colin
/
camera-trng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
camera-trng/RESEARCH.md

9.2 KiB
Raw Blame History

Camera-Based TRNG: Research & Scientific Basis

TL;DR

This implementation follows the LavaRnd approach: a camera sensor with the lens covered generates true random numbers from thermal noise, dark current, and readout noise. With the lens cap on and gain maximized, the sensor produces chaotic electrical noise that is:

  • Unpredictable: Rooted in thermodynamics and quantum mechanics (Heisenberg uncertainty)
  • High-throughput: Each frame provides hundreds of kilobytes of entropy
  • Tamper-evident: No scene data means no side-channel information leakage
  • Well-studied: Based on the LavaRnd project and decades of noise-based RNG research

The Physics: Why Covered Camera Noise is Truly Random

Dark Current (Quantum Origin)

Even with no light hitting the sensor, thermal energy causes random generation of electron-hole pairs in the silicon. This "dark current" follows Poisson statistics—a direct consequence of quantum mechanics. The rate depends on temperature but the exact timing and location of each thermal generation event is fundamentally unpredictable.

Thermal Noise (Johnson-Nyquist Noise)

Electrons in the sensor's readout circuitry undergo random thermal motion, creating voltage fluctuations. This noise is thermodynamically guaranteed at any temperature above absolute zero and adds entropy to each pixel reading.

Readout Noise

The amplification and analog-to-digital conversion process adds further random fluctuations from circuit thermal noise and quantization effects.

Why Cover the Lens?

With the lens covered:

  • No scene information: Zero correlation with the outside world
  • Pure noise: Every bit of sensor output is noise, not signal
  • No side-channel: An attacker cannot use camera imagery to predict outputs
  • Maximized relative entropy: Noise dominates 100% of the signal

With gain maximized, these noise sources are amplified to fill the sensor's dynamic range with chaotic data.

The LavaRnd Project

This implementation is inspired by LavaRnd, developed by mathematician Landon Curt Noll and cryptographer Simon Cooper.

How LavaRnd Works

  1. Webcam with lens cap on in a light-proof enclosure
  2. Gain cranked to maximum to amplify thermal noise
  3. Raw frames processed through a "Digital Blender" (cryptographic conditioning)
  4. Output: cryptographic-quality random numbers

Security Properties

From the LavaRnd documentation:

"The Heisenberg Uncertainty Principle makes it impossible to perfectly predict CCD noise, and the chaotic nature of thermal processes means small prediction errors compound rapidly—rendering future frames intractable to forecast."

LavaRnd demonstrated that incorrect guesses of single bits typically lead to errors in over 80 bits of output after conditioning.

History

  • 1996: Original Lavarand at Silicon Graphics used lava lamp imagery
  • 2000s: LavaRnd improved on this by eliminating the lava lamps entirely—just a covered webcam
  • Present: Cloudflare's "LavaRand" (different project) uses actual lava lamp walls, but the covered-camera approach remains valid and more practical

Academic Research Supporting This Approach

Key Papers

Year Authors Title Key Finding
2000 Stipčević & Koç True Random Number Generators Established thermal/shot noise as high-quality entropy sources
2004 Petrie & Connelly A Noise-Based IC Random Number Generator Demonstrated thermal noise extraction for cryptographic RNG
2011 Symul et al. Real time demonstration of high bitrate quantum RNG Proved optical noise sources provide quantum-grade entropy

NIST Recommendations

NIST SP 800-90B (Recommendation for the Entropy Sources Used for Random Bit Generation) explicitly recognizes:

  • Physical noise sources as valid entropy inputs
  • The need for conditioning (hashing) to remove bias
  • That thermal noise qualifies as a non-deterministic source

How This Implementation Works

  1. Camera initialization: Opens the default camera device
  2. Gain maximization: Sets gain, brightness, and exposure to maximum values to amplify noise
  3. Frame capture: Reads raw pixel data (which is pure noise with lens covered)
  4. LSB extraction: Takes the 2 least significant bits from each byte
  5. SHA-256 conditioning: Hashes the LSBs with timing data to produce uniform output

Why LSB Extraction?

Even with a covered lens and maximum gain, some pixels may saturate or have fixed patterns. The least significant bits contain the highest entropy density and are least affected by any systematic bias.

Why SHA-256 Conditioning?

Raw sensor data may have slight bias or correlations. Cryptographic hashing:

  • Removes statistical bias
  • Destroys any residual correlations
  • Provides forward secrecy
  • Produces uniformly distributed output

This follows both NIST SP 800-90B and LavaRnd's "Digital Blender" approach.

Setup Requirements

Critical: The camera lens must be covered for this to work as intended.

  1. Cover the lens: Use the lens cap, opaque tape, or place the camera in a light-proof enclosure
  2. Verify darkness: The camera should capture pure black frames
  3. Run the service: Gain is automatically maximized by the software

Without covering the lens, the system still produces random output (from shot noise in lit scenes), but:

  • Scene content could theoretically leak through side channels
  • The entropy model changes from pure thermal noise to mixed shot/thermal noise

Comparison: Covered vs Open Camera

Aspect Covered (LavaRnd) Open (Sanguinetti)
Primary entropy Thermal + dark current Photon shot noise
Scene leakage None MSBs contain scene
Setup required Cover lens None
Entropy per frame Lower absolute Higher absolute
Security model Simpler (no scene) Requires LSB isolation

Both approaches are scientifically valid. This implementation uses the LavaRnd approach for its simpler security model.

Criticisms & Limitations

"Dark Noise is Weaker Than Shot Noise"

Criticism: Photon shot noise in lit scenes provides more entropy than dark current.

Reality: True in absolute terms—but the LavaRnd approach compensates by:

  • Maximizing gain to amplify available noise
  • Using cryptographic conditioning to concentrate entropy
  • Eliminating scene-correlation concerns entirely

For cryptographic purposes, both approaches exceed minimum entropy requirements.

"Consumer Cameras Minimize Dark Current"

Criticism: Camera manufacturers design sensors to have low dark current for image quality.

Reality: Even "low" dark current is sufficient. At maximum gain, the noise floor becomes significant. LavaRnd demonstrated cryptographic-quality output from commodity webcams.

"Not Certified Hardware"

Criticism: Unlike dedicated HSMs, consumer cameras aren't designed for cryptographic use.

Reality: Valid concern for high-security applications. This is suitable for most applications (session tokens, nonces, salts). For HSM-level security, use dedicated hardware RNGs.

"Throughput Limitations"

Criticism: Camera frame rates limit throughput.

Reality: At 30fps with ~300KB frames, you get roughly 1 KB/s of conditioned output. Sufficient for web applications and API tokens—not suitable for bulk encryption.

Statistical Validation

Camera-based TRNGs (including LavaRnd) pass standard randomness test suites:

  • NIST SP 800-22 (15 statistical tests)
  • Dieharder (100+ tests)
  • TestU01 BigCrush (160 tests)
  • ENT entropy analysis

The SHA-256 conditioning ensures outputs are indistinguishable from ideal random even if raw inputs have imperfections.

When to Use This

Good for:

  • Session tokens and CSRF tokens
  • Cryptographic nonces
  • Salts for password hashing
  • UUID generation
  • Seeding local PRNGs
  • Applications requiring provable physical randomness

Not recommended for:

  • Long-term cryptographic keys (use HSM)
  • High-volume bulk encryption
  • Air-gapped high-security environments

References

  1. Noll, L.C. & Cooper, S. "LavaRnd: Random Number Generation." https://lavarand.org/
  2. NIST SP 800-90B (2018). "Recommendation for the Entropy Sources Used for Random Bit Generation."
  3. Stipčević, M. & Koç, Ç.K. (2014). "True Random Number Generators." Open Problems in Mathematics and Computational Science, Springer.
  4. Janesick, J.R. (2001). Scientific Charge-Coupled Devices. SPIE Press.
  5. Gibson, S. "Going Random" Security Now Episodes 299-301 (2011). GRC.com.
  6. Symul, T., Assad, S.M., & Lam, P.K. (2011). "Real time demonstration of high bitrate quantum random number generation." Applied Physics Letters, 98(23).

Summary

This camera-based TRNG follows the LavaRnd approach: a covered camera sensor with maximized gain produces thermal noise that is fundamentally unpredictable. With proper conditioning through SHA-256 hashing, this method produces high-quality randomness suitable for most cryptographic applications.

The covered-camera approach offers a simpler security model than open-camera methods—there is no scene data to leak, no side-channel concerns, and the entropy source is pure electrical noise from well-understood physical processes.