It’s a fair question. History has been shown that tools designed to generate random numbers — both physical and virtual — can be prone to failure. In this sense, failure means producing numbers that can be guessed or otherwise influenced in order to produce a certain outcome. Addressing this problem is Cloudflare, the Internet titan best known for its DDoS protection software. It’s teamed up with five other organisations — predominantly universities and security companies — to create The League of Entropy. It sounds corny, but it’s actually really technically interesting. And mercifully, it doesn’t involve any spandex.
Do you wanna be in my gang?
Each of the organisations taking part in The League of Entropy have their own way of generating random number generators. In the case of Cloudflare, it has an array of lava lamps in its San Francisco headquarters. The unpredictable flow of “lava” (technically parrafin wax) in these lamps is recorded by a camera which transports the data into a pseudorandom number generator, which produces a value. The University of Chile, on the other hand, derives its randomness from several sources which are queried every minute. This includes the Ethereum blockchain, selected Twitter activity, data from a local radio station, a random number generator card, and local seismic activity (Chile sits on the Atacama Fault Zone, which gives the country its regular earthquakes and tremors). Other organisations involved in The League of Entropy include the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, Kudelski Security, and Protocol Labs. Data from these organisations will be composited into one random number. The logic follows that several random numbers are more random than one random number. To share the random numbers, the League of Entropy will use a program called Drand, which was developed by researchers at the EPFL. Drand is written in Google’s Go programming language, which is particularly well-equipped to networked applications, as well as those that make use of multi-core architectures. What makes this so interesting is that it’s designed with resilience in mind, and uses a distributed model. This means that should one of its nodes fall offline, either due to a system’s failure of a deliberate act of sabotage, it’ll continue to work, providing strong random numbers.
Not all random numbers are made equal
So, what’s this for? I got a chance to ask Cloudflare CEO Matthew Prince that very question when I visited him at the company’s airy Lambeth offices. London is an important hub for Cloudflare, and it employs a sizeable chunk of its engineering team here. As you’d expect from a company of its caliber, it’s got some pretty fancy digs. Cloudflare occupies the top floor of County Hall — the former head of local government for London. It sits on the tourist-friendly South Bank, within spitting distance of the iconic London Eye. First things first, the League of Entropy’s random number generator isn’t good for any kind of password or cryptographic seed generation. “Inherently, this is auditable. You can look back in time and see what the random value generated was,” Prince explained. That means that if you’ve got the value, you can go back in time and potentially re-create a password or cryptographic key. “On the other hand, if you want to pick winners for a lottery, or do a number of other functions that matter enormously, and you need a way of having a known random source, this is a really valuable tool,” he added. Prince was eager to emphasize that there are different manifestations of randomness in computer security. “There are times when having private random generators matter a lot. We build those for ourselves. For the times when you need a public random generator, this is combining a number of different pieces together to verifiably know this is random,” he said. One advantage of the League of Entropy’s approach is that it removes the potential for a single point of failure. In a hypothetical scenario, should researchers discover one flaw with a random number generator, the existence of the other four should mitigate against any potential exploitability. “What’s great about this is even if you have one organisation that’s somehow corrupted or malicious, or is hacked in some way, so long as you have some source of entropy that’s being thrown in, that’ll inherently create a valid random source,” Prince said. Cloudflare is open to other organisations adding their sources of entropy to the League. In the meantime, if you’re tempted to look at the source code to the Drand too, it’s available to view here. You can also learn how to use the ultra-random numbers in your own applications here.