very slow bitrate)
Best use case I can think of is replacing the die roller in the board game trouble.
“You can pop a lot of trouble in the pop o matic bubble”
This concept reminds me of the cloudflare lava lamps! Awesome!
How does it read the value from the coins or dices?
At 5:44, the vid shows a webcam facing up to photograph the bottom of the coin/die through the shaker window. I guess there's some CV to read the item.
Cymru am byth!
I found the video very entertaining. Very old-school. And boy, you’ve paid a lot of attention to the device. It looks very pro.
This is cute, I like it
During the cold war, the Washington-Moscow "nuclear" hotline was set up with teleprinters and one-time pad keys for both directions. I imagine they had an analogue randomness key generator on both ends to generate the key material.
Presumably they're using ~Dual-EC DRBG~ some kind of quantum randomness generators these days.
There was, interestingly, a much fancier system used quite a bit earlier
https://en.wikipedia.org/wiki/SIGSALY
https://news.ycombinator.com/item?id=20138230
> The noise values used for the encryption key were originally produced by large mercury-vapor rectifying vacuum tubes and stored on a phonograph record.
That's sure a hardcore way to run an analogue randomness generator.
The beta decay enthusiasts were busy elsewhere.
This looks interesting, but there are much better (higher bitrate) sources of pure randomness, and I'm not sure what advantage this has over those. If I don't trust the machine that's generating the randomness, that doesn't only apply to the randomness component, I similarly mistrust this machine's code, the hardware, etc.
I'm not sure what this would add over, for example, entropy derived from a hash of the image of a camera's thermal noise profile.
I'm not sure what advantage this has over those.
Those usually don't look and sound like they were made by Doc Brown.
Well said. I find the creator did a delightful job in his presentation. So much pride in the craftsmanship visible in his presentation as well as the finished product. I subscribed and hope for more videos..
I think the advantage of this one is that it's funny. :)
I didn't watch the video because I didn't have sound, if it's meant to be funny, then I applaud it.
It's a very serious video, which adds to the comedy of it.
it's simple
So, to generate a random bitcoin key, that's how many coin tosses or die tosses?
The video says 128 cycles. Each cycle is 30 seconds, so it would take 64 minutes.
Beautiful <3
awesome.
Why the thermal printer? The text fades eventually and you will lose your private keys.
Yes it really ought punch brail or something?
There is another slot below that reads "archival grade printer".
I think the cloudflare video wall is a more practical way to mass generate entropy but this is suitably madcap I enjoy it. There are also other existing methods but they're not as... clearly demonstrable... as this like is used in existing hardware TRNGs.
https://en.wikipedia.org/wiki/Hardware_random_number_generat...
People are missing the point that it is creative and gets the job done, conversation pieces can go a long way.
Am I missing something? There's not a single negative comment in the post as of now.
Well... I think the comments are mostly "this is insane and great". I guess you could view the insane part as negative if it was intended to be serious. Kind of hard to tell tbh!
[delayed]
I am super dubious of mechanical systems for randomness... Newtons laws are fully predictable after all...
I suggest that any system like this has the output XOR'ed with another random source. If two random sources are XOR'ed together, then both need to be predictable for the output to be predictable.
There are two coins or die being flipped here. I am guessing they likely use the von Neumann trick for getting random data from biased sources
https://en.wikipedia.org/wiki/Fair_coin#Fair_results_from_a_...
That algorithm requires using the same coin for both tosses.
> Newtons laws are fully predictable after all...
Not fully actually:
https://plato.stanford.edu/entries/determinism-causal/#ClaMe...
Side note: excellent unintentional ASMR once Andrew starts explaining how the machine works.
Are these like public randomness beacons? NIST[0] and Cloudflare[1] have them. I guess use cases are lotteries that are publicly verifiable, election auditing...
[0] https://csrc.nist.gov/projects/interoperable-randomness-beac...
[1] https://drand.love/
[2] https://blog.cloudflare.com/league-of-entropy/
No.