On a given day, most of us end up entering at least a couple of OTPs into our devices. These OTPs are examples of how random numbers now run our lives. And yet these random numbers are not easy to generate. In this thought provoking piece Chris Baraniuk explains why that is. Part of the challenge lies with how computers work. Mr Baraniuk writes: “There are some things that computers, for all their prowess, don’t do well – and one of them is randomness. Sure, computers spit out data all the time, why not random numbers? The problem is that computers rely on internal mechanisms that are at some level predictable, meaning the outputs of computer algorithms eventually become predictable, too, which is not what you want if you’re running a casino. The same issue can cause headaches for cryptographers. When you encrypt information, you want the keys to the code to be as random as possible, so that no-one can work out how you garbled the original text since that could allow them to read the secret message.”
However, there is an even deeper reason why random numbers are hard to generate: “”You can’t tell if something is random – you can only catch it out as non-random,” explains Darren Hurley-Smith, an information security lecturer at Royal Holloway, University of London. Researchers have ways of identifying non-random number generators, such as statistical analyses that look for sequences where one number comes up more than it would if said sequence were truly random – too many threes, for instance. This isn’t enough, though. What if your sequence is “123123123123123”? In that case, Hurley-Smith points out, you have lots of threes but they’re no more frequently represented than one or two. However, there’s a super obvious pattern to the sequence, an underlying structure, that gives it away as non-random.
For really big sets of numbers, statistical tests for randomness get very complicated and yet you can never prove that something is truly random, only that it is indistinguishable from random, based on your best analysis.”
So, how are random numbers generated by the billions of OTPs that are generated everyday or for lottery results?
The first source of endless random numbers seems to be nature eg. raindrops, radio static, lava lamps, kittens, radioactive decay: “The list of things people have turned to in the pursuit of random numbers is deliciously odd. One software engineer realised when out walking on a wet day that the raindrops falling on his glasses might provide a suitable source of randomness, so he simulated the patterns via a short piece of code as an experiment. Someone else tried capturing the activity of bubbles in their fish tank as a basis for random number generation. Another approach relied on the unpredictable behaviour of a kitten, its movements having been captured on a webcam.
One group of researchers even sought randomness by looking at the unique genetic sequences contained within DNA molecules inside all living things.”
The second source of random number is even more interesting – human behaviour: “There are also many more mundane inputs for random number generators. It’s possible to use the movement of a mouse cursor on a computer screen, the time delay between key presses on a keyboard, or the noise of traffic on a computer network, for instance. “We’re pretty confident that that is secure,” says Steven Murdoch, a professor of security engineering at University College London, referring to the latter. Murdoch is the creator of the Tor browser, which enables secure internet browsing via multiple layers of encryption.”
If you want to read our other published material, please visit https://marcellus.in/blog/
Note: The above material is neither investment research, nor financial advice. Marcellus does not seek payment for or business from this publication in any shape or form. The information provided is intended for educational purposes only. Marcellus Investment Managers is regulated by the Securities and Exchange Board of India (SEBI) and is also an FME (Non-Retail) with the International Financial Services Centres Authority (IFSCA) as a provider of Portfolio Management Services. Additionally, Marcellus is also registered with US Securities and Exchange Commission (“US SEC”) as an Investment Advisor.