Securing the Internet with Lava Lamps
Cybersecurity attack vectors are emerging with great complexity and unpredictability. Cloudflare, a global Internet security provider, tackles this challenge through an unconventional strategy inspired by chaos theory - harnessing randomness from a wall of lava lamps.
Cybersecurity attack vectors are emerging with great complexity and unpredictability. Cloudflare, a global Internet security provider, tackles this challenge through an unconventional strategy inspired by chaos theory - harnessing randomness from a wall of lava lamps.
In Cloudflare's San Francisco headquarters sits an eye-catching wall installation dubbed the "Wall of Entropy." It features four rows of bubbling lava lamps under constant video surveillance. As the hot wax blobs rise and fall within each lamp, they create ever-changing patterns governed by fluid dynamics.
No single lava blob's movement can be predicted with certainty. Additional randomness comes from natural variations in lighting, foot traffic interrupting the camera's view, and electronic sensor noise within the camera itself. All of these real-world factors swirling together generate a valuable lack of pattern, or high "entropy," that computers struggle to replicate on their own.
Cloudflare then analyzes the lava lamp footage, essentially hashing each unique video frame into numeric values. These random numbers serve as unpredictable seeds to launch cryptographic pseudorandom number generators (CSPRNGs), the workhorses that produce the scrambled digits actually needed for encryption and other security protocols.
Read about the Wall of Entropy here:
Prof Bill Buchanan OBE
Expanding Sources of Entropy
Originally relying solely on lava lamps, Cloudflare has expanded sources of unpredictability by incorporating entropy displays from other offices. Double pendulums installed in London produce beautifully complex motions very sensitive to initial conditions. Suspended mobiles that twirl with changing light in Austin cast colorful, random patterns on surrounding walls. By pulling entropy from these diverse natural displays across different environmental factors like light and Heating, Ventilation, and Air Conditioning (HVAC), LavaRand enhances randomness beyond any single source or location.
The company has also helped develop decentralized public randomness through the DRAND protocol. As Cloudflare Research Engineer Thibault Meunier explains, there is a distinction between private randomness meant to stay secret like cryptographic keys, and public randomness where values can be agreed upon once published. However, single entities like lotteries producing public randomness could manipulate outcomes without detection.
In 2019, Cloudflare joined with seven other independent organizations to form the League of Entropy powering the DRAND network. The League operates two mainnet networks with roughly 23 nodes split across the globe. It provides 128 bits of security, meaning it would take roughly 2^128 computing operations to break it. They also offer timelock encryption, which allows users to encrypt a message that can be read only at a specific time in the future. The DRAND protocol achieves verifiability through threshold signatures - as long as over half of participants behave honestly, output randomness cannot be predicted or biased. This distributed consensus model addresses trust concerns around potential collusion or insider manipulation at a single authority. Applications from distributed file storage to games now reliably tap DRAND's public beacons.
The Future is All About Entropy
As technology advances, so too will bad actors' abilities to undermine current approaches. Therefore, the ongoing challenge lies in creatively identifying and utilizing fresh sources of entropy to fortify cybersecurity defenses. The race to discover new and innovative ways to generate randomness is a never-ending one, and only those who remain vigilant and proactive will be able to keep up with the evolving threat landscape.
