Digital Transactions Authoritative, insightful and timely information for payments professionals
You can’t define it, really. You can’t identify it when you see it. It’s easily faked, and it looks totally useless. Yet, randomness is rising to become the most valuable resource in the unending cyber war.
Crude oil extracted from the ground was used for light, heat, and pavement. But when the combustion engine was invented, oil became a critical resource for survival. That’s a perfect analogy for randomness, which hitherto was used in moderation, but is now assuming the status of cyber oil.
Modern cryptographic algorithms are based on high-quality randomness. The emerging cyber-security dialogues feature a lavish injection of randomness. New hunting methods to catch cyber fraud are heavily reliant on randomness.
Few people know that almost 100 years ago, in 1917, a patent filed by Gilbert S. Vernam offered absolute (mathematical) security to any electronic communication. Vernam’s method allows for every electronic payment to be absolutely secure against the smartest hacker and the fastest computer—certified by a solid mathematical proof given by Claude Shannon.
So why are payments so insecure today? The answer is that Vernam’s method requires the payor and payee to arm themselves with oodles of randomness. There was no practical way to do that in 1917, so Vernam was branded as “academic” and forgotten. But today, the picture is different. High-quality randomness can be mined in large quantities and easily shared. Plus, there’s one thing nice about mathematical guarantees: They never expire. And that’s why randomness deserves and is getting another look.
Cryptography throughout its history was a game of cat-and-mouse. Someone builds a strong cipher, and sooner or later it yields to superior smarts and is replaced by a better cipher that, in its turn, also succumbs to its attackers. The ciphers that we use today, where are they in their life cycle? Since cryptography sneaked up on us to become the scaffolding of our sprawling cyber cities, these two questions are not trivial ones: Are our ciphers compromised? Is our money at risk?
And that’s why randomness is rising. It will end this un-ending cycle because randomness cannot be defeated by a superior intelligence. When the battleground is between a cipher builder and a cipher cracker, the outcome depends on who is smarter. But when security is hinged on pure randomness, then by definition it resists any and all attackers. No one is smart enough to discern a pattern in the data because random data is patternless.
On the other hand, randomness is a readily available resource (that’s not really true for high-quality randomness, but even crude randomness will do for most cases). So the little guy can match up to the big boys. Moreover, security based on randomness is security controlled by its user. Today, we all use ciphers cooked for us by the mavens, with their fixed and not doubt-free security. But when each of us can determine how much randomness to use, we all decide how much security to use. It’s a shift of responsibility.
Fundamentally, hackers are wolves in sheep’s clothing, succeeding when they go under the radar of suspicion. They prevail when they guess what the security people will deem suspicious, and avoid it. Security people, on the other hand, try to build suspicion metrics that are overlooked by the hackers. So, in the cyber-security battlefield, it’s smarts vs. smarts. Randomness can change that balance.
Here’s a simple example: By using a good random-number generator to select one cyber surfer out of ten for scrutiny, we guarantee there’s a chance of 10% that we’ll hit on a hacker, if there is one. Regardless of how smart this hacker is, he cannot outsmart randomness.
Most randomness in cyber use today is fake, which means it has a clear and well-defined pattern. Such so called, “algorithmic randomness” is cheap and easy. A smart hacker can crack it. Non-algorithmic randomness is generally of higher quality, but more cumbersome to generate and handle. For perfect randomness, one needs to capture the behavior of subatomic particles, which obey quantum-mechanical laws. This undefeatable randomness is emerging as a precious resource, the cyber-oil burned by the new crop of cyber engines.
Prospectively, the rise of randomness will usher in much-needed stability in the fast moving cyber war. My view is that the rising role of randomness will trigger a stalemate in this war, and enable our emerging cyber life to flourish.
— Gideon Samid • Gideon@BitMint.com
