Random Numbers could Hike Security

Wednesday, May 18, 2016 @ 03:05 PM gHale


There is a new method in development that could produce truly random numbers, which could then end up used to encrypt data, make electronic voting more secure, conduct statistically significant polls and more accurately simulate complex systems such as Earth’s climate.

The new method creates truly random numbers with less computational effort than other methods, which could facilitate significantly higher levels of security for everything from consumer credit card transactions to military communications.

RELATED STORIES
Security Software? Think Again
Ensuring ‘Trustworthy’ Systems
Looking to Hike Online Social Networks Security
Working to Quash Quantum Computer Threat

“This is a problem I’ve come back to over and over again for more than 20 years,” said University of Texas at Austin Computer Science Professor David Zuckerman. “I’m thrilled to have solved it.” Zuckerman and graduate student Eshan Chattopadhyay worked on the project.

Zuckerman and Chattopadhyay will present research about their method in June at the annual Symposium on Theory of Computing (STOC), the Association for Computing Machinery’s premier theoretical computer science conference.

Chattopadhyay and Zuckerman publicly released a draft paper describing their method for making random numbers in an online forum last year. In a field more accustomed to small, incremental improvements, the computer science community hailed the method, suggesting that, compared with earlier methods, this one is light years ahead.

Oded Goldreich, a professor of computer science at the Weizmann Institute of Science in Israel, said even if it had only been a moderate improvement over existing methods, it would have justified a “night-long party.”

“When I heard about it, I couldn’t sleep,” said Yael Kalai, a senior researcher working in cryptography at Microsoft Research New England who has also worked on randomness extraction. “I was so excited. I couldn’t believe it. I ran to the (online) archive to look at the paper. It’s really a masterpiece.”

The new method takes two weakly random sequences of numbers and turns them into one sequence of truly random numbers. Weakly random sequences, such as air temperatures and stock market prices sampled over time, harbor predictable patterns. Truly random sequences have nothing predictable about them, like a coin toss.

The new research seems to defy that old adage in computer programming, “Garbage in, garbage out.” In fact, it’s the latest, most powerful addition to a class of methods that Zuckerman pioneered in the 1990s called randomness extractors.

Previous versions of randomness extractors were less practical because they either required one of the two source sequences be truly random (which presents a chicken or the egg problem) or both source sequences be close to truly random. This new method sidesteps both of those restrictions and allows the use of two sequences weakly random.

An important application for random numbers is in generating keys for data encryption that are hard for hackers to crack. Data encryption is critical for making secure credit card purchases and bank transactions, keeping personal medical data private and shielding military communications from enemies, among practical applications.

Zuckerman said although there are already methods for producing high-quality random numbers, they are very computationally demanding. His method produces higher quality randomness with less effort.

“One common way that encryption is misused is by not using high-quality randomness,” Zuckerman said. “So in that sense, by making it easier to get high-quality randomness, our methods could improve security.”

Their paper shows how to generate only one truly random number — akin to one coin toss — but Zuckerman’s former student Xin Li has already demonstrated how to expand it to create sequences of many more random numbers.

The website where Zuckerman and Chattopadhyay posted their draft last summer, called the Electronic Colloquium on Computational Complexity, allows researchers to share their work and receive feedback before publishing final versions in journals or at conferences.