For years, truly random numbers at scale has been elusive.
No, this is 100% hype. Generating random numbers is easy. There are plenty of known techniques to do it. “Scale” is not a problem with respect to the quantity of random numbers, because “true” randomness is only needed so seed a cryptographically secure pseudorandom generator (CSPRNG). The output of a CSPRNG is indistinguishable from true random.
My first question: What are the difficulties associated with generating true random numbers? Cost, practicalities such as power consumption?
One difficulty with random generation is that it requires dedicated hardware which costs a significant fraction of a cent to mass-produce. This is a concern for devices whose price is of the order of magnitude of a cent per unit. This difficulty is largely solved nowadays: price have come down compared to a decade or so ago, and many cheap microcontrollers include a TRNG.
Incidentally, generating random numbers through processor and memory jitter is a well-known technique which cannot be employed in very cheap devices because they're too slow and stable. And it's not a very useful technique on larger devices because for those the incremental cost of a dedicated TRNG is negligible. All modern PC and smartphone processors include a dedicated TRNG, for example.
Power consumption is not much of an issue since the TRNG only needs to run for a very short amount of time. Latency can be an issue when the processor boots.
As a designer of embedded systems who doesn't know much about how the hardware works (my work is firmly at the software and system levels), the improvements I'd like to see in hardware random generation are to be cheaper to mass-produce (so that they're in every device), to have less latency and to be more reliable to environmental perturbations (e.g. temperature and power variations).
But in practice, the biggest problem with random generation is not in the hardware. It's in the software ecosystem which has trouble bridging all the steps between the hardware design and the application design. The problem is the operating systems and programming language interfaces where getting insecure random numbers is easy but getting secure random numbers is hard. The problem is misconfigured systems and applications that pass functional tests but have not had a proper security review.
Second question: What and who can be an arbiter on true randomness? i.e., who decides this particular number is truly randomly generated?
Since you can't tell how random a number is by looking at the number, you have to look at the process by which the number is generated.