SoylentNews is people
SoylentNews
Like some kind of space-age Bingo hall caller, a cloud-based API that publicly streams random numbers arrives today, and is being touted by Cloudflare.
The web-distribution giant is enlisting the help of four other organizations and a handful of researchers to create what it calls the League of Entropy, a project aimed at creating and maintaining tools that output random numbers.
The project combines Cloudflare's own LavaRand lava-lamp-based random number generator with EPFL's URand, UChilie's random number generator, Kudelski Security's ChaChaRand, and Protocol Labs' InterplanetaryRand. The combined systems will funnel their random data into an endpoint called Drand, and every 60 seconds it will output a 512-bit value to the world, so that anyone can fetch the digits and use for their random numbers.
[...] "This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers."
This is where it should be noted that the public system will not be recommended in any way, shape, or form for use with cryptographic or security-sensitive tools or applications, for obvious reasons. Those who want a stream of private numbers can link up with Drand or the individual beacons directly rather than stream from the public API.
[...] Rather, Cloudflare sees the public strings being used for things like election auditing or scientific research where officials will want true random numbers that can be verified as untouched from the source. You can find more details of this over on the Cloudflare website by the time you read this.
Obligatory xkcd and Donald Knuth's exposition on the challenges of trying to create random numbers.
(Score: 5, Informative) by melikamp on Monday June 17 2019, @08:16PM
The idea is that you can trust a superposition of many independent contributions, because as long as just 1 contributor is honest, robust, and secure, you get your randomness.
Their explanation [cloudflare.com] is waaaay complicated, and I think their process is as well. I actually have a little paper [melikamp.com] on how to do this manually, but nothing in there precludes automation, which is what this project seems to be shooting for.
You need some independent participants, obviously, who will provide randomness, and (optionally) a host to facilitate communication. The steps for generating a random pad are:
1. Each participant generates a random pad of set length, encrypts it with a symmetric cypher, and publishes the cyphertext.
2. Host collates cyphertexts into a single file phase1.tar and publishes it.
3. Each participant saves phase1.tar, verifies that the file contains their entry, signs phase1.tar with public key cypher, and publishes the signature.
4. Host collects all signatures, verifies them, collates phase1.tar and signatures into a single file phase2.tar, and publishes it. No new entries can be added after this point, or else gaming outcome becomes possible.
5. Each participant saves phase2.tar, verifies that their entry is still OK, signs phase2.tar with public key cypher, and publishes the signature.
6. Host collects phase2.tar signatures, verifies them, collates everything again into phase3.tar, and publishes it.
7. Each participant saves phase3.tar, makes sure that all participants have signed it correctly, and then publishes the symmetric key for the original cyphertext entry.
8. Host collects symmetric keys, decrypts entries, XORs them, and publishes the result.
If you can trust just one participant to be honest and competent, you got your bits now :)