The League of Entropy Forms To Offer Acts of Public Randomness (duo.com) 66
Cloudflare, along with a group of individual and academic partners, is forming a new coalition that will provide truly random, unpredictable numbers for a variety of applications, including election systems and lotteries. From a report: The problem of producing truly random numbers on a consistent basis has been a thorny one for cryptographers for many years. There have been plenty of efforts to establish sources of randomness, with some success, but one of the drawbacks is that any single randomness generator can be a target for abuse by privileged insiders or outside attackers. This is especially true in high-value applications that require random numbers, such as lottery or election systems. Also, if a given source of random numbers fails for any reason, the applications that rely on it can be crippled, as well.
To help address this problem, Cloudflare has teamed up with the University of Chile, the Ecole polytechnique federale de Lausanne, and several individual researchers to form a consortium of randomness beacons distributed around the world. The system is based on the drand randomness beacon developed by Nicholas Gailly, a researcher at Protocol Labs, a research lab for network protocols, and the aim is to have a distributed network of beacons that will always be available. "Our founding members are contributing their individual high-entropy sources to provide a more random and unpredictable beacon to generate publicly verifiable random values every sixty seconds. The fact that the drand beacon is decentralized and built using appropriate, provably-secure cryptographic primitives, increases our confidence that it possesses all the aforementioned properties," Dina Kozlov, a product manager at Cloudflare, said.
"This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers. Even if one or two of the servers or their entropy sources were to be compromised, the rest will still ensure that the jointly-produced entropy is fully unpredictable and unbiasable." Random numbers are vital to many kinds of systems and there are plenty of hardware and software-based random number generators. But more than one RNG has been found to have a bias, whether intentional or accidental, so randomness beacons emerged.
To help address this problem, Cloudflare has teamed up with the University of Chile, the Ecole polytechnique federale de Lausanne, and several individual researchers to form a consortium of randomness beacons distributed around the world. The system is based on the drand randomness beacon developed by Nicholas Gailly, a researcher at Protocol Labs, a research lab for network protocols, and the aim is to have a distributed network of beacons that will always be available. "Our founding members are contributing their individual high-entropy sources to provide a more random and unpredictable beacon to generate publicly verifiable random values every sixty seconds. The fact that the drand beacon is decentralized and built using appropriate, provably-secure cryptographic primitives, increases our confidence that it possesses all the aforementioned properties," Dina Kozlov, a product manager at Cloudflare, said.
"This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers. Even if one or two of the servers or their entropy sources were to be compromised, the rest will still ensure that the jointly-produced entropy is fully unpredictable and unbiasable." Random numbers are vital to many kinds of systems and there are plenty of hardware and software-based random number generators. But more than one RNG has been found to have a bias, whether intentional or accidental, so randomness beacons emerged.
Centralized Randomness... (Score:3, Insightful)
Where have I heard of this before...
Oh right, NIST... and does anyone remember what happened with NIST and their pseudorandom initialization box, that turned out until a very common programming error to provide less entropy than specified in an easy to predict fashion?
Cloudflare falls into the same trust model, as Google's successor, as Google becomes the new Microsoft.
Re: (Score:1)
Where have I heard of this before...
Trump's tariff policy? :-)
Re: (Score:3)
>> Oh right, NIST...
NIST is not trustworthy at all when it comes to crypto
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Yep, using this is beyond stupid.
Easy solution (Score:3)
Just hook it up to you-know-who's Tweets.
Re: (Score:2, Funny)
Voldemort tweets?
Re: (Score:3)
Manafort is in jail for what he did while working for John and Tony Podesta, who's organization was being paid by the DNC for lobbying(unregistered) on behalf of Russia and the Ukraine. They were allowed to retroactively claim lobbying for a foreign government with no penalty, that was after both were given immunity from prosecution. Either Putin is such a class genius that he knew Trump would hire Podesta ~10 years beforehand, while he was working for the democrats...or...Podesta was an insider that did
tell my wife hello (Score:2)
The league of Entropy (Score:5, Funny)
Re: (Score:2)
I checked the output stream for a bit: 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7
That output is exactly as likely as any other output of the same length.
Thus, it passes every objective test we have for randomness.
Re: (Score:2)
Yep.
https://www.explainxkcd.com/wi... [explainxkcd.com]
Re: (Score:3)
That can't possibly be correct. It's 9,9,9,9... [dilbert.com]
Random numbers are too important ... (Score:3, Funny)
Random numbers are too important to be left to chance.
Re: (Score:2)
Always the optimist, huh?
Re: (Score:2)
Re: (Score:2)
Thus far, we have been able to force the author(s) to disclose the source code for our Physical Universe.
A dilligent reverse engineering effort has been an ongoing project for a few centuries.
Our effort is riddled with holes, exceptions, and special cases. We don't know if we're "not even wrong" [wikipedia.org].
Re: Random (Score:1)
I tried that and now I hate math and prefer to shoe shop.
good book, that Carl Sagan plagerized (Score:2)
Defining Randomness (Score:4, Interesting)
There are two things about sources of randomness that I find interesting. One is how to generate random numbers, as this article discusses. The other, I think deeper, topic is how to define randomness to begin with.
For example, suppose you wanted to randomly generate digits in the range of 0 - 9. One seemingly sensible characteristic of your "random" output might that that no particular digit should appear more often than the others. However, if you design for even distribution of digits, you are then producing something that is no longer "random" due to your imposed condition.
I don't profess to know any answers to this. As I said, I simply find it interesting. Perhaps some more informed readers can provide some enlightenment on the dilemma of defining what randomness means in the first place.
K-Randomness (Score:2)
K-random (property of a bit-string B) means (roughly) that there exists no program whose code is shorter than B that can generate B.
Again roughly, this means that no one can figure out the pattern (of sequential bits) in B and write a program to generate that pattern.
You can always write a program of length len(B) that generates B. i.e. the null program with input B.
Unfortunately, I believe it has been proven th
Re: (Score:2)
Kolmogorov (spelling varies) randomness is quite an interesting definition. And my favourite one.
K-random (property of a bit-string B) means (roughly) that there exists no program whose code is shorter than B that can generate B.
Kolomogorov complexity is very interesting, but it really describes entropy, or information content, not randomness. It's really about the distribution of a random variable, not about the variable's randomness. Randomness also requires unpredictability which is a property of the generation process, not a property of the generated data.
To a cryptographer, "public randomness" appears at first glance to be an oxymoron... if the data is public it's predictable, and therefore not random, even if it was gener
Re: (Score:2)
Unpredictability of the generation process can be seen to be trivially equivalent to unpredictabilty of the next bit in the bit-string (for all such next bits), where the observer (the entity/process tr
Re: (Score:2)
One seemingly sensible characteristic of your "random" output might that that no particular digit should appear more often than the others.
But that's not how to characterise randomness. Of course a digit may appear more often than another. The point is that no particular digit should *have a probability* of appearing more often than another. Generate 10 numbers and getting no digit more often than another would point to it not being random... except if it is random than having no digit more often than another is a possible random solution, as is having a sequence 1,2,3,4,5,6,7,8,9,0.
The only way really to determine if you have true randomness
Re: (Score:2)
For example, suppose you wanted to randomly generate digits in the range of 0 - 9. One seemingly sensible characteristic of your "random" output might that that no particular digit should appear more often than the others. However, if you design for even distribution of digits, you are then producing something that is no longer "random" due to your imposed condition.
I would start here [wikipedia.org]. Read about probability distributions, in particular, to see why your concern that ensuring a uniform distribution might make the result non-random isn't an issue.
Re: (Score:2)
Randomness is usually defined by being unpredictable. Any predictability tends to weaken the random number generator for many of the purposes it can be used for, such as picking lottery numbers or cryptographic functions.
For example, if you have a crypto function that uses a random key, but you know that the key is probably biased towards certain numbers, you can optimize your brute force attack to try those numbers first.
Of course that means you need to define what predictable means. It can be as simple as
More for my script (Score:2)
My web-based randomness seeding script. [slashdot.org]
Well done (Score:2)
It's a solved problem (Score:1)
and for god's sake don't get the idea in your head that centralized randomness, controlled by the world's largest man-in-the-middle Cloudflare is somehow the secure solution to a problem we've already solved.
As with much else involving Cloudflare, stay the hell away, or they and the government they answer to will be all up and inside your IT.
Re: (Score:3)
Yeah I think it is pretty suspicious that anyone would want to unify multiple sources of randomness. It's then easy to poison that one output. Better to XOR completely independent sources.
If it's over the internet, it's not secure (Score:2)
Re: (Score:2)
It is already not secure it anybody else has it, and here the provider has it. The whole thing is beyond stupid.
random.org (Score:2)
Didn't VIA solve this in 2003? (Score:2)
https://developers.slashdot.or... [slashdot.org]
Incredibly stupid idea (Score:2)
Particulary considering there are actually good and cheap random number sources, and random numbers are not something you should share with anybody else.
On the other hand, this is a great business model, after all anybody who thinks about this for more than a few minute will not use the service which means that you'll be left with people who have no idea what they are doing and build business models on it (e.g. by deriving keys or using it for lotteries). You could then have a bunch of paying clients who wi
Let me help! (Score:2)
09813487348174579801757623145623491056840917541908217836470123
98127809127476127560589273460031843671548713947858173713467134