4

In order to guarantee honesty of a random number generator, the idea is that users can, if they wish, verify that the number is, in fact, generated from public sources of entropy. This enables the system to ensure it's users that the random number could not have been selected by the server.

$entropy = "what_do_you_think";
$md5 = md5($entropy);
/*take the first 10 hex characters of the md5 hash*/
$hex = substr($md5, 0, 9);
/*convert the hex to decimal*/
$dec = hexdec($hex);
/*use this decimal as a seed*/  
srand($dec);
/*pick a random number between 0 and 9, ultimately seeded by the entropy*/
$rand = rand(0,9);

My question is: What are some good public sources of entropy (preferably immutable and chaotic), and absolutely referencable, that could be concatenated together in a string and fed into md5? Some ideas are specific stock prices, temperature (from an honest source), the hashes contained in the bitcoin block-chain...

Jordan Arsenault
  • 7,100
  • 8
  • 53
  • 96
  • The current time including seconds and milliseconds ;) – Nir Alfasi Sep 05 '12 at 03:15
  • @alfasin: the current time won't actually work for this. The idea is that users can, if they wish, seek out the public data sources, concatenate them, hash them, and generate the random number themselves as proof that the system did not tamper with the random number. If the current time was used, all users would generate different hashes, and therefore, different random numbers. ;) – Jordan Arsenault Sep 05 '12 at 03:21
  • how about the offerings of http://random.org –  Sep 05 '12 at 03:27
  • @Dagon: I cannot use the offerings of random.org because the randomness is not 'stored' anywhere for users to come back and verify with the above algo. When you hit random.org, it provides you with random numbers yes, but it's not public. Users could not come back to random.org to see 'what random number the server received' at an earlier date that contributed to the entropy. It would be between the server and random.org, exclusively. See what I mean? – Jordan Arsenault Sep 05 '12 at 03:31
  • i think i understand the issue, But i don't understand the situation that requires this. How frequently will you need your seed number? –  Sep 05 '12 at 03:42
  • @Dagon: see the comments I left on Clifford's answer. – Jordan Arsenault Sep 05 '12 at 04:03

3 Answers3

2

Check out xkcd's geohashing algorithm. I think it is pretty much what you are looking for.

http://wiki.xkcd.com/geohashing/Implementations

The geohashing algorithm uses the DOW Jones as a source of entropy. This page discusses ways to get the Dow's opening price via the web. http://wiki.xkcd.com/geohashing/Dow_Jones_Industrial_Average

But I think the best source of public, immutable, and verifiable entropy can be found in the BitCoin transaction database. It is widely distributed and continuously verified and has a defined protocol.

Jason
  • 2,341
  • 17
  • 14
0

Get it from a physics department.

http://qrng.physik.hu-berlin.de/

http://qrng.physik.hu-berlin.de/download

or just

http://www.random.org/bytes/

that users can, if they wish, verify that the number is, in fact, generated from public sources of entropy

How do they do that?

Do you give them realtime access to the system's memory to ensure that the assembly of the program running that collects entropy is correct and not malicious?

Ivo
  • 5,378
  • 2
  • 18
  • 18
  • they will not have real-time access to the machine. The idea is to remove even the chance of maliciousness by using public sources. Stock prices, for example, are public and *stored* on the web so that users could 'go back' and verify by running the exact same algo as I did. I would release the algo above as a 'check' for interested parties. – Jordan Arsenault Sep 05 '12 at 03:26
0

The security value of using physical entropy is that it's unpredictable, i.e. unknown to anyone but the acquirer. What on earth would be the point of using entropy that could be available to anyone? May as well open up your printout of Pi to a million places and pick a starting point.

Quite apart from that, there is in principle no way to determine whether the random numbers a server gives you were in fact derived from the sources of entropy it apparently uses.

Clifford Heath
  • 119
  • 1
  • I didn't say that the value was supposed to hold secure information. The point of using entropy that is available to anyone is to **prove that the server could not have predicted the random number either**. Take this scenario: An online lottery is created and users can enrol. When a user enrols they are given an index. When the lottery closes an index must be chosen. This index is the winner of the lottery. A system where the server decides the index is untrustworthy because they could simply change the outcome. However, (more coming, character cap) – Jordan Arsenault Sep 05 '12 at 03:57
  • If a promised protocol is followed to hash say, 10 public chaotic sources, say, 10 hours after the lottery closes, then this will be the random index, and there is no way the server could have chosen this result and folks are free to verify the results themselves. – Jordan Arsenault Sep 05 '12 at 03:59
  • easy, use the result of some other national lottery as the seed –  Sep 05 '12 at 04:04
  • At first thought, it sounds like a good idea, but national lotteries are too infrequent compared to the frequency required to ensure unpredictable results. Which is why I need *multiple* sources of entropy, as chaotic as possible, but also, stored and referencable. – Jordan Arsenault Sep 05 '12 at 04:10
  • there are daily ones, but this is why i asked above about the frequency required. –  Sep 05 '12 at 04:11