Sometimes problems that seem easy are actually difficult. One of these problems in the generation of random numbers. I won’t get into a discussion of what randomness means in a statistical sense, except to say that it means something that’s unpredictable, with no discernible pattern. In the physical world, it’s easy – we can roll dice, draw a piece of paper from a hat, or spin a wheel. Electronics, however, play by different rules. We have spent decades developing integrated circuits that behave consistently, and computer programs that execute the same way every time. This makes randomness a big deal.
Why do we need randomness? One of the major applications is in gaming. For example, if you want to simulate a turn-based board game, your computer, phone or console needs to be able to roll those dice. Another more critical use is in encryption, the technology that allows us to keep our conversations and financial transactions private. Random numbers are used in the creation of numeric keys, which are then used to convert readable data to gibberish and back to data on the receiving end.
The simplest approach is by the use of a PRNG, or pseudo-random number generator. We add the prefix “pseudo” because mathematically, it’s not really random; the function is just complex enough to seem that way. A commonly used method is the linear congruential generator, which is the basis of the Unix library function “rand.” It’s fast, efficient, and requires minimal memory. This is fine for games, but for encryption, the stakes are higher. An attacker who sought to compromise a secure system might discover how the numbers are generated and use them to guess at keys. The problem is actually more difficult than that, but if the attacker is sufficiently motivated, it could be a serious weakness.
Why not use a hardware-based solution to achieve real-world randomness in number generation? People have tried a number of different approaches, including monitoring the decay of a radioactive source, which is the basis behind Fermilab’s Hotbits service. Another option is to convert atmospheric noise to numeric values, which is used by the website random.org. The drawbacks of the hardware method include the initial cost of acquiring the hardware and the relative slowness of true random number production. At Fermilab it’s only 100 bytes per second, which is why they ask you to email them a request for a particular number of bytes; they send back data which they have pre-generated.
I’ve long wondered if someone could create a portable device to create random numbers for your PC. After doing a bit of USB development, I thought about creating a USB key to do this. Well,m somebody has beat me to it. Simtec electronics has a product which they call the “Entropy Key” which uses “two high-quality noise generators” to create the requisite random data. They’re a bit pricey, 36 pounds (currently about $44) each in single unit quantities, not including shipping. Their website says they currently have none in stock and there is a long wait. Another company, called Idquantique, provides random number modules incorporated in PC add-on boards, but these cost hundreds of dollars apiece.
Randomness, like air and water, is something we take for granted in everyday life, and often get for free. In certain applications, however, randomness can be very expensive indeed.
If you enjoy stories where the unexpected happens, download my short e-book Found Pet, in which a man who adopts a cute furry animal gets more than he bargained for.