Security Experts:

Cloudflare Joins the League of Entropy

Internet security firm Cloudflare this week revealed its participation in “League of Entropy,” a worldwide effort of individuals and academic institutions to bring users a quorum of decentralized randomness beacons. 

Building on the Randomness Beacons project at NIST, League of Entropy is a network of beacons designed to produce distributed, publicly verifiable random outputs. These can then be used in applications where the nature of the randomness must be publicly audited.

Randomness beacons are servers designed to generate completely unpredictable 512-bit strings (about 155-digit numbers) at regular intervals, and the idea behind them emerged from the need for constant generation of substantially large, unpredictable numbers.

Random numbers have a broad range of uses, from lottery to competitions, elections, and cryptographic computations, and can affect the lives of millions of people, which makes it imperative to ensure they are difficult or impossible to predict. 

League of Entropy“You might think using a randomness beacon for random generation processes, such as those needed for lottery selection, would make the process resilient against adversarial manipulation, but that’s not the case. Single-source randomness has been exploited to generate biased results,” Cloudflare’s Dina Kozlov explains

This is where League of Entropy, which is based on the drand project, steps in, in an effort to eliminate the possible exploitation of single point of origin of beacons by offering eight independent globally distributed beacons instead. 

Drand ensures that the distributed randomness generation completes successfully with high probability, that the output is not predictable, that the random output represents an unbiased, uniformly random value, except with negligible probability, and that the output is third-party verifiable against the collective public key computed during drand's setup. 

With the unpredictable nature of a number measured by entropy, an increased level of entropy is needed to ensure the randomness of generated numbers, and this is where the League of Entropy draws its name from. 

Each of the founding members contributes with their individual high-entropy sources to provide a more random and unpredictable beacon for the generation of publicly verifiable random values every sixty seconds. The beacon is decentralized and built using appropriate, provably-secure cryptographic primitives, Cloudflare notes. 

“This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers. Even if one or two of the servers or their entropy sources were to be compromised, the rest will still ensure that the jointly-produced entropy is fully unpredictable and unbiasable,” Kozlov continues.

The League of Entropy currently includes Cloudflare, Protocol Labs researcher Nicolas Gailly, University of Chile, École polytechnique fédérale de Lausanne  (EPFL), Kudelski Security, and EPFL researchers, Philipp Jovanovic and Ludovic Barman.

Related: Cloudflare Launches New HTTPS Interception Detection Tools

Related: Cloudflare Raises $150 Million

view counter