Randomness: What is it? Why do we need it? How do we create it?

What is it?

Randomness is maybe something people do not think so much about. But:

TRUE RANDOMNESS IS VERY IMPORTANT!

This post is only a “gentle introduction” to this whole randomness-field.

Originally it’s a big rabbit-hole filled with interesting science. So beware: It’s way too easy to use a several thousand hours reading research articles and discussions regarding this magic.

When talking more about this is an important term: Entropy:

In information theory, the entropy of a random variable is the average level of “information”, “surprise”, or “uncertainty” inherent to the variable’s possible outcomes.

So a true random number isn’t possible to guess even if you know EVERYTHING that has happened already.

But what is random? Is it only numbers uniformly distrubuted?

But what about series such as 1,2,3,4,5,6,7…?

They are uniformly distributed, but it seems like it’s possible to guess the next number with fairly high level of success…

But why do we need it?

In today’s information society true randomness is a very important(!!).

It was also rather important in earlier times. One funny example of randomness-usage is the Athenian democracy. Continue reading this article on the History of randomness on Wikipedia for more!

Since has the level of importance multiplied many times.

Maybe most of all plays randomness an important role in several kinds of communication and in modern cryptography.

If a perpetrator is capable of guessing the next random number created by a system you want to securely communicate with (e.g. your precious online banking), they might get access to it.

How do we create it?

There exist several kinds of random numbers. And because true random can be quite hard to generate (+ we do not need it “all the time”), do we divided the field down to many sub-categories:

• TRNG/HRNG: Hardware/True Random Number Generators creates “true random numbers”
  • This is done by fetching entropy from something physical.
• PSRNG: Pseudorandom Number Generators is what is mostly used today
  • They create a number that appears to be random. But they are completely deterministic and the series of numbers are repeatable after X instances.
  • They depend (heavily!) on the starting condition (seed).
  • They can create “random” number sequences easily, but all “randomness” depends on this initial seed
  • If the seed and algorithm gets into the wrong hands + they discover “where you are in the sequence” is it possible to guess what the next number will be!
  • Later in this post we will implement a simple PSRNG-generator! Here is a hack on the much used xorshift128.
• CRNG: Cryptographically Secure Pseudorandom Number Generator
  • This is pseudorandom number generator that also is suitable for some crytography-use.
  • The main difference between PSRNG and CRNG, is that CRNG must comply with some special requirements.

A pseudorandom number generator

As we have talked about earlier is pseudorandom numbers relatively easy to generate. But the “random quality” depends very much on the seed quality!

The seed numbers needs to contain a high level of entropy/true randomness.

---

We implemented a simple simple 32-bit xorshift algorithm as shown here.

With the seed0x770E, was the resulting Random sequence:

723471715, 2497366906, 2064144800, 2008045182, 3532304609, 374114282, 1350636274, 691148861, 74685895, 2653896249...

YES, with the same algorithm and seed can you create the same sequence!

So you should create the seed-value with care! E.g. fill it with entropy by measuring something noisy/”random” process or taking the time on a human button-press etc.

The implemented PSRNG was used to create the featured image in this blog post. To do that we used it to create 1920 * 1080 = 2 073 600 “random” numbers.

As explained in the theory behind the algorithm is the period 2³²−1. This makes it impossible to spot a repeating pattern in the image (2 073 600 << 2³²−1).

Note that this is a NON-cryptographically-secure random number generator

And here is the same “random” number sequence (the image without text) as an audio-file (1920*1080 numbers converted to a 48 kHz mono audio file):

 

To show this weakness, here is an illustration of PHP rand(), can you spot the repeating pattern:

Final thoughts

This was only the top of the big randomness–iceberg.

Hopefully with this light introduction you will appreciate the randomness while logging into your Bank the next time.

Is it possible to test my random number generator?

Short answer: Yes and a bit no.
Longer answer: There exist several tools for this, but the the DIEHARD TEST SUIT is often something used.