The State of Random.
- From: adacrypt <austin.obyrne@xxxxxxxxxxx>
- Date: Sat, 16 Oct 2010 05:20:11 -0700 (PDT)
Anybody who has ever rolled a die on the kitchen table as a child in a
board game like “Snakes ‘n Ladders” has an intuitive understanding of
what random means and anybody who has rattled the cup and then slowly
tipped out a six knows what an unbiased retrieval system means also.
What I am leading up to is the use of a random key-set to secure
cryptographic ciphers and I have to make the point quickly that random
is far from being a universally understood thing even at high levels
Many books on random are available from amazon on the internet but
these are nearly always pretty uninformative about how to achieve a
random state and most of the print is spent on repeating and
reinforcing already well-known and accepted cases of a haphazard state
by means of sensational anecdotes, they spend their time on ‘preaching
to the already converted’ reader without ever giving out useful
methodology on how to achieve and deploy a proper random state to
solve any real life problem.
Note well that I am using the word ‘random’ rather carefully when
randomness would sound better – there is a reason for this, the word
‘randomness’ wrongly implies shades of the state or property of random
when in fact random is a binary property that does not have degrees of
quality. You either have a random state or not at all. It’s a black
or white issue that does not have shades of grey.
In my experience there is a huge misunderstanding of what random
really means and there is good reason for this. What most people mean
when they say some event is random is that it is a chance occurence
i.e. haphazard outcome that is sometimes way beyond the control of man
albeit that is always not the case. This is often the basis of much
conjecture and is a much loved theme in matters of human interest like
the ball unexpectedly striking the pin in golf and players theorising
about the probability of it happening again say (I hope not to open a
can of worms with this example – it nearly always does that when any
discussion gets under way regarding random). In passing, one
historian reckons that the Sumerians (3000 BC) invented mathematics to
get some of the unwanted randomness out of their daily lives.
I am going to call this colloquial randomness (taking licence with
the word randomness after all, simply for ease of expression). It can
be a pleasant or unpleasant experience, a sometimes quirky thing in
our lives that will always remain as a chance event but a favourite
element of day-to-day living that will never disappear and long may it
live as such in my view but this randomness is not a workable property
in mathematics. I will call it romantic randomness to distinguish it
from scientific randomness that is indeed workable in mathematics.
Randomness is mathematics is what I am calling scientific randomness
and is defined in mathematical dictionaries as a set of elements that
all have equal probability. The question begs “ probability of
what”. The answer to that question in cryptography is this, equal
probability of being the next one to be called in any unbiased
retrieval system at decryption time.
In order to have equal probability the elements must be equal in
number (frequency) because clearly, if that is not the case then some
numbers have greater probability than their neighbours and the set is
It is amazing how this simple fact is misunderstood at even the
highest levels in cryptography. The former notion i.e. haphazard
randomness is the one that has taken hold and there is a spate of duff
cryptography that is based on the wrong idea that a haphazard
collection system makes for a bona fide set of random data. It seems
to be believed that the data will inherit some kind of mystical
property from the haphazard collection process that created it and
that this will later cause confusion to any illegal cryptanalyst who
intercepts the ciphertext that is in transit. It seems to be thought
that this will happen over and above the rules of any mathematical
rigour that may be relevant. Clearly, that is not true.
The way scientific randomness works is that it causes total
uncertainty to an illegal cryptanalyst who may have in his possession
ciphertext data that he has intercepted and is now trying to illegally
decrypt. His problem is that the key-set that protects the ciphertext
is random and therefore each elemental key is equally likely to be the
correct one to use for his nefarious purposes and he can only guess at
any string of plaintext that might evolve being the correct one from a
larger space of permutations of similar strings, when all of these
have been decrypted experimentally (Appendix A refers).
In essence, randomness translates as total uncertainty to an illegal
cryptanalyst, uncertainty is a property in the subject “Theory of
Information” that has obvious meaning here also.
Imagine next for example, this discussion model:
Suppose I stop one hundred people on the pavement and ask them to
verbalise the first integer that comes to mind, will this give me a
random set of one hundred integers?
Clearly, the experiment is spontaneous, unrehearsed, totally unbiased
and is haphazard. That, by most ideas of understanding would surely
seem to be a random exercise that would be sure to yield a random set
of 100 integers. But that would be true only if there were no repeats
of any integer in the set of collected data. If there is a repeat of
any integer then that integer has greater probability than the others
and the set cannot be random by a scientific meaning of what
constitutes random data.
The appraisal then is that there are two kinds of randomness, 1) a
haphazard randomness and 2) a proper scientific randomness that is
mathematically defined. Of those two random types it would seem
obvious that cryptographers would go down the latter road embracing
this proper, mathematically workable random, as the means of
underpinning cipher research but no, even at the highest levels of
expertise, haphazard randomness was the one they followed. I quote
one of the best cryptography writers in the business, “ the best
random keys are created by harnessing natural physical processes, such
as radioactivity, which is known to exhibit truly random
behaviour” (this is in fair proper context of his quote). I contend
that he should be saying “ truly haphazard but unusable
The reader is referred to the simple definition in the Penguin
Dictionary of Mathematics for the word ‘random’ – basically it says
random means having equal probability between the elements of a random
set. It is acknowledged that outside of mathematics and cryptography,
random is synonymous with haphazard but not within cryptography and it
is amazing that any cryptographer would make the mistake of thinking
it still applies within intensely number-theoretic cipher design
theory. This massively entrenched fallacy that random data equals
haphazard data, has stymied all progress in cryptography for the past
half century and I suspect has led cryptographers to shy clear of
number-theoretic cryptography and instead go down the complexity-
theoretic road instead with poor results.
That situation is changing now, I have invented two forms of
cryptography namely, “Vector Cryptography” and “ Scalar Cryptography”
that use 1) A mathematical one-way function and 2) Randomness, as the
securing means respectively. These are described on http://www.adacrypt.com
and http://www.scalarcryptography.co.uk respectively.
Appendix – A.
“Handbook of Applied Cryptography” – P. 20 ?
Quote: “ That is, if a cryptanalyst has a cipher text string encrypted
using a random key string that has been used only once, the
cryptanalyst can do no better than guess at the plaintext being any
binary string of length ‘t’ i.e. (t-bit binary strings are equally
likely as plaintext). It has been proven that to realize an
unbreakable system requires a random key of the same length as the
This is probably the most respected reference and information source
in existence in the field of cryptography to day but it is becoming
obsolete now with anachronistic information in my view. The above
extract was written in relation to the one-time pad cipher but is
generally true of all ciphers. A scientific understanding of ‘random’
is implicit in this quote.
- Prev by Date: Re: Efficient reduction of polynoms with only one term
- Next by Date: Re: Efficient reduction of polynoms with only one term
- Previous by thread: Intypedia - Information Security Encyclopedia
- Next by thread: On non-conventional methods of digital image steganography