# [Beowulf] OT: public random numbers?

Robert G. Brown rgb at phy.duke.edu
Sun Aug 14 15:05:31 PDT 2011

```On Sat, 13 Aug 2011, Mark Hahn wrote:

>>>> After posting I thought of one other source of more or less random
>>>> verifiable numbers - the scores of sporting events. ?These are not
>
> I immediately thought of another widely published stream of immutable noise:
> the congressional record.  sorry, no smiley ;)
>
>> Then pop it into your favorite AES-based or threefish based RNG, or cook
>> up something yourself with even more rotors, spin it a while, and out
>
> sorry, I don't understand your emphasis on flatness.  why does the
> distribution of the seed (entropy source) matter, as long as it's reasonably
> large and not predictable before publication date?
> the crypto hash takes care of whitening, doesn't it?

Bayes theorem.  If one knows that (say) the distribution of digits in
sports scores is (say, and not unreasonably) 70% 1s, 2s, 3s and 30% all
the other digits -- because e.g. football games rarely get 4-9 in the
second digit slot (note that this is an example only) one can gain a
near 2-1 advantage over everybody else playing by picking seeds with the
right frequencies and using only those seeds to select a set of numbers,
if (as it sounds) there is an openly published unique map between the
seed and the lottery outcome so "anybody can check that it is fair".  In
this latter case you aren't trying to guess the white "random" outcome,
you are trying to guess the seed, and if the seed is drawn from a
non-flat space you'll beat the pants off of anyone playing blind by
using that space to generate your seeds/guesses.

Basically you take the lottery from being a lottery with all numbers
equally represented in the outcome space to being the moral equivalent
of predicting the actual point outcome of N football or basketball
games.  The size of the latter space is MUCH smaller than the size of
all possible scores, right?  In fact, it is "small" compared to the
latter space.

So, sorry, I think that for a lottery (especially one with e.g. a cash
payout and deep pocketed people capable of speculatively gambling to win
based on expectation value based on an openly published hash and seeing
method) needs to use a true random, true white seed, since you might
just as well use the seed as the lottery number in this case and in no
other case is it fair.

Of course, if the lottery is for cakes at a bake sale, who cares.  Just
don't underestimate the cleverness of would-be attackers if the lottery
has an openly published method of generating the result and/or
potentially large payout.  Plenty of people would tackle the project of
cracking the lottery just for the thrill, even if the payout wasn't that
great.  If the payout was large enough, you'd have have deep-pocketed
smart people covering the entire most-likely-point spread generated by
Vegas bookies, week after week, through proxies, and making a bundle
from it.

rgb

>
> thanks, mark hahn.

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu

```