We have some hope of using a QRNG, My python has QRNG, But they are maths based! RS

https://www.wolfssl.com/direct-entropy-injection-in-ml-kem-understanding-makekeywithrandom-and-drbg-bypass/

We can hope to use a QRNG for many functions & surely we could secure Credit Cards, TPM, HSM with Software QRNG's,

Study of cards ROM space indicates that ram could be as low as 24KB! Flash storage in the range of 1MB, We could do it!

Quantum Rings in terms of software, Rely on emulation of quantum effects, Fortunately they rely on a very small part of the SDK's..

We could though & Wolf SSL is ideal, Having used Wolf SSL on my patched router .. Instead of OpenSSL, The functions are promising!

You have to consider that WolfSSL is a fully secure Compiled SDK & provides FIPs Security..

Think about QRNG in terms of software, We obviously could not upgrade a current generation of cards to QRNG, But Soft QRNG's we could manage!

The conceptual space of post quantum QRNG's & Wide sized Quantum based ECC, Could considerably enhance our future security..

We just have to replace the cards & in the meantime, Replace the firmwares.

Rupert Summerskill on behalf of world security.

*

The Quantum TNG! & Software Emulations, Through Python IBM Kit: (c)RS

Software QRNG are relying on a point of view of Quantum events, That is Quantum Machines work on ripples & boundaries, What quantum events rely upon, Is a variation of probability over Area or Energy ripples..

The effect of quantum computers is mostly based around probabilities, Large Maths with higher precision can represent these features, ..

With thousands of FPU per GPU, Relatively simple to represent!

However, this being said, Quantum Computers are much more precise! How much more precise? THOUSANDS of % more precise!

Dealing with the effects of quantum computers is difficult! However if we wish to present causal reality at much less resolution, Say the FPU 183Bit or Double Float, Probabilities?

We could, Represent this!

How does this affect us? Well being practical QRNG can be said to channel through the CPU/GPU/FPU & for a start, We need to present our GRAND dev/random, The Quantum TNG!

So we can do two proposals:

Channel True QRNG's

Channel Emulated Post Quantum software version, Such as present in my Python installs..

IBM Quantum Emulation : QKit, May take a lot of resources, However small things like QcRNG, QtRNG & All emulation tasks ?

Entirely potentiated!

(c)Rupert Summerskill

*

The primary assurance on quality random bits, In assuring that elliptic curves are complex to hack: RS

RSA & ECC Certificate with ML-KEM, Elliptic Curve Cryptography & Quality DRAND & Pollinate sourced dev/random:

To be clear, I will explain my primary point about ECC, That ECC Forever relies on a point map in P256 & other curves,

The basis of that is a randomisation of point maps that relies on dev/random hashes & SHA related hashes like P256 Curves..

For every curve in the P series & brain & X25519 & alterations of X25519 that have a larger bit depth, Aka 256Bit, 384Bit & 512Bit..

dev/random plays a part, Cortana & Bard ML assure us that Curves are mapped & that we only use official curves, That view is wrong!

The Map created inside a base level elliptic curve is mapped from dev/random SHA's..

You have to understand that Mapping SHA's with dev/random is the logical choice,

Based on the SHA on the RSA & ECC certificate & Also dev/random!

A vital secret to success, says Rupert!, Yes my view is that we rely on dev/random a lot!

When we don't rely on semi randomisation, Such as used by DES & ECC, SHA Based Elliptic Curve & Cryptography... We rely on a readily available & basically stored static certificate..

As we can imagine the NSA & State Intelligence officers & Pyrates the world over.. Keeping our standard static secrets in storage, Until they break them..

Static, Means dead then? In many ways, potentially yes!

Public HASHES for ML-KEMS, Dilithium & Falcon, Statics & RSA & ECC Statics remain in the public view,..

Potentially if exposed without elliptic curves involvement.. Basically capturable personal security.

For these reasons, dev/random, DRAND & Pollinate, Along with tRNG & QtRNG devices remain our sources of hope..

That hope of personal freedom & privacy, Today & the future.

Rupert Summerskill

*

When you use Pollinate on Ubuntu, You must run the command so that it accepts certificates like mine from cloudflare,

Otherwise the default configuration is to only accept the certificate from Ubuntu 'official server',

With a command like : sudo pollinate -r -i -s https://pollinate2.ns4v.icu

*

Credit Card working ram said to be 1KB! So plans will have to be made! RS

Credit Card Component Typical Size
Secure storage (EEPROM/Flash) 4 KB – 128 KB
Working memory (not RAM in the usual sense) ~1 KB or less
Magstripe data

1KB means that the atm machine will have to do the work, 128KB of flash means the storage of ML-KEM & Cryptographic seeds is possible...

But from my angle, most of the RAM will have to be repurposed as cache..

Cache & PIN, Not cash & pin! Now how do we handle the low RAM issue & still do everything with the card?

Point of view 1:

The entire ML-KEM Certificate stored in Card RAM? Seems impractical.. So will be cache..

FLASH stored MK-KEM, Certificate, With multiple calls to RAM for flash? Including dev/random SEEDS

Secure Enclave on the ATM / Card Payment machine ... Using SoftTPM?

rDMA Certificate identifier transferred to machine ?

Ideal card would contain enough RAM, To store 4 seeds & ML-KEM Certificate & AES + Crypto Functions..

Point of view 1b : +1

Security of the ATM, Excludes sending the certificate to the machine, ..

We would have to send the client pem from the stored certificate & verify each verification cycle to the card..

In effect, We would have to use features of the card, Having security features like AES & Crypto..

ATM : Send, Receive from bank,

rDMA to card & cyclically receive a client verifier to hash to the server..

Security operations, All carried out by the card!

RS

The situation is not ideal, The ideal situation is like a YubiKey that shall process all secure Crypto functions on the card,..

I am assuming that the card shall be equipped with firmware that enables base maths for ML-KEM & AES & SHA2/3..

I am assuming that the ideal ram is around 256KB, But for the price of cards, Maybe 64KB..

I am assuming that, Network operations, Using the ATM Buss, With the cards rDMA, Is possible!

(c) Rupert Summerskill

*

#Seed Provision : RS https://www.drand.love/get-started
# A good smooth start for a very code friendly solution : RS

#Python V3

# beacon_seed.py (concept)
import requests, hmac, hashlib, os, base64
from cryptography.hazmat.primitives import serialization
# BLS verification requires a library that supports BLS signatures

DRAND_URL = "https://api.drand.sh/public/latest"
Polinate_URL = "https://entropy2.n-helix.com"

def fetch_verified_drand():
r = requests.get(Polinate_URL, DRAND_URL, timeout=5)
r.raise_for_status()
j = r.json()
# j contains 'round', 'randomness' (base64), 'signature'
randomness = base64.b64decode(j['randomness'])
round_id = j['round']
signature = base64.b64decode(j['signature'])
# Verify signature with stored drand public key (implementation required)
# TODO: verify signature using stored drand public key and BLS verify
# Example: bls_verify(drand_pubkey, randomness, signature)
return randomness, round_id, signature

def hkdf_extract(salt: bytes, ikm: bytes) -> bytes:
return hmac.new(salt, ikm, hashlib.sha256).digest()

def hkdf_expand(prk: bytes, info: bytes, L: int) -> bytes:
t = b''; okm = b''; i = 1
while len(okm) < L:
t = hmac.new(prk, t + info + bytes(), hashlib.sha256).digest()
okm += t; i += 1
return okm[:L]

def derive_seed(beacon, trng, os32, device_salt, run_id=b'01'):
ikm = beacon + trng + os32 + run_id
prk = hkdf_extract(device_salt, ikm)
okm = hkdf_expand(prk, b"card-seed-v1", 64)
return okm[:48] # seed material

#(c)RS

*

# Python, The-Good-System-Counter, Mixing Jitter & tRNG is good strategy..
# To improve? Call DRAND & Polinate
# def_fetch = call fetch rand-beacon

# Prepare digest and send signing request to secure element over I2C
# This is illustrative, Replace i2c addresses and transport with vendor SDK calls.

import hashlib, os, time, base64, json
from smbus2 import SMBus, i2c_msg
from cryptography.hazmat.primitives import serialization
# BLS verification requires a library that supports BLS signatures

I2C_BUS = 1
ST33_ADDR = 0x28

def sha256_hex(data: bytes) -> str:
return hashlib.sha256(data).hexdigest()

def canonical_pool_digest(pool_state_hex, sources, counts, monotonic):
payload = {
"version": "1",
"pool_digest": pool_state_hex,
"sources": sources,
"sample_counts": counts,
"timestamp": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
"monotonic_counter": monotonic
}
canon = json.dumps(payload, separators=(',', ':'), sort_keys=True).encode()
return payload, sha256_hex(canon).encode()

def send_sign_request(i2c_bus, digest_hex, nonce):
# Build a simple request frame: [cmd=0xA1][digest(32)][nonce(16)]
cmd = bytes([0xA1])
digest = bytes.fromhex(digest_hex)
frame = cmd + digest + nonce
write = i2c_msg.write(ST33_ADDR, frame)
i2c_bus.i2c_rdwr(write)
# Read response length then response (vendor protocol required)
time.sleep(0.05)
# This is placeholder; real device uses vendor SDK
return b"SIMULATED_SIGNATURE"

def main():
# Example inputs
pool_state_hex = "ab" * 32
sources = ["mpu_trng","irq_jitter","adc_noise"]
counts = {"mpu_trng":1024,"irq_jitter":2048,"adc_noise":512}
monotonic = 12345

payload, digest = canonical_pool_digest(pool_state_hex, sources, counts, monotonic)
nonce = os.urandom(16)

with SMBus(I2C_BUS) as bus:
signature = send_sign_request(bus, digest.decode(), nonce)

signed_blob = {
"payload": payload,
"nonce": nonce.hex(),
"signature": signature.hex() if isinstance(signature, bytes) else signature
}

print(json.dumps(signed_blob, indent=2))

if __name__ == "__main__":
main()

#(c)RS

*****

*RAND OP Ubuntu : https://manpages.ubuntu.com/manpages/trusty/man1/pollinate.1.html

(copy this text, for your server) *pollinate* /dev/rnd every 3 hours if you like:

sudo pollinate -r -i -s https://pollinate2.ns4v.icu
sudo pollinate -r -i -s https://entropy.n-helix.com
sudo pollinate -r -i -s https://entropy2.n-helix.com

https://www.drand.love/get-started

*

https://filebin.net/5gz2eswycm9nl963/sufficient%20dev-random%20into%20the%20TPM%20like%20Security%20chips%202025%20%28c%29RS.txt

https://filebin.net/sog7knhxc5tuxbfe/LibKhaosECC-PQC%20dev-random%20RS.txt

https://filebin.net/5gz2eswycm9nl963/Dev-Random%20Random%20procedural%20drip%20driver.txt

https://filebin.net/sog7knhxc5tuxbfe/Client%20Security,%20Cooky%20identifier%20hashes%202024+RS.txt

https://filebin.net/5gz2eswycm9nl963/Cryptographic-Security-NIST.SP.800-57pt1r6.ipd.pdf

https://filebin.net/5gz2eswycm9nl963/PQC-Smartcard-NIST2025.pdf

https://filebin.net/5gz2eswycm9nl963/Access-Tokens+Privacy+Security-NIST.IR.8587.ipd.pdf

https://filebin.net/5gz2eswycm9nl963/tRNG_s-To-Use-Sands20250010.pdf

https://filebin.net/5gz2eswycm9nl963/A%20survey%20of%20random%20number%20generator%202025.txt

https://filebin.net/5gz2eswycm9nl963/DRAND%20_%20Pollinate%20+%20Helpful-About-Install-cfg%20RS.txt

https://filebin.net/sog7knhxc5tuxbfe/Directory-Sort-RS.zip

TPM Development Files
https://filebin.net/5gz2eswycm9nl963/swtpm-0.10.0.zip

HSM-Yubi
https://filebin.net/sog7knhxc5tuxbfe/YubiHSM-deb.zip

PQC:

https://blog.cloudflare.com/pq-2025/

https://blog.cloudflare.com/bootstrap-mtc/

Security Card practicality:

https://www.usmartcards.com/Types-of-Smart-Cards