Good randomness is hard to find.
John Graham-Cumming, programmer-turned-CTO of Cloudflare, found it in lava lamps.
“It turns out that computers are really bad at generating random numbers. The only thing worse than generating random numbers on computers is humans generating random numbers,” he explains. “You end up having to find interesting ways of getting randomness.”
Cloudflare, the internet security and performance monolith that filed for its initial public offering on August 15, is part of a multi-billion-dollar encryption industry that seeks high-quality randomness as a fundamental resource. Without it, the company wouldn’t be able to effectively provide security for as much as 10% of the web.
Here’s their unconventional system for finding reliable randomness.
In Cloudflare’s San Francisco office, it’s called the Wall of Entropy. Four rows of lava lamps turn on and off while a camera records them—capturing not just the hot wax bubbling in the lamps, but the office environment. People walk by. The sunlight from a nearby window changes.
Think of randomness as a lack of pattern. The degree to which a system has no pattern is known as entropy. A high-entropy source is completely chaotic, is unpredictable, and is called true randomness.
Cloudflare’s lava lamps kick start its process towards creating this true randomness. They add additional layers of randomness to create an entropic mess intended to be impossible for potential hackers to replicate. In the end, Cloudflare has a single number: a random number.
Here’s how they do it.
Why do Cloudflare and other companies go to such lengths to produce reliable random numbers?
“The reason you need randomness is you need unpredictability. You need an attacker not to be able to guess some important part of the communication,” Graham-Cumming explains. And this, ultimately, is the problem with computers and humans; both are just too predictable.
Computers use a random number generator, initiated with a starting value called a ‘seed’, to spit out unpredictable digits. But computers are very good at executing tasks predictably; any individual seed value will always produce the same sequence of numbers. If you know the seed, you can predict the output. This is called pseudo-randomness.
Where people and computers fail at creating true randomness, the physical world does not. Truly random seed numbers can be derived from the unpredictability of physical processes itself—like radioactive decay—or through the imprecision of taking exacting measurements (like recording the temperature to ten decimal places).
Cloudflare is far from alone in their need for unpredictable values, and others have their own unique methods to find them. The University of Chile, for example, sources entropy from seismic measurements of the earth, radio waves from a campus radio station, and a selection of Twitter posts. Protocol Labs uses measurements of ambient noise. Even the American government is experimenting with entropy. The National Institute of Standards and Technology has experimented with using quantum mechanics to create random numbers, by generating digital data using particles of light. These organizations have even joined together to create a free public randomness service called the League of Entropy which mixes their individual sources of entropy.
But for Cloudflare, it’s the lava lamps. “It’s a piece of artwork for our offices. But it does serve a purpose,” Graham-Cumming told Quartz of the wall, “Randomness is everywhere. It’s fundamental to our use of the internet.”