Printer friendly version
Truly random numbers
22 February 2010
A new approach to generating truly random numbers could lead to improved Internet security and better weather forecasts, according to researchers writing in the International Journal of Critical Computer-Based Systems.
Random numbers are a critical part of computer and Internet security. They allow websites and browsers to encrypt the data sent between them using a session key. Weather forecasters, climate scientists, economists, and epidemiologists also use random numbers to generate simulated data for their predictive models. Such simulations can test theories of hurricane formation, climate change, and the spread of disease epidemics, for instance.
According to Bernhard Fechner of the University of Hagen, and Andre Osterloh of BTC AG, in Germany, the "quality" of a random number is a measure of how truly random the number is. This quality affects significantly any security or simulation in which it is used. If a so-called random number is not truly random, then someone could predict a security key and crack the Internet encryption on bank accounts, e-commerce sites or secure government websites, for instance. Similarly, if the random numbers used in scientific models of the weather, climate, or the spread of disease and economic boom and bust are predictable, then systematic errors will creep into the models and make the predictions unreliable.
Fechner and Osterloh explain that a good random number in computer binary would usually comprise discrete and uniformly distributed ones and zeroes. In such a sequence there is no way to predict what digit will appear next, the number is thus random. In reality, it is unfeasible to generate a sequence that is totally unpredictable by computational means. Therefore, physical means are used to generate true random numbers.
The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a "metastable state" where its behaviour cannot be predicted. At the end of the metastable state, the contents of the memory are purely random.
The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more "random" than conventional methods. The degree of randomness possible depends on the size of the array and so a bigger array could be even more effective. Essentially, this means that the bigger the array the better the quality of random numbers. As such, it is many times more difficult to predict with any degree of certainty the next number in a sequence compared to current random number generators. This could be used to improve everything from climate change models to stock market predictions.
The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as - depending on the type of attack - either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.