Profile Picture

Elijah Potter

RSS Icon

What Is Randomness?

Numbers on a screen

In case you were born yes­ter­day, let’s go over it.

Randomness is, at the most ba­sic level, some­thing that can­not be pre­dicted. In com­puter sci­ence, when we talk about ran­dom­ness, we are usu­ally talk­ing about ran­dom num­bers and the tools we use to get them, ran­dom num­ber gen­er­a­tors (RNGs).

Pseudorandomness

We say an RNG is pseudorandom” when we have to give it a fixed seed, and it gen­er­ates ran­dom num­bers based on that seed. If we give it the same seed, we will get the same num­bers. It is de­ter­min­is­tic.

I thought, for a very long time, that com­put­ers could only cre­ate pseudo­ran­dom num­bers. The main rea­son I thought this, and why you might too, is be­cause util­i­ties like the Random class in .NET are pseudo­ran­dom and are seeded by some ar­bi­trary in­for­ma­tion, like the cur­rent time.

Computers aren’t use­ful if they aren’t de­ter­min­is­tic. In a per­fect, en­closed sys­tem, it would be im­pos­si­ble for a com­puter to gen­er­ate truly ran­dom num­bers.

True Randomness

The phrase true ran­dom­ness” is used to de­scribe things that are im­pos­si­ble to pre­dict. Provably so. This is dif­fer­ent from chaotic sys­tems, which are pre­dictable un­der short spans of time. True ran­dom­ness is im­pos­si­ble to pre­dict on all scales.

The Everyday Method

Allow me to in­tro­duce you to RDRAND and RDSEED, two CPU in­struc­tions orig­i­nally in­tro­duced by Intel, that al­low pro­grams ac­cess to truly ran­dom num­bers. These in­struc­tions gather data from an on-chip en­tropy source to pro­vide ran­dom num­bers.

These in­struc­tions uti­lize ther­mal noise to pro­duce white noise, which is used to gen­er­ate said ran­dom num­bers. The ad­van­tage of ther­mal noise is that it pro­duces ac­tu­ally ran­dom val­ues, as ex­plained here. Its also fast, which means it can be used for every­day things, like gen­er­at­ing SSL or TLS keys and the like.

Do It Yourself

If you hap­pen to be on a Linux sys­tem, you can ac­tu­ally use these in­struc­tions your­self. Just run this com­mand:

dd if=/dev/random count=4 bs=1 status=none | od -An --format=dI

This com­mand uses dd to gen­er­ate 4 ran­dom bytes. Then it pipes those bytes into od , which will for­mat those 4 bytes into hu­man-read­able text as a signed 32-bit in­te­ger.

The Nuclear Method

A Nuclear Plant

One of the big ad­vance­ments of the 20th Century was the cre­ation of a branch of re­search called quan­tum physics. One of the things we learned was that on the scale of in­di­vid­ual par­ti­cles, it be­comes prov­ably im­pos­si­ble to pre­dict state. Every time a mea­sure­ment is taken of a sub­atomic par­ti­cle, its state changes ran­domly.

One way we could sam­ple sub­atomic par­ti­cles is by plac­ing a Geiger counter next to a bit of ra­dioac­tive ore. Be­cause whether an in­di­vid­ual atom will de­cay at any given mo­ment, we can know that the time be­tween ticks of the Geiger counter is ran­dom.

The Cloudflare Method

A Lava Lamp

Cloudflare uses some es­pe­cially in­ter­est­ing sources of en­tropy to seed its ran­dom num­ber gen­er­a­tors. One way is via lava lamps. In their lobby, they have a large ar­ray of lava lamps. There is a cam­era run­ning a live feed of the lava lamps to their servers. There are two main sources of ran­dom­ness.

First, the lava lamps them­selves. The move­ment of even a sin­gle lava lamp, if we for­get the sec­ond law of ther­mo­dy­nam­ics, is far too chaotic to pre­dict. If we in­clude the sec­ond law of ther­mo­dy­nam­ics, it be­comes true ran­dom­ness.

Second, the cam­era sen­sor’s noise. Thanks to the pho­to­elec­tric ef­fect the noise that ap­pears on a cam­er­a’s sen­sor, how­ever un­no­tice­able, is truly ran­dom.

By com­bin­ing these two sources, you get a pool of truly ran­dom num­bers ~60 times a sec­ond. If that does­n’t fit your needs, you can use those num­bers to feed a cryp­to­graph­i­cally se­cure pseudo­ran­dom num­ber gen­er­a­tor (CSPRNG) to get as many as you want.