back to article Big Bang left us with a perfect random number generator

UK Home Secretary Theresa May will have to revamp the Investigatory Powers Bill to ban astrophysics: the cosmic background radiation bathes Earth in enough random numbers to encrypt everything forever. Using the cosmic background radiation – the “echo of the Big Bang*” – as a random number generation isn't a new idea, but a …

  1. Destroy All Monsters Silver badge
    Trollface

    Using the cosmic background radiation – the “echo of the Big Bang*” – as a random number generation isn't a new idea, but a couple of scientists have run the slide-rule over measurements of the CMB power spectrum and reckon it offers a random number space big enough to beat any current computer.

    Idea close to Stanislaw Lem's "His Master's Voice" whereby someone sells neutrino spectrum data as good sources of random numbers to make a bit of money on the side. Then these turn out to be unexpectedly very nonrandom, which leads to a suicide, lawsuits and more.

    1. Richard Chirgwin (Written by Reg staff)

      A treat to see Stanislaw cited as first comment!

      RC

      1. Pompous Git Silver badge

        Philip K Dick thought that Stanisław Lem was a false name used by a committee operating on orders of the Communist party to gain control over public opinion. Lem described American science fiction as ill-thought-out, poorly written, and interested more in making money than in ideas or new literary forms. So it goes...

        1. The entire Radio 1 playlist commitee

          PKD had a lot of crazy ideas. And he started writing because he needed to earn money. Did the two never meet?

        2. Bleu

          You are an idiot, truly speaking out of your arse.

          Dick and Lem had a strong mutual admiration, at one stage Lem said that Dick was the only then-working western SF writer worth reading.

          Lem's The Futurological Congress, a couple of others, were clearly inspired by PKD.

          Lem was disgusted by Dick's later denunciation of him as a commie agent. The last time I looked, Dick's most hateful letter on this point, inspired by a combination of real problems for him in the USA and his overconsumption of amphetamines for abt. thirty years, was pure paranoid delusion and is still on the WWW.

          1. Loyal Commenter Silver badge

            Re: You are an idiot, truly speaking out of your arse.

            PKD also believed (or at least wrote) that he was being mind controlled by a beam of purple light from an intelligent satellite network, so you have to take the things he said with at least a pinch of salt, particularly in later life.

            1. Naselus

              Re: You are an idiot, truly speaking out of your arse.

              "PKD also believed (or at least wrote) that he was being mind controlled by a beam of purple light from an intelligent satellite network, so you have to take the things he said with at least a pinch of salt, particularly in later life."

              Later in his life, Philip K Dick could also be used as a truly random number generator.

            2. Bleu

              Re: You are an idiot, truly speaking out of your arse.

              Indeed. Still led to some great work. Valis trilogy has some great and very moving and wondrous scenes, shifts of consciousness, betrayals, characters based on his housemates at the time (notably Kevin Jeter, whatever his real surname is, but he had a unique right to write the novels that were the sequels to Do Androids ..., given that he was a major character in Valis

              .

              I think 'controlled by' is too strong, he claimed to be informed and enlightened by it in his notes, but in the stories, it turns out to be a fake.

              Lem's Solaris was also influenced by PKD, much more lightly than the Futurological Congress, but the same kinds of reality convulsions.

              There was one other, but I forget the title in English.

              The comment referred to by Re., is of course, only one, by a moron, I hate the @Loyal ... Twitter custom. The Reg is supposed to be a tech. site, can they not make the destination of replies clear without that crap?

              1. Solmyr ibn Wali Barad

                Re: The comment referred to ...

                "The comment referred to by Re., is of course, only one, by a moron, I hate the @Loyal ... Twitter custom. The Reg is supposed to be a tech. site, can they not make the destination of replies clear without that crap?"

                If only our dear Regtards had provided us an easy way to edit comment headings...or a link to the preceeding comment. But hey, let's throw more tech at it, there can never be enough.

          2. Pompous Git Silver badge

            Re: You are an idiot, truly speaking out of your arse.

            Have you read "Looking Down on Science Fiction: A Novelist's Choice for the World's Worst Writing" by Lem? See: Science Fiction Studies, July '77, Vol. 4 Issue 2, p 127 if you haven't. It seems a bit of a stretch to conflate Lem's polemic with me speaking out of my arse. It's Lem's writing, not mine. Am I really an idiot for taking Lem's words to reflect his opinions?

            I rather share Theodore Sturgeion's assessment: 90% of science fiction is trash. But then 90% of most creative work is trash. I feel no need to find supporters for my opinion as to which works belong in the 90%, nor any compulsion to condemn those who would place works I find trashy in their top 10%.

            I had no idea Dick was an amphetamine addict. It detracts not one iota from my enjoyment of his novels just as Paul Erdős's amphetamine addiction detracts not one iota from his mathematical proofs. YMMV.

            1. Bleu

              Re: You are an idiot, truly speaking out of your arse.

              For pompous git.

              Yes, I have read Lem's comments, or at least copious extracts therefrom. Also, everything in literature he has had published.

              I have also read almost everything by PKD, even his most pulpy early novels have much of interest. The short stories are always brilliant. From mid- to late period, the novels are all amazingly good. Essays, unfinished work, also often of interest.

              I look forward to reading Mary and the Giant. May be disappointed, but all of the other early non-SF ones were fascinating.

              Never read a book by Lem that did not make me think, and feel like laughing or crying.

              You, on the other hand, again show yourself to be utterly clueless.

              If you had no idea that Dick was amphetamine driven for about thirty years, and that Lem greatly admired him as a writer, and was strongly influenced in a few of his novels, you don't have much of a clue.

              Why comment if you know FA?

              God, you cannot even spell Theodore 'stars shine out of my arsehole' Sturgeon's name correctly. It is only a pen name, in any case, not his birth name.

              His work satisfies his own 90% crap rule. One or two were readable, also the occasional short story.

              Both Lem and Dick have a near 100% hit rate, many great works.

              YMMV, what the fuck does that mean, and I don't really care. Your movable meaningless vehicle?

              1. Pompous Git Silver badge

                Re: You are an idiot, truly speaking out of your arse.

                "You, on the other hand, again show yourself to be utterly clueless."

                Not really. I actually read that essay by Lem all those many years ago and understood what Lem was claiming: He and possibly one other science fiction writer were the only writers worth reading. IOW (in other words) he was so far up himself all he could see was his own ego. I happened to admire several of the writers he attacked and consequently put his vitriol down to jealousy, a not uncommon trait of mediocre writers.

                "If you had no idea that Dick was amphetamine driven for about thirty years, and that Lem greatly admired him as a writer, and was strongly influenced in a few of his novels, you don't have much of a clue."

                And I'm supposed to glean this from reading (with much enjoyment) several of Dick's novels, including a recent reread of Galactic Pot Healer? Sorry, I'm not a psychic..

                "God, you cannot even spell Theodore 'stars shine out of my arsehole' Sturgeon's name correctly."

                A typo! How unforgivable of me. I abase myself in the beaming, pure, white light of your perfection...

                "YMMV, what the fuck does that mean, and I don't really care. Your movable meaningless vehicle?"

                There's this Internet thingie where to save typing certain well-worn phrases are abbreviated. YMMV = Your Mileage May Vary = the poster's opinion may not be shared by everyone. Obviously you believe there's only one worthwhile opinion on the planet and it's yours. It's an opinion I don't care to share. Fuckwit!

                1. Destroy All Monsters Silver badge
                  Holmes

                  Re: You are an idiot, truly speaking out of your arse.

                  Well, I can only upvote the spirited discussion of the both of you.

                  Just don't veer off into a Hubbard vs. Heinlein thread.

                  (It's "Ursula K. Le Guin" though. That's been some time since I last heard that name now. Or Theodore Sturgeon. Well, we are 2015. Must .... resist .... urge ... to open old books.)

                  1. Pompous Git Silver badge

                    Re: You are an idiot, truly speaking out of your arse.

                    For Destroy All Monsters

                    Frankly the only thing I recall about Hubbard's writing is that it bored me. Heinlein OTOH wrote: "Political tags - such as royalist, communist, democrat, populist, fascist, liberal, conservative, and so forth - are never basic criteria. The human race divides politically into those who want people to be controlled and those who have no such desire."

                    And that's a topic that will be rehashed interminably with neither the side having the slightest chance of convincing the other to change their mind.

                    Live long and prosper. (Theodore Sturgeon IIRC)

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: You are an idiot, truly speaking out of your arse.

                      In some parts of the Usenet of Yore there used to be a rule that a thread would immediately terminate if someone mentioned Heinlein, Hubbard, or Hitler...

                      1. Pompous Git Silver badge

                        Re: You are an idiot, truly speaking out of your arse.

                        Context is everything. What I recall from those long, lost pre-www days was that mentioning Hitler was nearly always an admission that you had no cogent argument.

            2. Bleu

              Re: You are an idiot, truly speaking out of your arse.

              For pompous git.

              OK, you are not an idiot. Just not knowing or having read enough to support what you initially said.

              There is an essay by Ursula le Guinn, I forget the title, in a collection, where she makes very nasty comments about PKD, but with far less reason than Lem (who had been publicly smeared by PKD).

              Le Guinn wrote a novel that was a direct copy of PKD's reality disruption style Lathe of Heaven, unlike Lem's three works, The Futurological Congress, Solaris, and the one I can't recall the english title for, which were just influenced, it was a conscious copy, admitted at the time, still a good book (the mid-period PKD novel PKD never wrote).

              I don't much like Le Guinn now, still like some stories, Always Coming Home was great, but she is too racist, I had a distaste since she whined about the Ghibli version of Earthsea. Now, if I re-read her older writings, I see much hatred in some. Never much liked her magic fantasy work, anyway.

              How did she expect Ghibli would do Earthsea?

              She sure must be receiving large royalties from it.

              So, she hates east Asian people as well as people of European descent (obvious from many of her stories).

              Must sleeping.

              1. Pompous Git Silver badge

                Re: You are an idiot, truly speaking out of your arse.

                For Bleu

                It would seem that I misrepresented the essay by Lem earlier; it's not the polemic I recall in which he named writers he despised. Nevertheless, it is the very same condescending kind of crap. It doesn't seem to occur to some that one might read fro one's own pleasure, not the aggrandisement of someone who loathes the heterogeneous nature of humans.

                I find your characterisation of Ursula K le Guin as "racist" laughable. I cannot think of any other writer who seems to have so studiously avoided main characters with white skin, blue eyes and blonde hair. They were all dark-skinned in the works of hers I have read. Or is it the fact that they aren't all purest Aryans what makes her a racist in your eyes?

                1. This post has been deleted by its author

                2. Bleu

                  Re: You are an idiot, truly speaking out of your arse.

                  So you admit to having spoken out of your arse in the first place.

                  'Fuckwit' was also a nice touch.

                  As for le Guinne's racism, it is clear in many stories, but nowhere clearer than in her screed in response to the Ghibli take on Earthsea. That made it clear to me.

                  You might take the time to read it at some time.

                  She is from the same tradition as Obama's mother, who incidentally abandoned him in her rush for further exotic sexual conquests. Funny how that is never clearly stated.

                  The term is 'Boasian', sure, I still like some le Guinne stories, but as I said, the fantasy ones leave me cold, although I have read quite a few. The racism really comes out in some of her SF, particularly short stories.

                  If you think recognising clear racism towards those of east Asian and European descent in some of le Guinne's work and writings is somehow wrong, and want to call me names for recognising the blindingly obvious, you are free to cling to your delusions.

                  As with your earlier comments, where you combined poor recall with a lack of reading, I doubt that you have read enough of le Guinne to have a well-based opinion.

                  1. Pompous Git Silver badge

                    Re: You are an idiot, truly speaking out of your arse.

                    Actually, if you read what I wrote, you will find I have done no such thing. I wrote:

                    Philip K Dick thought that Stanisław Lem was a false name used by a committee operating on orders of the Communist party to gain control over public opinion. Lem described American science fiction as ill-thought-out, poorly written, and interested more in making money than in ideas or new literary forms. So it goes...

                    Both of those propositions are well-supported, you have presented no evidence that they are false. You merely attempted to insult me.

                    Listen, if you want to insult me, you are going to have to try a lot harder I'm afraid. You are up against some very stiff competition. Back in the mid-1970s my landlady called me the syphilitic offspring of a mongoloid whore's melt. My response: "You make me feel homesick; my mummy used to speak to me like that!"

                    What I have admitted to was misremembering which particular essay of Lem 's I had read. Mea culpa. The 1970s were a long time ago. The essay I found was more of the same but without naming so many names. It was still Lem describing American science fiction as ill-thought-out, poorly written, and interested more in making money than in ideas or new literary forms. Actually, the idea that American science fiction writers were only in it for the money is itself laughable. Back in the day, most had day jobs, often as practising scientists, hence the pen names.

                    We were also discussing (I thought) Ursula K le Guin. Now you appear to be discussing Ursula le Guinne. Never heard of her. Oh wait, isn't she the one who wrote the Dark Hand of Leftness and The Word for World is Foreign?

                    1. Bleu

                      Re: You are an idiot, truly speaking out of your arse.

                      It is a perfectly valid assumption on the spelling of her name.

                      I checked, it is the spelling of her married name, so mea culpa from me. Her birth name is Kroeber.

                      1. Pompous Git Silver badge

                        Re: You are an idiot, truly speaking out of your arse.

                        To be valid it would need to be the true spelling of her name. The two spellings you used: Guinn and Guinne are manifestly not how le Guin spells her name and therefore cannot be valid. You would only need to make an assumption about how to spell her name if you had only heard, but never read it. Both Destroy All Monsters and myself managed to spell Ursula K le Guin's name as she spells it.

                        I think it's fairly safe to assume you are illiterate and irrational.

    2. Bleu

      DAM, I am so happy that you love

      Lem's His Master's Voice.

      Brilliant novel, love all of his work, but to stay on-topic, that and Fiasco are wonders of speculation about just how alien alien life, thought, and existence may (or would likely) be.

      Of course, both go into questions of ontology, and eschatology in the case of Fiasco, at least for the misunderstood alien life.

  2. Little Mouse

    Random?

    ...or just Chaotic?

    1. Brewster's Angle Grinder Silver badge

      Re: Random?

      A bit of both.

      1. Bleu

        Re: Random?

        Sampled noise from a reverse-biased transistor is a much cheaper way to generate true random numbers.

        This article suggests that, like too many on the Reg. staff, the writer is without a clue.

  3. Pascal Monett Silver badge

    Awesome

    Once again, the Universe itself is the simple source for something complex. Again and again, our technology goes in all directions only to to end up mimicking or using something that Nature has provided us.

    The study of the Universe really is of utmost importance.

    1. mr. deadlift

      Re: Awesome

      one merely needs to understand and comprehend, then it's simply incredible.

  4. pstiles

    but but

    but but but that background radiation isn't random it's just a highly encrypted stream of data.

    But from who to whom?

    1. PassiveSmoking

      Re: but but

      It's God's final message to His creation.

      Decrypted, it reads: "WE APOLOGISE FOR THE INCONVENIENCE"

      1. Anonymous Coward
        Anonymous Coward

        Re: but but

        When I check it , it comes out as:

        MIND THE GAP

        Odd?

        1. Geoff May

          Re: but but

          More likely to be "may contain nuts"

        2. Jan 0

          Re: but but

          MInd the Gap? Are you sure it isn't "minador"?

          (Goons/Quatermass anyone?)

      2. Anonymous Coward
        Anonymous Coward

        Re: but but

        "WE APOLOGISE FOR THE INCONVENIENCE ... TESTING WILL RESUME SHORTLY"

      3. Steven Roper

        Re: but but

        It's God's final message to His creation.

        Decrypted, it reads: "WE APOLOGISE FOR THE INCONVENIENCE"

        After much research involving sufficient quantities of alcohol I was able to deduce that the CMB is actually the number 42 repeated over and over, encoded using conventional Vogon accounting enumeration, XORed with standard Galactic Eezeereed.

    2. Benchops

      Re: but but

      And will we find out who it's from and to whom it's going before they discover there's something causing interference in the middle, and take steps to eradicate the interference?

      1. Pseudonymous Diehard

        Re: but but

        Nah.

        Lots of it, random, unreadable.

        Its a galactic DDoS. Thats why we havent made contact yet.

        Quick alert SETI.

        Add a rule to Nagios.

    3. Bleu

      Re: but but

      You are just repeating the idea Destroy All Monsters cited in the first post on this thread.

      Must have quite the following on social media to get so many votes for a lame post which demonstrates that you don't bother to read before posting. However, I suppose there was not much talk of the details: don't want to spoil the books for potential readers!

      I, as DAM I am quite sure also would, recommend that you read His Master's Voice by Stanislav Lem, the masterpiece on a mysterious message from SPAAACE. Seriously strong recommendation.

      Also must add that using 'highly' as an all-purpose intensifying adverb is lazy, inane, and bad style.

      For 'encrypted', the correct couplings are 'strongly', 'weakly', and expressions in between those.

  5. moiety

    Couldn't the same be said for anything fractal with a bit of movement? Like -say- videoing waves on a beach? You're never going to get exactly the same thing twice and someone standing shoulder to shoulder with you is going to get something slightly different.

    1. Arthur the cat Silver badge
      Flame

      "Couldn't the same be said for anything fractal with a bit of movement? Like -say- videoing waves on a beach?"

      As I recall, someone made a pretty good true RNG by pointing a video camera at five lava lamps and applying MD5 to the camera's output. I think it's also been done with a multi-jet fountain. Fluid dynamic processes can be pretty chaotic. The only problem is that you can't leave the RNG untended in case someone switches off the lamps/fountain.

      Icon because I suspect a fire would be a good source as well.

  6. Peter 26

    Could this be faked

    After reading about the exploit of NTP Daemon, it makes me wonder if someone could broadcast something nearby to make this less random, or is this impossible due to the frequency of the radiation?

    1. Jimmy2Cows

      Re: Could this be faked

      Not an astrophysicist, but it seems to me the frequencies wouldn't be a problem (just microwaves). The location however... CMB comes from all directions in the sky. To fake it you'd need a source that could blanket the entire sky to an extraordinarily high resolution that is better than the best radio and microwave telescopes down here (so I dunno... micro-arc seconds between sources maybe?).

      Trillions of point sources? Quadrillions? More...? The material costs and launch logistics alone prohibit it.

      And even if you could source enough material, and loft it, couldn't be too close to Earth or it'd be visible.

      Then you have an occlusion problem where your orbiting cluster of quadrillions of microwave sources visibly blocks what's behind them. Suddenly the rest of the solar system and beyond vanishes from view? Think someone might notice...

      Short answer: No, can't be faked

      1. David Pollard

        Re: Could this be faked

        It's interesting that the authors include in the source of randomness, "interference from other sources of stellar radio noise". Could the entropy of the signal be reduced through the use of local transmitters?

    2. Michael Wojcik Silver badge

      Re: Could this be faked

      A simple implementation would be vulnerable to some attacks along those lines, if the attacker could put the transmitter close enough to the victim's receiver (so that it blocked most of the sky), and the implementation did a poor job of whitening the output and didn't check the distribution of the input.

      But it'd be simpler to cut the cable from the antenna to the receiver and feed in a recorded or generated source. Then Eve would have exactly the same input as Alice.

      In general, it's long been recognized that using external entropy sources introduces attack branches for attackers influencing or masking those sources. See section 3 of RFC 4086, or section 4 of its predecessor RFC 1750 (now 21 years old).

  7. Olius

    How random is random?

    I should make clear first that I'm not a cryptographer, or even a particularly good mathmetician. I'm hoping someone can help me out with a thought I've been mulling over and tell me what is wrong with it.

    It is obviously hard to generate a fast stream of completely random numbers, so they are usually generated in small quantities. Sometimes the pool might run out, which can make a system either stall or fall back to pseudo-random generation.

    But if one takes a stream of pseudo random numbers, which are very very fast to generate, and create a pool of them, then use the much, much smaller stream of actual random numbers to "stir" it with, would the contents of the pool not be completely unpredictable and therefore random (or random enough) to use?

    This way, a pool could be created which would never run out, as you might take in (say) 100 pseudo random numbers before taking in a "proper" random number and giving it a good stir with that seed. Then another hundred, another stir - at which point, the pool is still half full and therefore many numbers have been stirred twice - and so on.

    I know there must be something fundamentally wrong with this thinking or it would already have been done...

    1. Thoguht Silver badge

      Re: How random is random?

      This was essentially what RANDOMIZE TIMER was about in ye olde BASIC, it was seeding the pseudo-random sequence returned by the RND function with the number of seconds since midnight. OK, that's not a high-quality random number, especially for a program run at the same time each day, but it's better than nothing.

      These days it's common to use the thermal noise generated by a zener diode rather than the universe as a simple source of truly random numbers for seeding pseudo-random sequences, and the Secure Elements used in SIM cards, Chip & PIN cards and the more secure types of NFC tag (as used, for example, by the TFL Oyster card) can do just that.

      1. J.G.Harston Silver badge

        Re: How random is random?

        "These days it's common to use the thermal noise generated by a zener diode"

        Exactly what I just logged in to say, you got there first. I remember doing back in the '80s with a Beeb. The alternative is a piezoelectric sensor dipped into a strong Brownian motion source.

      2. Doctor Syntax Silver badge

        Re: How random is random?

        "These days it's common to use the thermal noise generated by a zener diode"

        Yup. Reading the article it seemed likely that they could have dispensed with the dish bit of the radiotelescope & just used the noise of the input stage of the amplifier.

        1. Message From A Self-Destructing Turnip

          Re: How random is random?

          "..dipped into a strong Brownian motion source."

          Oh thanks for offering, I'll take milk and two sugar please.

    2. This post has been deleted by its author

    3. pixl97

      Re: How random is random?

      Olius, yo should look at the work DJB does.

      http://blog.cr.yp.to/20140205-entropy.html

      There are potential attacks against multiple random sources at the CPU level, of course they would only be practical if say the NSA has replaced the microcode of the CPU you are using.

    4. Olius

      Re: How random is random?

      Thanks v much for the answers chaps, I'll have a read.

      Re: reseeding a pseudo-random number generator - that's not quite the same effect because you would end up with small predictable sequences within your pool. If you instead create a pool and stir it, you would (in my mind) break all the relationships between all the numbers in the pool. Does that increase "randomness"? No idea - quite possible only in my fragile, poorly read mind ;-)

      1. Michael Wojcik Silver badge

        Re: How random is random?

        If you instead create a pool and stir it, you would (in my mind) break all the relationships between all the numbers in the pool. Does that increase "randomness"?

        Depends on which definition of "randomness" you mean.

        First, though, note that you don't "break all the relationships". Even a "perfect" cryptographic hash function, if such a thing even has a sensible definition, can't introduce new information entropy. So while the "stirring" process does hide those relationships, by discarding some entropy (compression) and rearranging what remains (mixing), it can't eliminate all of them. That would cause it to produce information out of nothing; you'd have the information-theoretic equivalent of a perpetual motion machine.

        Now, as to the question of "increased randomness": This approach does not increase randomness in information-theoretic terms. Under Shannon's definition of information entropy, randomness is the same as information content, and you can't produce more information by encoding the message differently.

        Similar results apply to Kolmogorov's three definitions of information content, or Chaitin's. Under the algorithmic definitions offered by Kolmogorov and Chaitin,1 this sort of "stir entropy into a PRNG" construction (which as others pointed out is widely used) has only a small constant increase in information (or randomness) over the entropy source - and that is the size of the smallest program that can implement the stirring algorithm.

        However, we can also talk about other definitions of randomness. Statistical randomness, for example, is a matter of how random - pattern-free - the output appears to be under various statistical measures. The stirring process, if it's good, should increase statistical randomness.

        We can also talk about practical randomness or unpredictability. Outside straightforward statistical analysis, a pseudorandom sequence might still be predictable with a significantly better probability than guessing, for example by training a Markov model to recognize patterns in it. Here, too, a good stirring mechanism should defeat feasible implementations of predictive algorithms. Ideally you want output that's incompressible in Chaitin's sense - the smallest program for producing it is as large as the output itself. That's impossible with a PRNG that produces unbounded output, but the bigger you can make that hypothetical "smallest program", the better.

        There is a ton of material on this subject - both the theoretical stuff (all the folks I named above, and others) and the practical material from cryptographers and cryptanalysts who've looked into CPRNGs. But the short answer2 to your question is "it depends on what you mean by 'randomness'".

        1Invented independently but at pretty much the same time. They were both inspired by Shannon and the metamathematical intellectual tradition (considering mathematical formalisms as objects of mathematics in themselves): Turing, Godel, Church - who in turn had been inspired in no small part by Hilbert's Entscheidungsproblem, which Chaitin has rightly identified as probably the most useful unsolvable problem in mathematics. It more or less led to the entire IT industry, which is a pretty good result for a failed project.

        2Too late!

        1. Olius

          Re: How random is random?

          An amazingly in-depth answer - thank you very much. I'll have to read this through a few times and google some of the terms you use I think to fully understand it :-)

  8. Woza
    Coat

    NIST compliance

    'Except for one thing: back when FIPS was created, the standard didn't consider astrophysical sources for randomness, so it stipulates that “the RGB or portion of the RGB cryptographic module that generates the key must 'reside' within the FIPS 140 key-generating module.”'

    So if the key-generating module is the universe, the CMB is within the module, no?

    1. Michael Wojcik Silver badge

      Re: NIST compliance

      So if the key-generating module is the universe, the CMB is within the module, no?

      Yup! Now someone just has to get the entire universe FIPS 140-2 validated by the CMVP.

      I kid, of course. You'd only have to submit our Hubble volume. Everything else is out of scope.

  9. DropBear Silver badge

    Aren't RNGs based on de-tuned radio noise already using the Big Bang as source...? What exactly is new here?

    1. Named coward

      WIth de-tuned FM radio all you need is someone transmitting on the same frequency and suddenly your radio is not de-tuned any longer. I suspect that transmitting in the required microwave bands to poison the CMB readings from radio telescopes would get noticed.

  10. Anonymous Coward
    Unhappy

    Paging Tom Clancy...

    Wasn't the Mercury (not space) program in Tom Clancy's The Sum of all Fears based on this method? That was published 15 years ago. Apparently kids don't read anymore...

  11. Winkypop Silver badge

    If you decode it and read it backwards

    It says: Paul is dead.

  12. Christopher Reeve's Horse

    And now for something completely different...

    Randomness in images of lava-lamps

    https://en.wikipedia.org/wiki/Lavarand

  13. Loyal Commenter Silver badge

    DoS attack

    Anything relying on this for randomness could presumably be jammed / spoofed using the magnetron from a microwave oven? A signal orders of magnitude higher than the CMB would presumably saturate the sensor which would read either an error (jammed) or a known value (spoofed).

    1. pixl97

      Re: DoS attack

      In theory your sensor logic would report errors when the input source was too hot or cold. For example if the NSA is blasting your receiver with a high energy beam you may want to return (ERROR: Big Crunch Final Countdown) or if no input is picked up at the receiver (ERROR: Heat Death Has Occurred).

  14. kmac499

    CMB on a budget

    IIRC according to Brian Cox & Co. the snow on old fashioned analogue TVs was in part caused by the CMB. Surely a simple way to sample that datastream would give a practical random sequence..

  15. Down in the weeds
    Boffin

    So 20th Century

    >>"These days it's common to use the thermal noise generated by a zener diode"

    une chapeau ancienne

    These days we exploit the meta-stability of ring oscillators, especially inside all digital devices

    1. Louis Schreurs BEng
      FAIL

      Re: So 20th Century & une chapeau ancienne

      une chapeau ancienne

      would have to be un chapeau ancien

  16. TechyImmigrant

    Never Let an Astrophysicist do Cryptography

    This article has many misconceptions. It's good that we have cryptographers to do the cryptography and don't leave it to the astrophysicists. My corner of the crypto universe is making RNGs.

    The CMB may be entropic, but it is not in any way indistinguishable from uniform. You might expect gaussian noise with Raleigh or Recian fading, along with some secondary effects. A secure RNG could use an antenna as a noise source, but the resulting partially entropic data would need to be passed through an entropy extractor first.

    FIPS 140-2 is a boundary spec. It says what must go on inside the boundary and provides rules for data crossing the boundary. Entropy input is absolutely allowed. The RNG in a FIPS 140-2 compliant module must be SP800-90A compliant and show it has a good noise source. However, while the gathering of noise must be in the module, the noise itself always comes from the environment in part from outside of the module boundary.

    An antenna is an effective entropy source. Cell phones sometimes use them. However, compared to silicon entropy sources (http://www.deadhat.com/papers/uRNG.pdf) they are large, power hungry and have a horrible attack surface. Pointing an antenna at the sky makes no difference. Any antenna picks up noise, part of which is from the CMB. In this respect, the cell phone antenna is much better - It's smaller, mobile and has cryptographic verification on the data send over it, so you can know when the amplifier chain is linear and so know when the noise from the modem is not lost through limiting.

    I strongly suspect the authors are not fully aware of the requirements for entropy extractors in SP800-90B (currently in draft, but if you're building an RNG now for a FIPS 140-2 context, that's what you're going to be complying with).

    1. Alan Johnson

      Re: Never Let an Astrophysicist do Cryptography

      It is even worse because a known antenna as a source of entropy has a very obvious vulnerability. Thermal noise in a diode is difficult to gain phsyical access to but a huge antenna is anything but difficult to transmit to.

  17. JeffyPoooh Silver badge
    Pint

    Zener diodes, transistors, ring oscillators and such ...as sources of noise

    It seems obvious that such noise should be packaged up into 1kB blocks, and then written to pairs of multi-TB SSDs for physical distribution. The hardware would look like a HDD duplicating machine.

    "Several TB of One-Time Pad should be enough for anyone."

  18. Number6

    Passing of Random Data

    I'm still inspired by the scientist who would regularly send himself large blocks of random data over the internet. If enough of us shared email addresses and swapped random blocks it would play havoc with the spooks trying to look for interesting stuff. Not quite sure how you'd handle being asked for the decryption keys, although if you had an electronic copy of War and Peace, you could generate a key on the fly by xoring it with the random data.

    1. Anonymous Coward
      Anonymous Coward

      Re: Passing of Random Data

      8207708300072188250415117521267707663773

      31892251559270547281247861237688421462016

      3141592653589793238462643383279502884197

      16939937510582097494459230781640628620899

      Hmmm... I think it goes badly wrong, about in the middle.

      1. Anonymous Coward
        Anonymous Coward

        Re: Passing of Random Data

        8207708300072188250415117521267707663773...

        ATTACKINPARISONFRIDAY13TH...

    2. bazza Silver badge

      Re: Passing of Random Data

      One way of looking at a perfect file compressor is that, without knowing the decompression algorithm, its output should appear to be a stream of random data. So you can always claim that random data is not an encrypted message, it's merely a message.

      The fact that it doesn't decompress in ZIP, etc. is neither here nor there.

      Of course, and alas, ZIP and its equivalents cannot actually get that close to the Shannon limit.

    3. Michael Wojcik Silver badge

      Re: Passing of Random Data

      There are already multiple websites that claim to distribute true-random data, such as HotBits and EntropyPool. Of course, if you're not getting them over a secure channel, an attacker might substitute chosen data. And you have to trust the source in the first place.

      (HotBits offers conventional TLS for a secure channel, so that's great, unless there are any problems with TLS or the X.509 PKI. Hmm. EntropyPool doesn't even use TLS.)

      If such a scheme were popular, who's to say the NSA wouldn't set up a whole bunch of sock puppets sending data generated with DUAL_EC_DRBG? No one's shown how to distinguish its output from truly random data, but it's widely believed to be backdoored.

      And if you already have a trustworthy channel, why do you need those "large blocks of random data"?

  19. Daniel Voyce

    Until the NSA put some satellites up there that mimic this "Randomness" and make it decidedly "Nonrandom" /tinfoil

  20. PyLETS

    God doesn't play dice with the universe

    If Albert Einstein was wrong on this quote, maybe the universe is a truly random number generator. If he was right, maybe the universe can be used as a pseudo random generator e.g. in the manner the article describes. I read an article in New Scientist a few years ago which claimed it to be inherently unprovable as to whether randomness is an emergent property of fundamentally deterministic physical processes (as in a very good pseudo-random generator whose algorithm is sufficiently obscure and whose cycles are sufficiently long as to be undetectable as such) or an inherent property of various physical processes. Current scientific opinion seems to regard Heisenberg's principle as suggesting the universe to be genuinely random, but I very much doubt there's any proof either way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019