Computer scientists in the US have made a cybersecurity breakthrough by developing a new method for producing truly random numbers, which could be used to greatly improve data encryption and improve security for everything from consumer credit card transactions to electronic voting to military communications.
Computer science professor David Zuckerman and graduate student Eshan Chattopadhyay from the University of Texas at Austin (UT Austin) have developed a method that takes two weakly random sequences of numbers and turns them into a single sequence of truly random numbers.
Weakly random sequences, such as stock market prices sampled over time, have predictable patterns as they rely on using mathematics, meaning it is possible to figure out what the sequences are.
RSA encryption, which is one of the most popular methods of encryption today, requires the factoring of large integers from two prime numbers to produce two mathematically-linked keys, a public key and a private key, which are needed to decrypt messages. The private key is kept secret and needs to be generated from a source of randomness to keep the message secure.
What is randomness?
At the moment, there are two main methods for generating random numbers – the first involves using a computer to select numbers from a pre-generated list of strings, while the second involves using algorithms that automatically create long series of numbers.
However, both of these methods fall short of "true randomness", as the algorithm eventually causes the sequence of numbers to repeat itself, and computers tend to follow instructions blindly and so are completely predictable.
Instead, the new method uses two sequences that are only weakly random that is not computationally demanding in order to discover a number that is almost perfectly random.
The researchers released a draft paper describing their method for making random numbers on the Electronic Colloquium on Computational Complexity online forum (run by Germany's Hasso Plattner Institute) in July 2015 and UT Austin says that the international computer science community is already excited about it, as the method could well be light years ahead of current random number generation methods.
Controversy over how much of a breakthrough the method really is
Computer scientists have been analysing the paper's findings over the past 10 months and have even come up with ways to expand the method. Following revisions, Zuckerman and Chattopadhyay will present their research at the ACM Symposium on Theory of Computing (STOC) in Cambridge, Massachusetts from 18-21 June 2016, where their paper has been selected to win the STOC Best Paper Award.
"When I heard about it, I couldn't sleep," said Yael Kalai, a senior cryptography researcher at Microsoft Research New England who has also worked on randomness extraction. "I was so excited. I couldn't believe it. I ran to the (online) archive to look at the paper. It's really a masterpiece."
However, Dr Mads Haahr of Trinity College Dublin, creator of the online random number generator Random.org disagrees. His method relies on generating high-quality random numbers using "atmospheric noise", which is the measurement of radio noise, i.e. how many lightning flashes are discharged per second during a thunderstorm.
"While the paper might be a good contribution in the specific research area of randomness extraction, I would not call it a breakthrough in the way that much reporting on this work has done," Haahr told IBTimes UK.
"The stated applications, like encrypting data, securing electronic voting systems, doing polls and simulating complex systems are already possible with existing methods, and most of them have been for many years."
[UPDATE 15:37pm 20 May]: This article has been updated to clarify Dr Mads Haahr's comments about the researchers' paper.