What do lava lamps have to do with Physics and cybersecurity? Besides the fact that they are all hot (pun intended), they are all related through Cloudflare.
This post was inspired by a friend who asked me this:
Recently, lava lamps have taken the Internet by storm through suggesting they were useful to improve the cybersecurity posture of Cloudflare. But this was not new; Cloudflare was already memed for this back in 2017, and even has a “LavaRand” article about it!
Singapore and London contribute to randomness too, through the radioactive decay of uranium in Singapore, and the “double pendulum” set-up in London.
Introduction to Cryptography
To begin understanding cryptography, let us first understand a key principle in cybersecurity, known as “CIA”, which stands for confidentiality, integrity and availability. In short, to ensure secure communications, we should attempt to satisfy this triad. We will focus on confidentiality and integrity in the rest of the section.
To ensure confidentiality and integrity, we want to ensure our messages can only be read by the intended recipient we aim to send our message to, and the intended recipient would like to be able to tell if a message has been tampered with. In the physical world, we would try solutions such as locking the message in a box with a key both sender and recipient have to ensure confidentiality (not necessarily integrity) and then adding a tamper-proof seal onto the lock itself to ensure integrity (not necessarily confidentiality). But what about the digital space?
We can use the same approach to think of the digital space. We can encrypt and decrypt our communications with digital keys too. Likewise, we can attempt to send a secondary message, based on the primary message, that will change drastically with changes to the primary message (we call this hash function) for the recipient to assure the recipient that the message they received is in fact the right one. To cut the story short, one common way this is achieved today is through a cryptosystem RSA, which uses private and public keys. But what are keys in the digital world?
Long Numbers
The mathematics behind cryptosystems is usually a bit complicated, and deviates from the main objective of the article. Masochists like me have studied some mathematics behind cryptosystems to understand why they are, or are not secure.
But the important point is that a cryptosystem contains both keys and algorithms. The keys in the digital world are integers (positive whole numbers), whereas the algorithms are the mathematical operations performed on the keys to achieve the cryptographic objectives. So how are keys generated?
Clearly we want our keys to be unique. If they are integers, we want these integers to be very long so attackers cannot guess our keys, create their own copies, and pretend to be us. But not every number can be used as a key. For RSA to work, these integers are related through a mathematical relation:
(me)d ≡ m (mod n)
This uses a branch of mathematics called modular arithmetic. Thankfully, this is quite simple with this analogy:
Suppose I have 37 sweets in my bag. I want to distribute sweets equally among Ahmad, Bianca, Chen Rou, Dharma and Eusoff (in true Singaporean multi-racial representation). What is the minimum number of sweets I will have left (assuming no one accepts a fractional sweet)?
We can write this relation as follows:
37 = 5k + r
where k is the number of sweets each person has, and r is the number of sweets leftover I cannot divide among the 5 people equally. I can write the following as
37 ≡ r mod 5
It is trivial to determine possible values of r, and the lowest value of r is 2.
Let us now ask a problem, in the same context, but aim to find different values.
Suppose I have N sweets in my bag, and I have distributed sweets equally among Fiorentina, Giovanni, Hercules, Isidoro and Jeremiah. I realised I have 3 sweets left over. How many sweets did I distribute? This time, the relation is as follows:
N = 5k + 3
and in modular arithmetic, I can write:
N ≡ 3 mod 5
Unfortunately, finding N is difficult. N could be 3 (in which nobody had a sweet, which is a bitter pill to swallow), or could be 3,034,234,192,303. We essentially have to iterate through the values of N to recover the correct value. The essence of the simple mathematics exercise here is as follows — it is trivial to solve the problem one way, but hard to solve the problem the other way to determine the pre-negotiated integers used as keys. But how hard is hard? (The rest of the mathematics and explanation of the algorithm is so well-covered that I shall not belabour the point.)
Complicated Physics: Quantum Computers
(I will skip through the Physics of quantum computers here to avoid a quantum of distraction to the reader. There are many different companies building quantum computers such as IBM and Google that have provided various explanations for their research, and an excellent textbook on the subject is written by Olivier Ezratty, which is downloadable for free here. Rather, I simply aim to paint a broad landscape on developments and press releases on quantum computers specific to the RSA algorithm.)
Research into quantum computers have included attempts to use quantum computers in the cybersecurity domain. Specifically, these efforts are targetted at making the “hard problem” described in the previous section “not hard”.
Opinions vary widely on these efforts should be taken into account. Some believe that a strategy to move away from RSA should be developed as soon as possible, whereas others believe such talks on quantum computing “breaking RSA” are exaggerated. But we have a collection of facts to help us.
- NIST had introduced a request for nominations of algorithms that are resistant to attack from quantum computers on 20 December 2016. Such algorithms are also known as “quantum-resistant” algorithms, or more popularly called post-quantum cryptography (PQC). So far, after four rounds of evaluation, three algorithms with one alternative have remained standing. It was also noted, however, that some submissions were mathematically broken late in the selection, such as SIKE. NIST is expected to standardise quantum-resistant encryption algorithms later this year.
- One risk that has been highlighted is the threat of “harvest now, decrypt later” (HNDL). Specifically, this refers to the loss of confidentiality of encrypted data that currently cannot be read because the encryption algorithm cannot be broken as of the time of the hack, but can be decrypted at a later time when the encryption algorithm can be broken, which will likely be tied closely to whether (and when) RSA is likely to be broken due to advances in quantum computing. The learning lesson here is this: just because data is encrypted does not mean it is safe, if the encryption algorithm is weak.
Beyond the facts, we can only conclude that this area of concern remains one where different cybersecurity experts have varying views on how the cybersecurity landscape would change, but vendors like my own firm (Thales) have begun integrating quantum-resistant algorithms into products to ease the transition when the situation calls for it.
More Physics, But Easier: Generating Randomness
Generating large numbers randomly requires effort, especially in systems such as classical computers designed to be deterministic. Therefore, algorithms that seek to generate said numbers that use classical computer components are often not true random, but rather pseudo-random. We call such number generators PRNG. The risk behind PRNG is that there still somehow exists an underlying pattern behind the numbers generated which can be determined through cryptanalysis.
There are ways to generate true random numbers. For example, the site RANDOM.ORG states the following:
RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive online games, for scientific applications and for art and music. The service has existed since 1998 and was built by Dr Mads Haahr of the School of Computer Science and Statistics at Trinity College, Dublin in Ireland. Today, RANDOM.ORG is operated by Randomness and Integrity Services Ltd.
Thankfully, Cloudflare has made the subject of randomness catchy, which helps stem the loss of interest in STEM disciplines. Let us have a look at what they do at the three sites:
London: Double Pendulum
Physicists like me remember double pendulums with fondness. While the system sounds deceptively simple (basically, a pendulum is attached to another pendulum) and deterministic, the system is in fact defined to be mathematically chaotic (once the angles for the pendulum system are sufficiently large). The difficulty behind predicting their motion arises from how sensitive their initial conditions are. You can test this out yourself and compare the differences in trajectory by varying the initial conditions by a bit (specifically, you should focus on the angles with respect to the vertical in the simulation)
San Francisco: Lava Lamps
One piece of trivia you never expected: the lava lamps used for random number generation in there was patented. But the patent was not even originally filed by Cloudflare themselves, but by Silicon Graphics in 1996.
The flow of “lava” in lava lamps are predicated on a number of factors. These include heat, which is inherently unpredictable statistically at every point in space, which results in variations in the flow of lava lamps. These variations, which are captured by a camera, can be used to generate pseudo-random numbers. These can then be coupled with a random seed to produce a “true random number generator”. One way to do this: just do what RANDOM.ORG does.
CloudFlare Goes Nuclear in Singapore
In Singapore, CloudFlare keeps a pellet (not pallet) of radioactive uranium that decays over time. Such decays can be measured with a tool called a Geiger counter. The process of nuclear decay is true random due to its quantum mechanical nature, which distinguishes itself from the other two set-ups. No observer can predict which atom will decay, but we can attempt to calculate parameters such as the expected time taken for half the number of atoms to decay (this is known as “half-life”). Because nuclear decay is truly random, the mathematical steps required to use the results on the Geiger counter to then generate random numbers for the algorithm is too, random.
So, Yes or No?!
No, because quantum computing is an attempt at breaking the algorithm. The lava lamps are used to generate the numbers which can be used for different algorithms.