Encryption, Entropy, Easy.

May 17, 2023

Whether it be hiding your emails from lurking eyes on the internet or keeping your credit card number secure from bad actors during a transaction, encryption finds its way into most aspects of our digital life without us even noticing. Encryption is everywhere.

Randomness is extremely important for secure encryption. Each new key that a computer uses to encrypt data must be truly random, so that an attacker won't be able to figure out the key and decrypt the data. However, computers are designed to provide predictable, logical outputs based on a given input. They aren't designed to produce the random data needed for creating unpredictable encryption keys. That is where entropy comes in.

Entropy

Entropy in the real world typically refers to disorder or chaos, but in cryptography, it refers to unpredictability. This is better for encryption because a higher level of entropy in data means little to no meaningful patterns can be found.

Encryption is a predictable process, in the sense that the encrypted data plus the right key will give you access to the decrypted data, but encryption keys need to be unpredictable, or else an attacker can try to detect patterns. If the key used isn't random enough, then the data is at risk of being compromised.

To produce the unpredictable, chaotic data necessary for strong encryption, a computer must have a source of random data.

Turns out ... the real world is a great source for randomness...

Cloudflare's Lava Lamps

Probably the most famous is Cloudflare's wall of lava lamps aka The Wall of Entropy. Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Perhaps 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required.

“It’s a piece of artwork for our offices. But it does serve a purpose"

Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded, and photographs are taken. This footage is then turned into a stream of random, unpredictable bytes. This information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic.

The movement of the lamps aside, there are other factors at play also, like the ambient light, people walking past them - all of this adds to the randomness.

It's not an original idea either, it was first done by Silicon Graphics in the late 90s with their system called Lavarand.

Cloudflare's San Francisco office lava lamps

Thunderstorms

One of the easiest to use and most reliable sources of true random numbers is Random.org, a website that produces random numbers based on atmospheric noise.

In addition to generating random numbers in a specified range and subject to a specified probability distribution, which is the most commonly done activity on the site, it has free tools to simulate events such as flipping coins, shuffling cards, and rolling dice. It also offers paid services to generate longer sequences of random numbers for such things as lotteries.

Random.org uses radios that are tuned between stations to pick up differences in atmospheric noise, which is mostly influenced by thunderstorms and lightning strikes. Every day around the world, there are millions of lightning strikes, so there's plenty of variation.

The website was created in 1998 by Mads Haahr, a doctor and computer science professor at Trinity College in Dublin.

Radioactive Decay

HotBits from Fourmilab in Switzerland used (it was retired in 2022) a truly random seed source: radioactive decay.

Radioactive particles shoot off electrons at an unpredictable rate. It's not just that we don't have the know-how to estimate when the next particle will be released, it's that the decay is random down to its core. Even given complete knowledge of the laws of physics as well as the atom’s initial conditions, you can only, at best, come up with a probability of when the next electron will be released. HotBits used a Geiger counter to measure when the electrons are emitted to come up with truly random numbers.

In its Singapore office, Cloudflare uses this system also. It displays a pellet of uranium encased in a glass bell jar. Worth noting, its not a dangerous amount, its apparently used for school science classes also. Using a Geiger counter, Cloudflare measures the release of isotopes over time and more chaos to its equations.

Bananas

Yes. Bananas.

Italian electrical engineering student, Valerio Nappi expanded on the radioactive decay method; The BRNG (Banana Random Number Generator), which takes advantage of the potassium found in bananas, which is slightly radioactive.

The BRNG (Banana Random Number Generator)

Lasers

Lasers are another way of generating truly random numbers, with the added benefit that you can use them without needing expensive and dangerous radioactive material. Lasers have the added advantage of providing random numbers very quickly.

For example, researchers developed a chip that tracks the protons that lasers randomly emit. The rate at which a laser emits protons is as random as the rate at which radioactivity emits electrons. The chip then turns the results into electric voltage which can be measured and converted into random numbers.

Other

Other organisations have their own unique methods to obtain unpredictable values. The University of Chile sources entropy from seismic measurements of the earth, radio waves from a campus radio station, and a selection of Twitter posts. Protocol Labs uses measurements of ambient noise. Even the US government is experimenting with entropy. The National Institute of Standards and Technology has experimented with using quantum mechanics to create random numbers, by generating digital data using particles of light.

Links

https://www.random.org/randomness/

https://www.cloudflare.com/en-ca/learning/ssl/lava-lamp-encryption/

https://www.hackster.io/news/the-just-bananas-method-for-generating-true-random-numbers-0e67c763dc1a

Deano

Deano is part of vBridge's amazing infrastructure team, who are responsible for keeping the lights on, and making sure your IaaS experience is a happy and productive one.