How Cloudflare uses lava lamps to generate randomness

The security of the financial and personal data secured by Cloudflare’s clients relies on a complex, random encryption – one generated by lava lamps.

Sep 14, 2019 |
5 min read

Advertisement

Lava lamps went out of style after the 80s – right? Not necessarily. Walk into the Cloudflare San Francisco lobby, and you’ll find a wall full of the lava lamps you thought you left in your basement.

These lava lamps don’t just serve an aesthetic purpose for the Cloudflare office. A lava lamp’s ability to readily replicate entropy has altered the way corporations as Cloudflare can interact with the concept of randomness.

You might think that randomness as a concept is natural to come by, especially in the world of computing. Not so. What humans often interpret as randomness is an expression of pre-existing mental patterns.

Advertisement

Computers – especially those equipped with advanced machine learning algorithms – are beginning to replicate those patterns, thereby limiting their ability to express true randomness.

This is where the lava lamps come in.

 

Breaking down randomness in cryptography

Let’s take a quick step back, though. Computers require code to function. The process of writing code is referred to as cryptography. This art was once used to decrypt Caesar ciphers and the like, but it now helps computer scientists and coders create the algorithms that run our daily lives.

See Also

A breakthrough in Quantum Teleportation as the first Qutrit is teleported

Both modern and ancient versions of cryptography utilize randomness to function. When cryptographical practices can successfully produce random numbers or phrases in response to an attempted hack, the truth of the encrypted data or message remains a secret.

As you may have already guessed, this kind of secret-keeping comes in handy when a business tries to ensure the safety of its and its consumers’ financial data.

Randomness, however, isn’t as simple as picking a number out of thin air and applying it where data should be. In terms of cryptography, “random” needs to be synonymous with “unpredictable.” What’s the difference? A coin toss, for example, produces random and unpredictable results. Likewise, a traditional coin’s results cannot be predicted – you’re either going to get heads or tails, but so long as the coin hasn’t been altered, you won’t be able to know which one ahead of time.

If the coin has been altered in any way, though – say it’s a two-headed coin – then any coin toss you perform with it is going to be entirely predictable.

To be successful, cryptography needs to take the original coin toss concept and expand it exponentially.

Randomness in computing

But there’s another problem cryptographers need to overcome – the predictability of computers. Nowadays, consumers do have to endure predictability that’s arisen due to computers’ ability to evolve their algorithms individually. However, the problem of predictability pre-dates machine learning.

Computers, after all, run on code. That code is created by humans. When enacting code, computers will do precisely what they’re told to – nothing more and nothing less. If you happen to know a behavioral code, then you can predict how a computer is going to behave.

Advertisement

The good news is the Cloudflare has suggested a solution to this problem: cryptographically-secure pseudorandom number generators (CSPRNGs).

CSPRNGs are expansive algorithms. This means that, upon being supplied with unknown or unpredictable data, the algorithm will produce a much longer variation on that data that is equally unpredictable.

Where does the unpredictable data come from, though? Not from a computer, that’s for sure – and not from a person, either. Instead, the random data that CPRNGs process comes from the world around them. This includes:

  • The temperature of the room they’re operating in down to two decimal points
  • The number of keystrokes a user manages in the space of a minute
  • The temperature of the CPU
  • The brightness of the user’s screen

Certainty in uncertainty

Even with that level of encryption available, Cloudflare sets a standard for both paranoia and forward-thinking. Cryptographers, after all, have to prepare for the worst, as they’re in charge of securing sensitive data for their clients.

Failing to protect that data could not only result in a soured business partnership – it represents a severe security breach that could threaten the livelihood of a partner’s clients.

In situations like this, Cloudflare’s cryptographers have come to the conclusion that the more randomness they can inject into their encryptions, the better off they’ll be.

Enter the lava lamps.

Cloudflare services thousands of international data centers by providing them with the encryption security they need to keep their collected data private. Because they need to provide the best security service possible, they need to ensure that, despite computers’ predictability, they can still produce encryption that won’t be readily cracked.

They do this through a process known as “LavaRand.” LavaRand is the system that utilizes the in-office lava lamps – known colloquially as the “Wall of Entropy.” The behavior of these lava lamps is recorded and transformed into a data series that reflects true randomness.

How, precisely? Let’s break the process down:

  1. The Cloudflare lava lamps emulate entropy by establishing unpredictable matter patterns within a contained environment.
  2. Long-term video records the lava bubble patterns.
  3. That video information is compressed and stored in base64.
  4. The abbreviated numbers are processed via CSPRNG.
  5. Cloudflare’s other sources provide additional data to the database to induce noise and confusion.
  6. The output of this data serves as a random number generator.
  7. Courtesy of the Linux operating system, this number generator provides international data centers with access to true randomness, ensuring that the protected data is hidden behind a generally uncrackable wall.

Cryptography and International Data Encryption

While Cloudflare isn’t the only security company doubling down on their encryption ability, they are one of the most creative. The company sites predecessor Silicon Graphics (whose patented for a similar encryption system has since expired) as their inspiration for the Wall of Entropy.

Protocol Labs currently employs measurements of ambient noise to generate their true randomness. Likewise, the University of Chile bases their analyses of randomness on seismic activity, radio waves, and a selection of Twitter posts. The US National Institute of Standards and Technology has expressed interest in utilizing quantum mechanics to do the same thing.

In short, the quest for randomness is infinite and varied in its means. Even so, it’s curious to consider that the safety of financial data, personal information, and thousands of other data bytes can be traced back to a decorative wall in a San Francisco office – a reflection of true randomness masquerading as art.

Advertisement

More stories: