Random numbers do not exist.
As crazy as that sounds, it is true. Nothing really happens randomly. The things we perceive as random are just complex simulations with even distributions.
The entire concept of 'random' stems from ignorance.
Take dice for example. It would be very easy to figure out what numbers dice would land on if you had all the information.
While in midair:
- What is the current orientation of the die?
- What is the rotation vector and with how much speed?
- Is it windy? How much humidity does the air contain?
- How much friction/grip does the playing surface have?
- Felt has more friction than something like a sidewalk.
- What are the imperfections of the die and playing surface?
If we had all of this information and plugged it into our own sped-up simulator, we'd be able to get the answer before the die landed on its number. Of course nobody has this information, and even if they did, the simulator doesn't exist. Both the player and the spectators have no control over the outcome, and thus the outcome is deemed to be "fair" and "random" even though it's not really random at all.
It's also worth pointing out that variables like "wind" and "humidity" might turn out to basically round to near zero in terms of affecting the final outcome. Keep this in mind going forward, as simplifying problems using Occam's Razor to eliminate unneeded variables is a mainstay of the scientific method.
What does "random" really mean?
Within the context of gambling or building some other type of competitive ecosystem (say battling in a video game arena) what 'random' really means is an event with a perfectly predictable distribution in the long term but completely unpredictable result in the short term. If we roll a twenty sided die we have a reasonable expectation that our chance of hitting 'nat 20' is one out of twenty times on the average. However, we have no idea what the result of the next roll will be; only that the chance of each number should be around 1/20 given a fair simulation.
People can't think randomly.
If you tell someone to create a string of ten random numbers from 0-9, there's a very high likelihood they will create something like this:
7250398164
Looks pretty random... yeah?
But it's not random at all.
- I started with 7 because I like the number 7.
- I used all ten numbers 0 out of 9.
- There are no repeated numbers
Guess what the chance of that actually happening is.
We don't have to be statistics majors to figure it out.
1 x 0.9 x 0.8 x 0.7 x 0.6 x 0.5 x 0.4 x 0.3 x 0.2 x 0.1 = 0.00036288 = 0.036288%
Hmmmmm, yep
The chance of a random distribution of ten digits from 0-9 containing no repeats is around 1 in 2755. Meanwhile, if we were to sample people for random numbers on the street at least 1 in 10 would give us a rare distribution like this without even realizing how completely unrandom it was.
00579502131
A string of digits like this might look less random to the naked eye than the one before, but it is definitively more random. The best way to test something like this out is to simply determine the random numbers in a non-biased way. Roll the dice manually or let a computer program do it. I've seen plenty of people determine private crypto keys using dice rolls. The digital world can be hacked much easier because humans built it.
The problem with computers
If a dice roll isn't actually random, then we quickly come to realize that computer generated numbers REALLY aren't random. Computers use equations to generate random numbers. These equations were created by people. It's easy to see that equations & algorithms created by people are a lot less complex than this simulated reality we call life.
There are many occasions in which random number generators (RNG) have been hacked for personal gain. Hell, even dice games on Hive have been hacked in similar ways. When there is a financial incentive to guess what number comes next, people will expend a lot of effort to cheat the system. In fact it has been shown then even when there isn't a financial incentive people still love to cheat. Personally I find cheating to be pretty disgraceful. The world has no honor.
Basic RNG uses time
If you need random numbers but they don't need to be particularly secure, all programming languages have random number generator modules. However, if they do need to be secure and we use this kind of RNG someone may be able to figure out what algorithm we are using and break the entire system. It's very much like creating 1000 crypto wallets from a single seed. If someone knows the seed they have access to all the crypto wallets that will ever be made. The same is true with RNG: if someone has access to the algo you're using they're going to know every single roll that gets generated.
COBO wallet
I bought this badass-looking air-gapped hardware wallet in 2020 thinking it would be the most infallible security ever. Turns out I don't even use it because the data exiting the device is encrypted and I can't read it. I have no idea what kind of data this Hong Kong based company is extracting from my device. Could be my private keys for all I know with a backdoor open for the government. Unacceptable: but this is off-topic.
The real reason I bring up the COBO wallet is because of how they claim the RNG works to generate new private keys. They claim that the RNG employed on these things is based on imperfections in the hardware itself. The equation incorporates small unique voltage discrepancies to create completely unpredictable "random" numbers. But again of course they are not "random" at all, but simply based on information that nobody has access to. Based.
This is a much better way of implementing such important security measures. Not only would an attacker need to know exactly how the device was made, but they'd also need to know the exact charge of the batteries in the device and exactly how much power was being output from them. Never gonna happen.
Importance of decentralized RNG
There are many online gambling sites that have been accused of cheating. Several of these accusations have been proven true. This type of cheating can take many forms: from insiders working at the company knowing your cards to fake players at the table that can't lose to simply ensuring that big losses are more likely to occur and big wins are less likely. Clearly, we can't trust centralized entities for RNG.
Bitcoin to the rescue.
It still blows my mind that Bitcoin is creating an infinite set of unhackable random numbers (seed) every 10 minutes and nobody is utilizing these seeds. For all intents a purposes, a Bitcoin hash (SHA-256) is random. Finding a random hash on the Bitcoin network with twenty or so leading zeros is extremely rare, and is the entire basis of POW mining. Proof-of-work is inherently a lottery in which trillions upon trillions of tickets are hashed in less than a second worldwide.
The only way to hack Bitcoin's RNG would be to THROW AWAY WINNING LOTTERY TICKETS. Nobody is ever going to do that. The current block reward plus transaction fees are worth over $200k. No one is ever going to hack derivative RNG built on top of Bitcoin because it would mean throwing away millions of dollars in legitimately farmed Bitcoin blocks. Not only is this strategy not viable from a financial perspective, but it is simply not even possible because of the other competition that exists on the network. If someone throws away a good block the chance that they find another good block before the rest of the network is essentially zero (unless we're talking about a 51% attack).
Conclusion
This post is already ran a bit long and it was only meant to be an introduction to the actual topic at hand. Tomorrow I'll talk about a shortcut solution that I believe crypto can employ to create decentralized RNG in a peer-to-peer fashion without having to employ zero-knowledge proofs.
At the end of the day we all take randomness for granted. It seems so easy and natural, and yet when we try to produce randomness artificially we find that the task is exceedingly difficult and definitively non-trivial. At the core of randomness is a simulated distribution that is so complex that it can not be predicted by another human (Chaos Theory).
This does not mean the event itself is actually random, but rather that humans are quite ignorant. How ironic that we can leverage human ignorance to create systems that are deemed to be fair for society. Perhaps this is one of those 'random' niche examples of why privacy at its core is so important, as privacy is also founded on ignorance.
Return from Simulated Distributions: Random Doesn't Exist to edicted's Web3 Blog