1996-01-18 - RE: Random Number Generators

Header Data

From: JR@ROCK.CNB.UAM.ES
To: cypherpunks@toad.com
Message Hash: e9ab407e1c42afa534ef1c86a653dfe0a4d917979c252317f8f385979c845ab3
Message ID: <960118135615.204012d1@ROCK.CNB.UAM.ES>
Reply To: N/A
UTC Datetime: 1996-01-18 11:45:16 UTC
Raw Date: Thu, 18 Jan 96 03:45:16 PST

Raw message

From: JR@ROCK.CNB.UAM.ES
Date: Thu, 18 Jan 96 03:45:16 PST
To: cypherpunks@toad.com
Subject: RE: Random Number Generators
Message-ID: <960118135615.204012d1@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


From:	SMTP%"tcmay@got.net" 18-JAN-1996 06:33:11.77
>At 11:40 PM 1/17/96, Kurt Buff (Volt Comp) wrote:
>>If you're going to work with hardware to get really random numbers, why not
>>go to the back of any of several PC-type magazines, and order the radiation
>>detector board that someone is hawking? Can't really do any better than
>>that, can you? Counting cosmic ray hits and noting their time differentials
>                         ^^^^^^^^^^^^^^^
>>should be just what the doctor ordered, right?
>
>Almost all of the counts in simple radiation detectors are from earthly
>sources, not from cosmic rays. For Geiger tube counters (not very common
>these days), the main counts are for gamma rays and for beta particles (if
>
	... stuff deleted ...

The main problem I see on these sources is not their ramdomness, which, in
some instances may be not so good as one would expect, but their subscep-
tibility to tampering.

First, randomness: for radiactivity counters, decay is a log function of
time. This could be used to reduce keyspace search. Second, radiactivity
can be quenched. If you are measuring background levels, then you are
exposed to external influences too: to be extreme, one can expect your
counter to go mad after an atomic explosion in the neighborhood. This
reduces randomness and keyspace.

Second, tampering: the atomic bomb explosion is a good example: it is
possible to produce an external source of radiactivity and influence
your detector. Unless you measure alpha particles from a radioactive
source of yours... And even then, you'll have to buy your source...
From whom? Just imagine a spy porting a radiating gun and pointing it
to your detector.

Also, the technology used is normally electromagnetical. One could think
of a method to storm a detector with a em field... thus reducing randomness.
The point is: since you don't notice these fields or radiations, you are
prone to fall in the trap: one gets used to rely on the technology 'cos
it always works, and when the day comes since you don't notice anything unusual
you don't suspect anything wrong. Your detector may be overloaded and only
outputs zeros for a while and you won't notice anything wrong.

>RNGs based on thermal noise and natural radioactivity have been discussed
>on our list at least a dozen times (multiple posts each time), so I suggest
>further research be done there.
>
>--Tim May

	This sounds to me more like the way to go: you need to rely on
something of which you have full control. Either a RNG function or something
that can not be tampered without you noticing. It would be very difficult
to produce big changes in temperature without you noticing... Though still
you are left with electromagnetic interferences on the detector.

	My view is that what is needed is something that a) you can fully
control or b) nobody can control/interfere/mimic in any way.

	In this sense, my point of view is: anything that can be influenced
from the outside is not reliable. This means you need something that's
totally inside and controlable. It should be fairly random, and not able to
be influenced from the outside. And possibly originate its own electrical
current which is not dependable on external influences of any type. Specially
electrical/radiation influences. It should be easy to monitor and difficult
to tamper with temporarily (so that tampering could pass unnoticed).

	The only thing I can think of is a biological source converting
chemical products into random electrical data. Biological sources are
very difficult to influence rapidly (other than by death which is
irreversible), they can't be switched on/off, their range of values is
always bounded to physiological limits (i.e. the only way to "overload"
them is by killing them or some other drastical and evident measure), have
normally a strong resilience to external influences, and as long as you
can keep an eye on them, you can remain sure they are alive and not 
horribly sick. And finally, if you are the source, then you have the 
highest availability possible and the fullest control.

	You could measure the changes in charge induced by a electrical
fish as it swims. Or changes in conductivity of some plant/animal tissues. Or
have a culture of electrical microorganisms. Or just use your own
electroencephalogram with the appropriate corrections to remove waves.
There are also some biological processes whose production is intrinsically
random. Things like some biochemical cycles, or some muscle movements.
It's all a matter of finding the best one(s) according to randomness and
ease of measure. And you can always combine several sources.

	There are even some studies already done about the randomness
of different biological processes, their predictability and to which
extent they can be influenced. The technology to measure most of them
is already well developed and highly reliable. It's all a matter of
adapting it to a new use.

	Just my 2c.

				jr





Thread