èƵ

Chance: Think of a number – and make it random

From shuffling in iTunes to keeping your bank account secure, computers need random numbers. But are they, like us, wired to think in predictable patterns?
Think of a number
Eugenia Loli

MADS Haahr is in no doubt. “Generating randomness is not a task that should be left to humans,” he says.

You might expect him to say that. A computer scientist at Trinity College Dublin, he is the creator of a popular online random number generator, hosted at . But he has a point.

Human brains are wired to spot and generate patterns. That is useful when it’s all about seeing predators on the savannah before they see you, but it handicaps us when we need to think in random and unpredictable ways. That’s a problem, because true randomness is a useful thing to have. Random numbers are used in cryptography, computing, design and many other applications. Our inability to “do” random means that we usually have to outsource it to machines.

But relying on outside sources of randomness has its own problems. The first dice for divination and gaming were six-sided bones from the heels of sheep, with numbers carved into the faces. The shape made some numbers more likely to appear than others, giving a decisive advantage to those who understood its properties.

Suspicion about the reliability of randomness generators remains with modern equivalents like casino dice, roulette wheels or lottery balls. But it is online where it really matters. Generating random strings of numbers is essential not just for gambling games or shuffling songs on your iPod, but also to produce unguessable keys used to encrypt sensitive digital information. “I don’t think people are very conscious of how important randomness is for the security of their data,” says Haahr.

And it takes more than programming. You can’t just give computers rules to create random numbers; that wouldn’t be random. Instead you might use an algorithm to “seed” a random-looking output from a smaller, unpredictable input: use the date and time to determine which random digits to extract from a random number string such as pi, say, and work from there. The problem is that such “pseudorandom” numbers are limited by the input, and tend to repeat non-randomly after a certain time in a way that is guessable if you see enough of them.

An alternative is to hook up your computer to some source of physical, “true” randomness. In the 1950s, the UK Post Office wanted a way to generate industrial quantities of random numbers to pick the winners of its Premium Bonds lottery. The job fell to the designers of the pioneering Colossus computer, developed to crack Nazi Germany’s wartime codes. They created ERNIE, the , which harnessed the chaotic trajectories of electrons passing through neon tubes to produce a randomly timed series of electronic pulses that seeded a random number.

“Probability of Paul the Octopus correctly predicting the results of 8 World Cup games: 1 in 256”

ERNIE is now in his fourth iteration and is a simpler soul, relying on thermal noise from transistors to generate randomness. Many modern computing applications use a similar source, collected using on-chip generating units such as Intel’s RdRand and Via’s Padlock. Haahr’s generator takes its seed from intrinsically noisy atmospheric processes.

Two problems remain. First, with enough computing power anyone can, in theory, reconstruct the processes of classical physics that created the random numbers. Second, and more practically, random number generators based solely on physical processes often can’t produce random bits fast enough.

Many systems, such as the Unix-based platforms used by Apple, get round the first problem by combining the output from on-chip randomness generators with the contents of an “entropy pool”, filled with other random contributions. This could be anything from thermal noise in devices connected to the computer to the random timings of the user’s keyboard strokes. The components are then combined using a “hash function” to generate a single random number. Hash functions are the mathematical equivalent of stirring ink into water: there’s no known way to work out what the set of inputs was, given the number the function spits out.

That doesn’t mean there couldn’t be in the future – and there’s still the speed problem. The workaround is generally to use a physical random number generator only as a seed for a program that generates a more abundant flow.

There we are back with the algorithm problem. The precise nature of the methods these programs use is proprietary, but in 2013 security analysts raised concerns that the US National Security Agency knew the internal workings of one such generator, called Dual_EC_DRBG, . If you’re just playing online games, that’s not a big problem. But when making multibillion-dollar financial transactions, or encrypting sensitive documents, a suspicion that you are being watched is a bigger deal.

Gaming the system

Such difficulties lead some researchers to suggest we’ll never have an uncrackable source of randomness as long as we rely on the classical world, where randomness is not intrinsic, but down to who has what information (see “Random reality“). For safer encryption, we must turn to quantum physics, where things truly do seem random. Instead of a coin toss, you might ask whether a photon hitting a half-silvered mirror passed through it or was reflected. Instead of rolling a die, you might present an electron with a choice of six circuits to pass through. “As a mathematician, I like my randomness to come with proof, and quantum random numbers give us that,” says of the University of Michigan in Ann Arbor. “It’s unique in that respect.”

Cryptographic systems that exploit the vagaries of quantum theory for more secure communication do exist. But they are not the last word in security. Extracting quantum randomness always involves someone making non-random choices about equipment, measurements and such like. The less-than-perfect efficiency of photon detectors used in some methods could also provide a back door through which non-randomness can slip in.

One way out that is still under investigation might be to amplify quantum randomness so you always have more of it than anyone can hack. Ways exist in theory , and also to to remove any correlation with the device that first made them.

Such device-independent quantum random number generation is just the latest development in our search for true randomness. Chances are, this too will soon become reality – only then for someone to find a way to game it. With humans forever in the mix, it could be that we’ll always be searching for randomness we can rely on.