You may be wondering, what do these retro-looking lava lamps and random data have in common? Randomness in computing is notoriously difficult to achieve. Random numbers are not a new phenomenon, nor are they delegated to the tech domain. Ancient Sumerians and Egyptians used dice as RNGs for games of chance. The random falling patterns of yarrow stalks were used for divination in ancient Chinese religion. As recently as the 1900s scientists used coin tosses, dice rolls, and even picking numbers out of hats to get random numbers for their research. A sequence is considered random if no patterns can be recognized in it. When you flip a coin or roll a pair of dice, you are using randomness to get an outcome - whether it's who will start a football game or who will win the jackpot.
In the 1990s, the need for random numbers for computing exploded. Lavarand was designed by Silicon Graphics in 1996 to generate pseudorandom numbers. US Patent 5,732,138: "Method for seeding a pseudo-random number generator with a cryptographic hash of a digitization of a chaotic system." The idea was to take photos of patterns made by the floating material of numerous lava lamps, and extract random data from the pictures to seed a number generator. Since 2017, the Cloudflare office in San Francisco has been using a wall of lava lamps, which help to encrypt the requests that go through Cloudflare, which make up a whopping 10% of all internet requests. In Cloudflare's Singapore office, the company uses a pellet of uranium in a glass bell jar (they assure everyone that it is a safe amount), and measures the release of isotopes over time with a geiger counter. This unpredictable data is known as entropy.
"Everything we do to achieve privacy and security in the computer age depends on random numbers." - Simon Cooper, an encryption expert and author of Building Internet Firewalls.
Random numbers are the crux of cryptography, and crucial to how we send and receive data on the internet. Random Number Generators or RNGs use physics, math, and the haphazard and irregular nature of the outside world to create sequences without recognizable patterns. As of 2003, the improved, open-source RNG called LavaRnd replaces the iconic lava lamps with a webcam with a lens cap on. This seems bizarre, but there is a thermal "noise" emitted by the webcam that "is digitized and put through a hash algorithm that churns the number set, stripping unwanted sections of predictability,"- Tom McNichol stated. What that boils down to is a sequence of numbers that can be used in cryptography.
Random number generation is an enormous industry and touches most parts of our internet-connected lives. Banking apps, online shopping, credit card encryption - all of these rely on random numbers. Even gambling has had a major upgrade by using better and longer sequences of numbers to improve win to loss randomness. Because of their nature, computers are terrible at coming up with random numbers by themselves. “Computers from the beginning have been designed to very reliable, very predictable,” says Cloudflare’s CEO Matthew Prince. “When you turn them on, they always do exactly the same thing and what they’re told to do."
There are True Random Number Generators, or TRNGs, and Pseudo-Random Number Generators, most commonly known as PRNGs. TRNGs rely on outside, physical, real-world phenomena to determine a number (like the radioactive isotopes or lava lamps above). Switzerland’s FourmiLab invented a HotBits generator which uses radioactive decay and the "quantum mechanical laws of nature" - from their webpage: "HotBits is an Internet resource that brings genuine random numbers, generated by a process fundamentally governed by the inherent uncertainty in the quantum mechanical laws of nature, directly to your computer in a variety of forms. HotBits are generated by timing successive pairs of radioactive decays detected by a Geiger-Müller tube interfaced to a computer." Other companies use things like atmospheric noise levels, weather and wind data, and other "truly" random natural phenomena.
According to Synopsys: "True random numbers are at the heart of any secure system and their quality contributes to the security strength of designs. Weak or predictable random numbers open the door for attacks that can compromise keys, intercept data, and ultimately hack devices and their communication." TRNGs are a necessary part of our growing reliance on big data and cryptography in general. Synopsys goes on to say:
True random numbers are required in a variety of security scenarios:
- Key generation for various algorithms (symmetric, asymmetric, MACs) and protocols (SSL/TLH, SSH, WiFi, LTE, IPsec, etc.)
- Chip manufacturing (seeding device unique and platform keys)
- Initial values (for encryption and MAC algorithms, TCP packet values, etc.)
- Nonce generation and initial counter values for various cryptographic functions
- Challenges used for protocol authentication exchanges
- Randomization input for side channel countermeasure solutions for protecting against physical attacks
There are standards that TRNGs must meet before being considered random enough for cryptographic applications. The US National Institute of Standards and Technology (NIST) agency has developed a set of NIST SP 800-90A/B/c standards and the German standards body, Bundesamt für Sicherheit in der Informationstechnik (BSI), has long had a separate set of RNG standards (AIS 20/31).
PRNGs do not offer absolute randomness. They are computer programs with algorithms which create seemingly random sequences, which appear random to humans. PRNGs can be faster, and are still widely used in many industries for things like simulation and modeling applications. TRNGs are usually less efficient and not always necessary for simple applications, although they are crucial for data encryption (and, arguably, gambling).
Read more about RNGs and randomness in general: