7 months ago
Imagine the terrors of multiple government agencies synchronizing ID selection to an identical source of randomness. Congrats, you won jury duty, a tax audit AND selective service!
7 months ago
One would want to use something like HKDF[1] to create derived values with domain separation.
7 months ago
Sorry, can't help myself! The Ralphie running demo on the site is hilarious. Some say, you could just use Ralphie's actual runs from this past year, true randomness!
7 months ago
Ah, another randomness beacon! Although I wish it used the same API as NIST's beacon, either the v1 or v2 API.
7 months ago
NIST v2: https://csrc.nist.gov/projects/interoperable-randomness-beac...
NIST v2: https://csrc.nist.gov/projects/interoperable-randomness-beac...
7 months ago
Interestingly NIST also has a large campus in Boulder. Maybe Boulder is the epi-center of randomness??
7 months ago
Then one could dynamically and randomly choose which randomness beacon to use! I like it.
7 months ago
Ideally you’d use all of them by mixing their outputs together.
7 months ago
I recommend to also jump to "What is the Twine Protocol" [1] where they created a blockchain without a consensus layers because they have a level of trust in timestamps.
7 months ago
Skobuffs!
7 months ago
The beacon to be guarded at all times by Ralphie??
7 months ago
The source of their randomness is interesting, as someone not well-versed in physics: https://random.colorado.edu/concepts/traceable-randomness
7 months ago
7 months ago
Verifiable quantum randomness sounds interesting - https://drand.love is another verifiable randomness beacon, though using more traditional cryptography
7 months ago
laughs in Brazilian
7 months ago
Things like these are absolutely idiotic. Every single computer, be it a laptop or desktop or a phone, are able to produce randomness. Why in the hell would you trust a random website?
7 months ago
The idea here is that it's a public, traceable generation of random numbers. So, if the two of us wanted to flip a coin to settle a disagreement, we could agree on some future value of this beacon (unknowable to us at the moment) to use as the source of entropy, then let one of us choose heads or tails, telling the other person what we chose. Then we wait until the agreed time, check the beacon, and boom, a fair coin toss, which we can be fairly certain wasn't manipulated by either of us.
7 months ago
From tfa:
Often, randomness is thought of as something you want to keep hidden, such as when generating passwords or cryptographic keys. However, there are many applications where an independent and public source of randomness is useful. For example, randomizing public audits, selecting candidates for jury duty, or fairly assigning resources through a lottery.
7 months ago
Sometimes you need publicly verifiable randomness, and then your own hardware (which you might or might not even trust privately, depending on how much you trust your vendors) isn’t much help.
If you still think that's idiotic, I'm happy to bet against you in an unbiased* coin flip simulated on my machine which you unfortunately can't inspect :)
7 months ago
Ever taken a stats class? Recall the "table of random values" in the back of the book? That's why
7 months ago
Because, firstly, this is a university, not some rando self-hosting, and secondly, you can't generate randomness from any classical computer, only pseudorandomness [0]. This means that a dedicated adversary can potentially work out what the outcome will be. For something like the use cases they mention - jury selection, lottery, etc. - you want actual randomness.
7 months ago
> […] you can't generate randomness from any classical computer, only pseudorandomness [0].
Back in 1999 Intel used amplified thermal noise from analog circuits on their chips to generate randomness:
* PDF: https://web.archive.org/web/20100714102630/https://www.crypt...
This was further refined and in 2011 they published how RdRand (formerly "Bull Mountain") works:
* https://spectrum.ieee.org/behind-intels-new-randomnumber-gen...
* https://en.wikipedia.org/wiki/RDRAND
* PDF: https://www.intel.com/content/dam/develop/external/us/en/doc...
So classical computers can generate randomness if you have the right circuits for it.
7 months ago
> So classical computers can generate randomness if you have the right circuits for it.
That is by definition not a classical computer. It's not a quantum computer, but it's probabilistic in a limited sense.
7 months ago
I don't think anybody wrote a description of a classical computer that excludes components that generate harvestable random noise. Effectively all computers are probabilistic, it's just that the probabilities for instructions, memory fetches, bus transfers, etc, have such low error probabilities that you will likely go years without directly observing one.
7 months ago
A classical computer is a pure mathematical object. No real-world computer completely embodies the concept, but they vary in how much they try to hide it. Rdrand is an admission that no they're really not classical computers, and it turns out that that is useful in certain scenarios.
7 months ago
oh you're talking about deterministic turing machines (have not heard that referred to as "classical" computer before- typically when people say that, they mean an actual physical real-world computer, not a theoretical model.
7 months ago
I think you could just create something like this and sample it with the sound card as well https://en.wikipedia.org/wiki/Chua%27s_circuit
7 months ago
A zener diode- standard component- produces random noise. It needs to be mildly conditioned to be unbiased.
7 months ago
A use case for a blockchain?
7 months ago
There are good uses for block-chain like things, even beyond sprinking in a mention to help raise grant funding, but the headline-grabbers have generally not been those...
7 months ago
It must be since they use a blockchain for this to decentralized and verify the timestamps.