University of Texas researchers find a way to merge two low-quality sources of random numbers into high-quality output.
Two researchers from the University of Texas have published a paper that details a new algorithm for combining two sources of entropy to obtain a higher-quality random number that can be used to bolster encryption operations with less computational resource usage.
The world of computer science and encryption is ablaze with discussions about the “Explicit Two-Source Extractors and Resilient Functions” study published in July 2015 but recently updated in March, which details a theoretical breakthrough in regards to random number generation.
For a long, long time, the weakness in CSPRNGs (Cryptographically-Secure Pseudo-Random Numbers Generators) was the origin of the random number, called entropy source or entropy pool.
In most cases, for many computer systems, this is taken from the user’s mouse movements, keyboard input, disk IO events, signal interrupts, network packet inter-arrival times, or other hardware-based events.
Depending on the existing entropy pool at the time when a cryptographic system pulls the random number for its operations, the source of this number indirectly dictates the quality of encryption. Most attacks on encryption systems are aimed at weak random number generation sequences and sources.
Algorithm is viable only in theory, no practical implementation available
What the two researchers managed to do is to devise an algorithm that removes the need for one high-quality source of random numbers. Their algorithm allows developers, in theory for now, to merge two lower-quality sources and obtain a high-quality number.
The work of David Zuckerman, a computer science professor, and of Eshan Chattopadhyay, a graduate student, both at the University of Texas, was welcomed with open arms by the computer science community.
Xin Li, an Assistant Professor at the Department of Computer Science of the Johns Hopkins University, has already started to put effort into deriving the algorithm to work with more sources.
Taking into account that this algorithm is also resource-light and stronger at the same time, its technical implementation might be only a matter of time, with countless smartphones and IoT devices awaiting a boost in security.