Hacker News new | ask | show | jobs
by gmazzola 6264 days ago
I'm sorry if this response is off-topic, but your last question piqued my curiosity so I would like to answer it.

There is an authoritative source of random numbers. In 1955, The RAND Corporation (a Cold War-era think tank) published a wonderful book entitled "A Million Random Digits with 100,000 Normal Deviates". Amazon.com has a copy of it, including some amusing reviews: http://www.amazon.com/Million-Random-Digits-Normal-Deviates/... .

For a good source of truly random numbers accessible from an API, I personally use http://random.org . They use atmospheric noise to create random numbers, which ultimately boils down to the true randomness that is Quantum Mechanics. It's not suitable for high-security applications -- I could do some network trickery and redirect your API request to my server that always returns 1.0 -- but it's better than the PRNGs on modern computers.
2 comments
lunchbox 6263 days ago
Thanks for the informative reply, gmazzola. Could someone who doesn't trust random.org verify that the numbers are indeed random and impossible to rig? What I have in mind is a number that (1) nobody has influence over, (2) can be measured objectively, (3) is observable to everybody, and (4) is impossible to predict.

For example, I could tell my friend that I'll do his laundry for a month if Barack Obama's speech tomorrow contains an even number of words, and he'll do my laundry otherwise. This would appear to be truly random, but what if I secretly am friends with Barack Obama and can rig it in advance?

Is there some easy, practical way of producing a number whose randomness a large number of mutually distrustful parties can agree on? (I am thinking of something like asking each party to produce a number, and then publicly summing everyone's numbers together.)

link
gmazzola 6263 days ago
Sadly, this is outside my area of expertise. I will nonetheless attempt to answer your question, but please take my words with a grain of salt.

Before we even begin delving into true RNGs, it is worthwhile to consider if we're over-engineering the problem. Is a PRNG "good enough" for the task at hand? In most cases, it is. A well-seeded PRNG, such as the ones present in modern-day Operating Systems, are suitable for most tasks not involving National Security.

However, if you have a genuine need for a true RNG, a computer algorithm certainly won't be generating it. Computers are by nature deterministic, and thus are very poor at behaving unpredictably. Thus, like with all good problems, we are forced to enter the realm of physics.

The fundamental problem is, who will be observing the source of randomness? To my knowledge, there isn't a physical source of randomness that is observable to everybody. (I did some quick googling to confirm my suspicions, but if you're planning on using my words to do anything useful, please confirm my statement!). Thus, as I see it, you have several options:

1) Your idea, where all parties derive a true random number from physics and publically sum everyone's numbers together. Your qualifiers (2) through (4) hold, but (1) is difficult. In this case, a certain number of rogue nodes will be able to manipulate the computation. I remember a Professor of mine, who does research in this field, stating the minimum number of truthful nodes needed in a distributed computation is (2/3)n + 1, but again confirm this number for yourself.

My point here is, using the public-summing method, you are faced with the difficult problem of determining if a node is attempting to manipulate the system. While a provable solution has been found, after decades of research across the globe, my Professor still is working on the problem, thus demonstrating it is not an easy task.

2) Have a single computer (say, random.org) that is observing a true RNG, and publicizes the result for all to see. Of course you'd use asymmetric crypto so that all parties can prove that they've received the correct number.

Again, your qualifiers (2) through (4) pass, but (1) presents a different problem. We're back to where we started: do you trust random.org?

However, it's an easier task to make an authority trustable than a peer in a distributed computation. We trust Verisign to be a certificate authority, because we believe their security practices are half-decent, and they can be audited. (Every year all CA's are independently audited by WebTrust.org using pretty strict criteria.)

The same could be done for random.org: why not require certification and frequent auditing of their RNG equipment?

The other nice thing about RNGs is that you can audit them yourself, given enough time and expertise. When viewed correctly, poor RNGs will have distinct patterns visible to the eye (example: http://www.cs.hku.hk/cisc/projects/va/index.htm ).

The crux of my argument is: I don't know of a true RNG, that upon observation by multiple parties, all will receive the same random number. My instinct and my research says that none exist, but I would love to be proven wrong. Crypto experts, correct me!

If you'd like more information, Wikipedia is always invaluable: http://en.wikipedia.org/wiki/Hardware_random_number_generato...

link
lunchbox 6263 days ago
That is really a fantastic answer, Greg! Thanks for the valuable information.
link
russell 6263 days ago
You are right. The reviews are worth the trip over to Amazon. I suspect some Amazon programmers are having a little fun with randomness.
link