产生随机数可以提高网络安全的新方法（New method of producing random numbers could improve cybersecurity）

       位于奥斯汀的德克萨斯大学计算机科学家发明了一种新方法，用来生成真随机数，可用来给数据加密、保障电子投票安全、进行重要投票、保证模拟复杂系统的精确性。有一位密码学专家称该技术为“杰出之作”。

       新方法的计算工作量比其它方法都少，且生成的是真随机数，有利于保证更高的安全性，小到信用卡交易、大到军事通信。

在6月举行的年度计算理论研讨会上，计算机科学教授David Zuckerman和本科生EshanChattopadhyay将讲述他们的研究。计算理论研讨会是计算机协会最重要的理论计算机科学大会。得到大会的邀请要经过同行评议程序，由他人评估成果的正确性和重要性。计算理论大会最佳论文奖仅有三个名额，他们的论文就是其中之一。Zuckerman说，“20多年里这个问题阴魂不散，我很高兴终于解决掉了。”

       去年，Chattopadhyay 和Zuckerman在一个网络论坛上公布了论文初稿，详述他们的随机数方法（http://eccc.hpi-web.de/report/2015/119/）。计算机科学领域常见于缓慢、渐进式的进步，因此他们的方法受到高度欢迎，因为与之前的方法相比，这个方法领先一光年。以色列魏茨曼科学研究所的教授Oded Goldreich评论说，即使只是对现有方法的轻度改善，它也是众人期待已久的。

        微软研究院新英格兰分部的高级研究人员Yael Klai也致力于随机提取，他激动地表示：“听说他们的新方法后，我难以入睡。”“我兴奋不已，简直不敢相信，我立即去网上阅读了论文。真是杰出之作。”

        新方法采用两个弱随机数序列，合成一个真随机数序列。长期抽样空气温度和股票市场价格等弱随机序列，得出可预测的模式。真随机序列没有任何可预测性，像是掷硬币。

        新研究似乎推翻了计算机编程的老谚语“无用输入，无用输出”。实际上， Zuckerman自二十世纪90年代起就率先提出的一系列新方法，叫做随机提取器，最新的方法算是一个有力补充。

        之前的随机提取器都不实用，因为它们要么要求两个源序列有一个是真随机（鸡生蛋蛋生鸡问题），要么要求两个源序列都近似真随机。新方法跨越了这两个限制，使用弱随机序列就足够了。

        随机数的一个重要应用是生成数据加密密匙，让黑客难以破解。数据加密对信用卡消费和银行交易而言极其关键，数据加密可以保护个人医疗信息的安全、防止敌方截取军事通信等等。

       Zuckerman表示，尽管已经存在生成高质量随机数的方法，这些方法都需要大量计算。他的方法生成的随机数质量更高，且无需很多计算。

“加密被误用的一种常见方式是不采用高质量的随机性。”“因此，我们的方法提升安全性就是通过降低获取高质量随机性的门槛。”

        他们的论文展示了生成一个真随机数的方法—相当于扔一次硬币，Zuckerman之前的学生Xin Li展示了如何拓展使用，即用新方法生成更多随机数的序列。

去年夏天Zuckerman 和Chattopadhyay发表初稿的网站叫做计算复杂度电子讨论会，该网站提供平台，使研究人员分享成果，并获得反馈，然后将终稿发表在杂志或会议上。计算机科学家和数学家都曾仔细阅读他们的文章，提供建议甚至帮助丰富了他们的理论。

原文：

         With an advance that one cryptography expert called a "masterpiece," University of Texas at Austin computer scientists have developed a new method for producing truly random numbers, a breakthrough that could be used to encrypt data, make electronic voting more secure, conduct statistically significant polls and more accurately simulate complex systems such as Earth's climate.

         The new method creates truly random numbers with less computational effort than other methods, which could facilitate significantly higher levels of security for everything from consumer credit card transactions to military communications.

        Computer science professor David Zuckerman and graduate student Eshan Chattopadhyay will present research about their method in June at the annual Symposium on Theory of Computing (STOC), the Association for Computing Machinery's premier theoretical computer science conference. An invitation to present at the conference is based on a rigorous peer review process to evaluate the work's correctness and significance. Their paper will be one of three receiving the STOC Best Paper Award.

        "This is a problem I've come back to over and over again for more than 20 years," says Zuckerman. "I'm thrilled to have solved it."

        Chattopadhyay and Zuckerman publicly released adraft paper describing their method for making random numbers in an online forum last year. In a field more accustomed to small, incremental improvements, the computer science community hailed the method, suggesting that, compared with earlier methods, this one is light years ahead. Oded Goldreich, a professor of computer science at the Weizmann Institute of Science in Israel, commented that even if it had only been a moderate improvement over existing methods, it would have justified a "night-long party."

        "When I heard about it, I couldn't sleep," says Yael Kalai, a senior researcher working in cryptography at Microsoft Research New England who has also worked on randomness extraction. "I was so excited. I couldn't believe it. I ran to the (online) archive to look at the paper. It's really a masterpiece."

        The new method takes two weakly random sequences of numbers and turns them into one sequence of truly random numbers. Weakly random sequences, such as air temperatures and stock market prices sampled over time, harbor predictable patterns. Truly random sequences have nothing predictable about them, like a coin toss.

        The new research seems to defy that old adage in computer programming, "Garbage in, garbage out." In fact, it's the latest, most powerful addition to a class of methods that Zuckerman pioneered in the 1990s called randomness extractors.

        Previous versions of randomness extractors were less practical because they either required that one of the two source sequences be truly random (which presents a chicken or the egg problem) or that both source sequences be close to truly random. This new method sidesteps both of those restrictions and allows the use of two sequences that are only weakly random.

An important application for random numbers is in generating keys for data encryption that are hard for hackers to crack. Data encryption is critical for making secure credit card purchases and bank transactions, keeping personal medical data private and shielding military communications from enemies, among many practical applications.

       Zuckerman says that although there are already methods for producing high-quality random numbers, they are very computationally demanding. His method produces higher quality randomness with less effort.

       "One common way that encryption is misused is by not using high-quality randomness," says Zuckerman. "So in that sense, by making it easier to get high-quality randomness, our methods could improve security."

       Their paper shows how to generate only one truly random number—akin to one coin toss—but Zuckerman's former student Xin Li has already demonstrated how to expand it to create sequences of many morerandom numbers.

       The website where Zuckerman and Chattopadhyay posted their draft last summer, called the Electronic Colloquium on Computational Complexity, allows researchers to share their work and receive feedback before publishing final versions in journals or at conferences. Computer scientists and mathematicians have been carefully reviewing the article, providing suggestions and even extending themethod to make it more powerful.