In a room in San Francisco, California, 100 lava lamps are neatly arranged on a wall. And they’re keeping your Internet safe.
The internet is a weird thing: on one hand, we have access to the sum of human knowledge at the click of a button, opening endless possibilities of communication and information sharing. But on the other hand, it also opened a new age of espionage, cybercrime, piracy, and security breaches.
Encrypting the internet is more important than ever, with corporations and governments constantly investing in encryption, one company has found an unusual way to ensure encryption: by using lava lamps.
Inside the lava lamps (something you might expect to see in the bedroom of a disco freak and not in the office of a Silicon Valley tech company), the “lava” rises and sways, reacting to vibrations as people walk by.
It’s hard to imagine that something as peculiar as this could help with encryption; and yet, it does. We’ll see how they help in a moment, but first, we have to pass through a little bit of chaos.
True randomness
At the core of secure encryption lies a bit of chaos — randomness, to be more precise. Every new key used by a device to encrypt data must be random, so that the attacker wouldn’t be able to figure out a pattern and decrypt it.
The problem is, for all their progress, computers are lousy at randomness.
No computer can truly generate random numbers. “Wait” — you might say. “A lot of software has random-generating functions”. That’s true, in a way. Computers can seem to generate random numbers, but they start from a “seed” value, such as the time of day or the processor clock. They can then use a very complex algorithm around this seed value and produce numbers that seem random to you and me, but in fact, aren’t.
To an attacker using equally capable software, the pattern could be unveiled, and once the seed value is identified, the encryption loses all value, and your data is no longer secure.
These are called pseudo-random numbers. They’re useful for some tasks, like raffles or basic programs, but they’re not designed to produce the truly random data needed for creating unpredictable encryption keys.
Instead, in order to generate real randomness, computers must take an input (or series of inputs) from the outside world. For example, the computer could measure the radioactive decay of an atom — which, according to quantum theory, is a truly random process. Alternatively, systems could take atmospheric noise as an input, or simply take the way you type and use that for encryption.
Or, they could use a lava lamp.
Securing the internet with lava lamps
If you’ve ever watched a lava lamp, you’ve seen that it truly is random. The “lava” always changes shape, swirling around in its containment, in a way that no two identical states are reached.
This would be a great source of randomness, Cloudflare believes. Cloudflare is an American web-security company that protects around 10% of the internet, including websites such as Uber, OKCupid, and Fitbit.
The colorful wall of lava lamps helps protect the data of millions of people, creating a flux of unpredictability. To collect this data, Cloudflare arranged 100 lava lamps on one of the walls in the lobby at its California headquarters. A camera takes photos of the lamps at regular intervals, feeding the images into servers, which are then used to generate a series of random numbers and voila — you have the basis of encryption.
It gets even better: it’s not just the lava lamps themselves. Since the lava lamps are exposed in the lobby, they can be subjected to slightly different air parameters (such as humidity or visibility). This variation adds even more randomness to make for even more solid encryption.
There’s another source of randomness at work here: people. If you recall, the lava lamps are in the lobby. So every time someone walks by (and the lava lamp wall is open to visitors), their steps send small vibrations that move the “lava” blobs around. Instead of being a security hazard, this actually adds a layer of security. You can play a role and make the internet just a little bit more secure.
Cryptographic lava seeds? How about quantum
So, unexpectedly, lava lamps make for excellent sources of encryption randomness. They’re good cryptographic seeds, but they’re not the only ones.
Cloudflare itself uses two additional key generators: a “chaotic pendulum” with 3 components that unpredictably twist and turn at its London office, and a radioactive source at its Singapore office.
As if all that wasn’t all wacky enough, the next generation of encryption might delve into the bizarre world of quantum mechanics.
Quantum cryptography attempts to allow two users to communicate using more secure methods than those guaranteed by traditional cryptography. exploiting quantum mechanical properties to perform cryptographic tasks.
The quantum world offers some benefits that are simply impossible outside of it. For instance, it is impossible to copy data encoded in a quantum state: if you attempt to do so, the quantum state will be changed, rendering the data unreadable (or destroying it). This could be a fail-proof mechanism to prevent eavesdropping, making quantum encryption quite possibly unbreakable.
Still, it will take a few more years before reliable quantum encryption becomes a reality. For now, the lava lamp wall is still safe.