Imagine you're driving down a highway at night, your headlights cutting through the dark. You trust that the path ahead is safe because of those beams of light, just as we trust that encryption shields our data online. But what if that light wasn’t random? But what if someone knew exactly where your headlights would point next. That’s the risk we face today with encryption—random numbers used in security systems aren't always as random as we think. When there’s predictability, even in tiny amounts, hackers can exploit it.
In internet encryption, randomness is the backbone of security. It is the seemingly chaotic, unpredictable values that ensure data stays safe, creating encryption keys that no one can guess. But, what happens if these “random” numbers are not as random as they appear? And what if I told you that you and I make this randomness that we can't even crack back? Welcome to the realm of randomness, recognized as cryptography among engineers.
Fig 1: Random isn’t random : A drive into internet encryption (ChatGpt Image Generator)
The question is basic, what is randomness? Google says “Randomness refers to the lack of a predictable pattern or order in a series of events, actions, or outcomes.” But, computers are not very good at being random. They work according to the instructions given. Randomness is not an easy thing to generate. In fact , most of the computer generated randomness is fake. The dice in the computer game , the coin toss in the games are not fully random. It can be predicted.
Another question is , why is randomness needed for cyber security? Randomness is vital in cybersecurity to ensure the unpredictability of encryption keys, session tokens, and cryptographic protocols, making systems harder to attack. It prevents password cracking by adding unique salts and protects against replay attacks using nonces. Strong randomness makes brute force attacks computationally infeasible, enhancing overall security. Without randomness, systems become predictable and vulnerable to exploitation.
Fig 2: Randomness and cyber security (thedailytexan/ig)
Imagine a war where secret messages are sent between the king and his generals to plan attacks. To protect these messages from enemy spies, the king uses powerful locks—representing encryption. But if the keys to the locks follow a pattern, enemies could eventually figure them out. So, the king creates keys using randomness. So the king uses keys using unpredictable elements like lightning and candle flames, symbolising randomness to make each key unique and impossible to predict.
True randomness is very hard to generate. Even computers can't do that.So the question arises. How do random people like you and me contribute to the generation of this randomness? And if we do so , why can't we crack it back?
Fig 3: Ai generated image (Microsoft Copilot)
It turns out , engineers put out some odd technique to generate true randomness. Lava lamps have kept the internet secure and continue to do so. Sometimes a Geiger counter (used to monitor radioactive decay) and a microphone are placed in public spaces to catch random noise. Intel used thermal noise from a resistor to generate random numbers. Some systems rely on the unexpected motions of a user's mouse or keyboard strokes.
How do they generate randomness? Let's take the example of lava lamps , used by one of the biggest encryption companies in the world , Cloudfire. A camera captures the constantly changing, unpredictable patterns inside the lava lamp. This visual data is then converted into a random number sequence. The randomness generated is used in cryptographic processes to secure data transmission. Since the movement inside the lamps is natural and non-replicable, it provides a source of true randomness. This randomness strengthens encryption keys, making them harder to predict or crack. Such methods are used to ensure security in TLS/SSL (Secure Sockets Layer) protocols for safe internet browsing. The unpredictability from lava lamps helps keep encrypted data protected from attackers.
Fig 4: Cloudflare Lava Lamp (Dani Grant)
Random noise from a microphone creates randomness by collecting random background noises including ambient noise, air vibrations, and static. These noises are constantly changing and cannot be easily reproduced or anticipated. This audio data is then analysed and converted into a series of random integers that may be utilised in cryptographic systems to generate safe encryption keys, session tokens, or nonces, making them more difficult for attackers to guess or break. These sounds provide randomness, which improves security by supplying unpredictable inputs to cryptographic algorithms. Thus we contribute to generating this sort of randomness.
Random numbers were so valuable that the RAND Corporation's "600-Digit Random Number Book," published in 1995, containing 600 random digits for statistical sampling and simulation studies was sold out within no time. These numbers, generated with a focus on real randomness, were valuable to scholars at the time. However, as technology advanced, the usage of printed random number tables declined. Powerful computers can now generate random numbers efficiently, while advanced algorithms produce high-quality pseudorandom numbers. Furthermore, genuine random number generators use physical events to increase their unpredictability. Consequently, reliance on resources like the RAND volume has diminished, with digital methods now preferred for generating random numbers.
Fig 5: A million random number bible (UK /Rand corporation)
Let's talk about something else. By definition, a random number follows no pattern or procedure. But, since random numbers cannot be described by any program or technique, how do computers produce random numbers for encryption or as random number generators?
The answer to the question is not as simple as they appear. Computers create random numbers using methods that generate pseudorandom numbers, which look random but are really predictable and dependent on an initial "seed." While this approach works well for many applications, the sequence is predictable if the seed is known. Computers can use hardware random number generators (HRNGs) to generate real randomness based on physical phenomena such as thermal noise or electrical fluctuations. These HRNGs collect unexpected environmental occurrences to generate accurate random values. Additionally, some systems mix pseudorandom methods with actual random inputs to boost security, guaranteeing that the produced numbers are adequate for encryption and other crucial applications.
Fig 6: Random number generation procedure ( DOI: 10.1007/s11071-018-4361-4)
But still after all of this security level , can this randomness ever be predicted or cracked? It may seem impossible now , but not in the near future. The threat of modern encryption is quantum computers.
While they can potentially break some of the current encryption techniques, quantum computers cannot "decode" randomness. Instead, they take advantage of mathematical flaws in cryptographic techniques. Shor's method enables quantum computers to effectively factor huge numbers, endangering public-key cryptosystems such as RSA and elliptic curve encryption. This might make standard encryption methods vulnerable. However, symmetric encryption schemes, such as AES, are less susceptible and would need bigger key sizes to protect against quantum risks. The goal of developing quantum-resistant algorithms is to build encryption that can withstand the capabilities of quantum computing while maintaining randomness's critical role in cryptography.
Fig 7: Quantum computer (CENT)
To reduce the threat presented by quantum computers, we should use quantum-resistant encryption methods. Adopting post-quantum cryptography is necessary for this. Post-quantum cryptography comprises novel algorithms like lattice-based, hash-based, and multivariate polynomial cryptography that are based on mathematical issues and are thought to be secure against quantum assaults. Key management procedures should also be changed to accommodate bigger key sizes for symmetric encryption. Regularly upgrading encryption mechanisms and systems is critical to guarantee that they include the most recent security advances. Furthermore, raising public awareness and research funding for quantum-safe technology will aid in the development and deployment of strong cryptographic systems.
Fig 8: Modern encryption vs Future encryption (Pawel Gielmuda/Medium)
Random is not as random as it appears to be. It is predictable, and even exploitable. Encryption uses random system variables, making it impossible to crack. Though future computers will be capable of cracking present encryption systems, the encryption system will take another flight to keep our data safe and secure.
References:
Spencer, J. (2024, April 15). Lava Lamp Encryption: using retro decor for modern security. Medium. https://medium.com/@clevergrlco/lava-lamp-encryption-using-retro-decor-for-modern-security-cb69f30504d0
L, J. (2024, July 10). Three Random Words that can keep you safer - UHY Ross Brooke Chartered Accountants. UHY Ross Brooke Chartered Accountants. https://www.ross-brooke.co.uk/three-random-words-safer-passwords/
Tom Scott. (2017, November 6). The lava lamps that help keep the internet secure [Video]. YouTube. https://www.youtube.com/watch?v=1cUUfMeOijg
SciShow. (2018, October 4). The Randomness problem: How lava lamps protect the Internet [Video]. YouTube. https://www.youtube.com/watch?v=89EX1NF7eHQ
Insider. (2020, January 24). How lava lamps are made | The making of | Insider [Video]. YouTube. https://www.youtube.com/watch?v=Gs-cOlrvNwI
- Mahtab Mahdi
মন্তব্যসমূহ
একটি মন্তব্য পোস্ট করুন