For secure encryption of the information, randomness is very important. The new key that is used by the computer for encrypting data has to be truly random so that attacker cannot figure out the key and decrypt the data. However, based on the given input, logical outputs cab be provided by the computers. The design of the computers is not for producing random data that is required to generate unpredictable encryption keys. A computer should have a random source of data for producing unpredictable encryption keys which are necessary for chaotic data to get strong encryption. One of the great sources for randomness is the real world because various unpredictable events occur in the physical world.
For example – random lava lamps. The shape of the lava in the lava lamp will never be similar again and a great source for random data is observing a group of lava lamps. You can collect the data by arranging 100 lava lamps on one of the walls present in the lobby. Place a camera in a position so that it can click photos of lamps after regular intervals. The computers stored all the digital images as a series of numbers in which every pixel has its own numerical value. This makes every image a string of totally random numbers. These numbers are used by the servers to create secure encryption keys. A highly strong SSL/TLS encryption is provided by the company to their customers because of these lava lamps.
Meaning of Random in the Context of Cryptography
In cryptography, random is not considered just as statistically random rather it also referred as unpredictable. For example – suppose you are rolling a single six-sided die two dozen times then the following results will come:
1,2,3,4,5,6,1,2,3,4,5,6,1,2,3,4,5,6,1,2,3,4,5,6
In the language of statistics, it is considered as the random distribution of die-rolling results. The probability of every number is equal to being rolled that is why the above-mentioned sequence would appear. This is not an unpredictable sequence and an attacker can easily crack out the pattern if you use this series for encryption.
Why is True Unpredictability Important for Encryption?
Since predictable data can be guessed easily that is why encrypted data has to look like completely random data. If any specific pattern or certain values are used for encryption of data or display of certain order consistently then the attacker can easily guess the key used for encryption by applying mathematical analysis. The encrypted data might already have been compromised if it is predictable. The encryption process is also predictable:
- Encrypted data + right key = decrypted data
- Decrypted data is similar to the previous one that is used before encryption.
But the important thing that cannot allow a hacker to access the information is encryption keys that should be unpredictable. For example – suppose there are 2 poker players. The first one always bets with good cards and declines to do bet with bad cards. The second one always mixes his/her betting strategy so that pattern will not repeat. After that, both players enter in the same poker tournament but the second person stays for longer in the game as compared to the first one because this person is very predictable. Similarly, if the same patterns are used for encrypting data then it is too predictable for the hackers.
Why Computers Cannot Create Randomness?
Computers cannot create randomness because they run on logic and statements includes if-then run computer programs. For example – If the specific condition is completed, then certain actions need to be performed. The input and output of the program results will be the same each time because of the design. The input should enter that can lead to an expected output and not an unexpected one. If the printer printed any random text different from the text mention in the document, then the chaos will occur. The usefulness of computers is only maintained until they are reliable and predictable. However, this predictable turn out to be a liability when it comes to creating secure encryption keys. Most computer programs are good to simulate randomness but they are not good enough to generate encryption keys.
How can a Computer Use Random, Real-World Inputs to Generate Random Data?
A pseudorandom number generator (PRNG) is a software program that can take an unpredictable input. This program is used to create unpredictable outputs. Theoretically, PRNG has the capacity to produce an unlimited number of random outputs from a random input. This algorithm is known as pseudorandom or not random because the outputs that come are not completely or perfectly random. This is because of 2 major reasons:
- A PRNG produces exact similar results when it will start with the same speed twice in a row.
- If PRNG runs indefinitely, then it is hard to prove that the result generate are completely random the entire time or not. This is the reason due to which the algorithm needs new inputs of randomness. The random input is called a cryptographic seed.
Cryptographically Secure Pseudorandom Number Generator
A PRNG that meets more stringent standards is referred to as a cryptographically secure pseudorandom number generator (CSPRNG). It makes cryptography safer to use. There are two requirements met by CSPRNG but not by PRNGs:
- To prove its unpredictability, it has to qualify certain statistical randomness tests.
- The output of CSPRNG cannot be predicted by the attacker even if they have partial access to the program.
Just like PRNG, random data is needed for CSPRNG (cryptographic seed) that is considered as an initial point from which more random data can produce.
What is a Cryptographic Seed?
The data that CSPRNG starts to create random data is called a cryptographic seed. Theoretically, a CSPRNG produces an unlimited number of random outputs from one cryptographic seed. It is a secured method to refresh the cryptographic seed regularly. The initial cryptographic seed may eventually compromise by an attacker. If the same seed will be given to CSPRNG then the exact same output will produce again and in this condition, the attacker could duplicate the random outputs.
The only source for the Cryptographic Seed Are Lava lamps?
Several operating systems have their own random data source to use in cryptographic seeds. For example – user actions such as mouse movements, typing on a keyboard, etc., but this may take time to obtain the data. Our company mixes the random data that is collected from lava lamps.
What happens if someone stands in front of the Lava Lamps?
When people enter the busy lobby of the lava lamp wall then they walk there and stop talking in front of the lamps. The camera captures some obstructions that become part of the randomness. So, the camera view is partially blocked by the people of the lava lamps that help to generate entropy.
