Didn't read the pdf but I used to work for a lottery Corp and from what I heard security was nuts. One of the server room IT guys left for Blue Cross and later said Blue Cross was much less strict than the lottery.<p>I also recall one of the compliance guys telling me about the balls used in one of those bingo ball tumbling machines. He said they had to wash, dry and weigh each ball before every draw. Of course it was fun to yell to him saying on draw day "hey it's Friday did you wash and dry your balls?"
As an infosec pro, If I was in charge of a lottery RNG, I would require the use of a recent unmodified Linux or OpenBSD distro and simply use getrandom(2). These custom RNG introduce 100% unnecessary complexity and risks. I am baffled none of them seem to do that and they need thirdparty certification procedures (who miss RNG flaws anyway.)
I wonder why they didn't go for an easy technique to defend against backdoors: use two independent sources for random numbers that don't know of each other and xor their output together. The increase in cost is small and the win for integrity and security is huge.
I remember reading about the MUSL RNG fraud recently (1-2 years ago). Interesting that they are tying state lottery frauds to that malicious insider from as far back as 2005 (or so the slides suggest).
The idea of a public/random mixing source is always fun. Everybody has a fun pet idea but they all suffer from one issue or another. Here's some of mine:<p>1. Move the mouse around<p>2. Force someone to dance and read the output from a webcam<p>3. Record various RF signals<p>4. Speak a joke into a microphone.<p>The best solution is probably just a plain, non-network computer with an open-hardware TRNG to mix the CSPRNG (I believe BSD is switching to Fortuna). Read from the CSPRNG all day loooong.