Why you need an offline random number generator

November 16, 2020

If you want to send secure messages, you need:

This page explains why.

Reasons to doubt computer security

One might think that with all the technology in our lives, it would be easy to send a secure private message. But it isn't, because security and snooping are both aided by technology.

You can't trust your internet service provider or your phone company, because at least some of them are NSA stooges.

Therefore, privacy requires end-to-end encryption, meaning the sender and the recipient perform the encryption and decryption for themselves, not relying on any carrier to do it for them.

Still, the users' devices have to be trusted not to spy on them while they are performing the encryption or decryption. But if a user's computer or phone is running a proprietary operating system or even proprietary device drivers, then that device cannot be trusted either.

OK. So suppose you were running GNU/Linux, and you could be sure that the computer's manufacturer had not intentionally installed any non-free software or backdoors. Even then, you might worry about vulnerabilities like Spectre and Meltdown which could expose your information.

Fortunately, there is a low-tech solution.

One-time pads

A one-time pad is a cipher simple enough to use by hand, but when used correctly, it is uncrackable.

The only simpler cipher I can think of is the Caesar cipher. In that code, you shift the entire alphabet over by some secret amount (with the end of the alphabet wrapping back to the beginning). So if the amount is 2, then A becomes C, B becomes D, ..., Y becomes A, and Z becomes B.

A one-time pad is like a Caesar cipher, but instead of shifting every letter in your message by the same amount, you shift by a new amount each time. The list of amounts is the ``key,'' which the sender and recipient must have decided on secretly in advance. The key should be random, and must never be used to encode more than one message (hence the name).

For example, say the message is ``HELLO,'' and the key is (1, 0, 3, -2, 8). Then the ciphertext is ``IEOJW,'' since H+1=I, E+0=E, L+3=O, L-2=J, and O+8=W. Even though the original message was not completely random, the encrypted message is. That's why the code is uncrackable.

The two parties do need to meet or communicate by trusted courier in advance, in order to share the key. But once they have a shared key, they can communicate privately over untrusted channels.

The RNG

Now if you and a friend want to communicate securely, you know how. But there is still the inconvenience of generating random numbers for the keys.

It is tempting to use a computer program or website to get them, but then we are back to the original problem. If you don't trust a computer or website to send a message, then you can't trust it to generate keys either.

Rolling dice or flipping coins would work, but it's tedious. You would need about log226 =4.7 coin flips per letter of your message. If you want to use capital and lowercase letters, plus periods and spaces, then you would instead need log2(26+26+2)=6 per letter. That means to encode a one-page message, you would have to flip a coin about ten thousand times!

All this is to say that I could use a new gadget on my desk. It should:

A programmable graphing calculator would work, but designing a circuit with lights and tactile inputs is more exciting. In a future post, I will describe my design for such a device.


Copyright © 2020 Sal Elder