Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Method for Random Number Generation Developed

Posted by ScuttleMonkey on from the lots-of-coin-flipping dept.

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

31 of 395 comments (clear)

  1. generation of random numbers by Anonymous Coward · · Score: 5, Funny

    the generation of random number is too important to be left to chance.

    1. Re:generation of random numbers by chrism238 · · Score: 3, Informative

      While this has been rated as Funny, it would have been respectful to acknowledge the source: http://codequotes.com/2006/08/14/coveyou-random-numbers

    2. Re:generation of random numbers by harlows_monkeys · · Score: 4, Informative

      Unless you are Robert R. Coveyou, you should have attributed that.

  2. Re:This is a random comment. by MillionthMonkey · · Score: 3, Funny

    Your grandmother can generate non-alphanumeric random characters?

    Man, no wonder you're here.

  3. XKCD Bait by jgtg32a · · Score: 5, Funny

    Lets play a game, what XKCD am I thinking of?

  4. obligatory xkcd by fuo · · Score: 4, Funny

    always been one of my favorites... http://xkcd.org/221/

  5. Hardware? by e2d2 · · Score: 3, Insightful

    TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

    1. Re:Hardware? by eldavojohn · · Score: 3, Interesting

      TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

      My guess would be custom though not completely different from everyday stuff. I was familiar with "metastability" from my college courses where it was mentioned as a classic problem in electronics. I suppose there could be a way to harvest this data from hardware before it gets corrected. I never thought of this before but if you had a long length of optical fiber cable (longer than what it's rated for use) then you could send messages through that and collect them on the other end. I mean, we implement parity to remove these random flips of bits through transmission, couldn't we also use this to increase randomness of random numbers? I think I've read of the network guys fighting metastability so their incorrectly implemented hardware could probably be exploited as sources of random bits.

      --
      My work here is dung.
  6. What is "more random"? by onionman · · Score: 4, Insightful

    From TFA:

    The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.

    Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.

    I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.

    What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

    1. Re:What is "more random"? by joggle · · Score: 5, Informative

      In Numerical Recipes for C they list several benchmarks for determining how good one random number generator is compared to another (based on various statistics measures) so it certainly is possible for one method to be more random than another. Read chapter 7 of that book for all the details you could possibly want on this subject (with references to even more information).

      One way of generating a good random number in Linux is using /dev/random (which uses a hardware-based random signal as its source, I don't recall the details). However, it isn't fast enough for most applications, outputting only a few bytes per second of random information, although it can serve as a useful seed for other random number generators. Just run 'cat /dev/random > random_bytes.bin' to see its output.

      I'm curious what rate random information can be generated using the method in the article. I'm presuming it's fast enough that an application could rely solely on this data without having to use it as a seed for a pseudo-random number generator. The question is how long does it take for the hardware to get to the state where its next value is unpredictable--in the case of /dev/random it's relatively long.

  7. Re:This is a random comment. by MillionthMonkey · · Score: 3, Insightful

    The set of all random numbers does not exclude "non-random-looking" numbers. I just cherry-picked one for you.

  8. reproducibility by domulys · · Score: 3, Insightful

    While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility.

    Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

    1. Re:reproducibility by msauve · · Score: 3, Insightful

      Just record the stream the first time, and play it back for testing.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    2. Re:reproducibility by RAMMS+EIN · · Score: 3, Insightful

      Horses for courses. If you want reproducible, you don't want true random. If you want security, you do.

      --
      Please correct me if I got my facts wrong.
  9. Re:This is a random comment. by Anonymous Coward · · Score: 3, Funny

    He's here because his grandmother can generate babies.

  10. Re:This is a random comment. by TheCarp · · Score: 4, Funny

    Still? Damn, my mother can't even do that anymore. I don't even want to think about my 87 year old grandmother giving it a try.

    --
    "I opened my eyes, and everything went dark again"
  11. Re:WiFi by DoofusOfDeath · · Score: 5, Funny

    I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

    Brilliant! Just assign a bit based on whether or not it works in a given Ubuntu release!

  12. Metastable Flip flops still have bias by wiredlogic · · Score: 3, Interesting

    There is no way they can prove that these flip flops don't have bias one way or the other. Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations. This makes it impossible to create a perfect Gaussian metastability function or to place a device at the apex of that function such that the probability is 50/50 of switching to 1 or 0. Hence, you will not achieve truly random results. Metastability is also affected by the power supply voltage and current. A cryptographic device employing this technique could be subject to attack by lowering or modulating the power supply in such a way as to create predictable "random" numbers. i.e. make sure all the flip-flops transition to 1 or 0.

    --
    I am becoming gerund, destroyer of verbs.
    1. Re:Metastable Flip flops still have bias by ooooli · · Score: 5, Informative

      You're confusing Shannon entropy and true randomness. If you have a string of bits that are created by a process that is truly random but has a bias, it's easy to transform it into an unbiased (but shorter) string.

      The problem with pseudo-random generators is that they're really not random at all: They're determinstic functions that map a seed onto a sequence of random bits. If you know the function and the seed, you can predict all of it, which leads to potential vulnerabilityies. The point of truly random numbers is that there's no possible information you could have that would enable you to predict it.

  13. Re:This is a random comment. by Martin+Blank · · Score: 4, Insightful

    You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.

    It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.

    It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."

    --
    You can never go home again... but I guess you can shop there.
  14. Re:20 times more random? by TheCarp · · Score: 4, Funny

    Actually Bruce only has a 50% chance of getting the answer in 0.019 seconds. Chuck Norris however just hits the researcher with a round house so hard that his grandmother spits out the answer, 100% of the time.

    --
    "I opened my eyes, and everything went dark again"
  15. Taken to the next level: by jwietelmann · · Score: 4, Interesting

    Here is a slightly-absurd-but-awesomme dice rolling machine.

  16. Ratio sensitivity by overshoot · · Score: 3, Interesting

    Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations.

    That's one problem it won't have, since the initial condition is at the balance point of P vs. N. The bias would show up in the curvature of the gain function around the bias point. It's not a large bias, and it's likely to vary from one device to the next -- so the prudent designer would have to correct for each bit's history. Still, thermal noise is easier to work with than radioactive decay.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  17. Re:Uhm by JesseL · · Score: 3, Informative

    http://en.wikipedia.org/wiki/Entropy_(information_theory)

    --
    "Prefiero morir de pie que vivir siempre arrodillado!"
  18. Re:Random today, but still random tomorrow? by CharlyFoxtrot · · Score: 3, Insightful

    It's random folders all the way down.

    --
    If all else fails, immortality can always be assured by spectacular error.
  19. Re:Obligatory TheDailyWTF by danlip · · Score: 3, Funny

    Obilgatory TheDailyWTF

  20. Re:Random today, but still random tomorrow? by Dancindan84 · · Score: 5, Funny

    Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC.

    To understand recursion one must first understand recursion.

    --
    "Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
  21. Re:Or just flip a coin by RAMMS+EIN · · Score: 4, Interesting

    Actually, I've heard on the radio that some researchers (didn't catch their names) have recently demonstrated that the probability of the coin landing with in the same orientation it started with is slightly higher than the probability of landing the other way. And you can train yourself to influence the probability. So 50/50 ... probably close, but not necessarily, and definitely not for every coin and every person.

    --
    Please correct me if I got my facts wrong.
  22. Re:This is a random comment. by Kozz · · Score: 5, Interesting

    Indeed. I listened to a podcast a while back in which Robert Krulwich (RadioLab?) discussed randomness with a researcher and how we think about randomness.

    A scientist he interviewed stated that she assigned tasks to several different teams. For one team, she instructed them to flip a coin some fixed number of times (perhaps 100) and to then report the sequence of heads and tails (H H T H T T H T T T etc). For the second team, she instructed them to NOT flip a coin, but to simply write down a sequence that they think might be produced by the flipping of the coin. The teams each present their report, and she is not told which list was generated by which means.

    However, she said it was easy to spot the "human" generated list, because it rarely contained a sequence of more than a few sequential entries of H H H H, for example. Whereas the truly random list might have even up to NINE sequential heads or tails. The average human just couldn't fathom such a "random" sequence [mathematicians excluded, naturally].

    --
    I only post comments when someone on the internet is wrong.
  23. Re:WiFi by omuls+are+tasty · · Score: 5, Funny

    How is an infinite stream of 0s random?

  24. Re:This is a random comment. by nabsltd · · Score: 4, Funny

    2 to the 9'th is 256, so most random sequences would not have had 9 sequential results in a row.

    In a world where 2^9 = 256, absolutely anything can happen.