Stories
Slash Boxes
Comments

SoylentNews is people

Randomness From a Machine

posted by Fnord666 on Tuesday February 14 2017, @02:07AM   Printer-friendly
from the just-pull-numbers-from-a-hat dept.

charon writes:

Researchers in China have developed a way to improve the reliability and security of machines that use quantum phenomena to generate random numbers. This is crucial to the development of other related technologies, such as secure quantum communication and computer simulations used in weather forecasts.

[...] "The output of [...] pseudorandom number generators is in principle predictable," said Xiongfeng Ma, an information scientist from Beijing's Tsinghua University, who was a part of the Chinese group. "They are good enough for most applications like simulations, but not for high security crypto systems."

[...] "Even if you have a very good [quantum] random number generator, there will still be some residual bias, so there needs to be a way to test and clean the data," said Juan Carlos Garcia-Escartin, a telecommunication scientist from University of Valladolid in Spain.

This need for post-measurement processing exposes the system to potential hacking. Ma and his team have developed a way to detect if a system is compromised. The basic concept is pretty simple -- they use the random source to trigger random testing of the data, kind of like pop-quizzes for a class of students.

This involves repeatedly shuffling and dividing the output numbers into four random groups, then testing them and crosschecking their results for anomalies. If the numbers are truly random and unbiased, any manipulation by an outsider would show up in these tests. Once this testing method is implemented, then even an untrusted quantum random number generator can still be used without the fear of compromising the level of randomness generated.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Randomness From a Machine | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by pTamok on Tuesday February 14 2017, @08:48AM

    by pTamok (3042) on Tuesday February 14 2017, @08:48AM (#466898)

    I don't have access to the paper, but it appears to be a system for ensuring a set of generated numbers have certain characteristics, which is good, if those characteristics are desired, but...

    There is no test for randomness.

    Let that sink in for a minute.

    *** There is no test for randomness. ***

    While there are many statistical tests that, if passed, tell you that a set of numbers have the same properties as a set of random numbers subject to the same test, you can't actually tell if a set of numbers you have is random or not.

    There is a whole test suite (NIST) available here:

    http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf [nist.gov] - A STATISTICAL TEST SUITE FOR RANDOM AND PSEUDORANDOM NUMBER GENERATORS FOR CRYPTOGRAPHIC APPLICATIONS

    It is well worth reading the Abstract and Introduction, if nothing else.

    Randomness is a probabilistic property; that is, the properties of a random sequence can be characterized and described in terms of probability. The likely outcome of statistical tests, when applied to a truly random sequence, is known a priori and can be described in probabilistic terms. There are an infinite number of possible statistical tests, each assessing the presence or absence of a “pattern” which, if detected, would indicate that the sequence is nonrandom. Because there are so many tests for judging whether a sequence is random or not, no specific finite set of tests is deemed “complete.” In addition, the results of statistical testing must be interpreted with some care and caution to avoid incorrect conclusions about a specific generator (see Section 4).

    Note: there are some corrections to the NIST test suite: https://eprint.iacr.org/2004/018.pdf [iacr.org] - Corrections of the NIST Statistical Test Suite for Randomness

    Note also:

    Ironically, pseudorandom numbers often appear to be more random than random numbers obtained from physical sources. If a pseudorandom sequence is properly constructed, each value in the sequence is produced from the previous value via transformations that appear to introduce additional randomness. A series of such transformations can eliminate statistical auto-correlations between input and output. Thus, the outputs of a PRNG may have better statistical properties and be produced faster than an RNG.

    For an approachable explanation, the random.org site gives a clear introduction: https://www.random.org/analysis/ [random.org]

    If you want a way of providing entropy into the Linux entropy pool that doesn't rely on the hardware's built-in random number generator, there are various USB stick RNGs available. Reading their documentation is also instructive:

    http://onerng.info [onerng.info] - Open Hardware Random Number Generator
    http://ubld.it/products/truerng-hardware-random-number-generator/ [ubld.it] - TrueRNG – Hardware Random Number Generator
    http://www.entropykey.co.uk/ [entropykey.co.uk] - Simtec Entropy Key
    Or you could try building your own: https://github.com/basilfx/RNGstick [github.com] - RNGstick

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Total Score:   4