Hacker News new | past | comments | ask | show | jobs | submit login
Ephemerand – GPS-based random number generator (github.com)
52 points by j_halden 13 days ago | hide | past | web | favorite | 18 comments





So if I understand the source data correctly, it doesn't seem to be super random. These are the last 5 TLE entries for one of the GPS satellites:

    40105 54.5777 194.6697 0011887 101.0084 259.0886 2.00557623 33631
    40105 54.5775 194.5700 0011842 101.1165 258.9939 2.00557745 33682
    40105 54.5775 194.5700 0011842 101.1165 258.9939 2.00557745 33682
    40105 54.5775 194.5700 0011842 101.1165 258.9939 2.00557745 33682
    40105 54.5775 194.5700 0011842 101.1165 258.9939 2.00557745 32827
It looks like you can't really predict them, but you can certainly generate likely candidates.

The values have expected cycles as well: https://space.stackexchange.com/questions/30735/why-do-gps-s...

Am I missing something here?


If I understand correctly the data is updated once a day, so everyone who does this will have the same random number. It is even described in the linked slides: they were able to generate the same random number, without communication. What use can this have?

Normally you want to keep your random number source secret, but this has a good application for trusted timestamping[0]. You can use the random output with a signature to proof that you had some information before a specific time.

[0]: https://en.wikipedia.org/wiki/Trusted_timestamping


Right, but then

  wget ftp://cddis.gsfc.nasa.gov/gnss/data/daily/2019/brdc/brdc0690.19n.Z
seems much simpler

This allows you to generate those values offline, without informing NASA.

Ah, it would be a candidate to replace the "here are the headlines of the day to prove I didn't create this message in the past"

The homepage for the NIST Randomness Beacon (referenced in the readme) mentions a few applications for this type of system. https://www.nist.gov/programs-projects/nist-randomness-beaco...

I think there were some ideas on proof of work or alternatives that could use random number available at the same moment for all participants. Unfortunately, it seems that numbers generated by this could be influenced by USA.

As the author states, you could mix in similar values present in BeiDou/Galileo/GLOSNASS systems, meaning the EU, China, Russia, and the US would all need to conspire to do this.

In case of open distributed systems just one bad actor can delay his message and modify it as needed to get desired results.

Author even stated similar scenario:

For instance, the miner who constructs the block can influence the randomness by choosing to not publish the block if the blockhash is disadvantageous.


I can't think of a situation where two parties would want to generate the same sequence of random numbers without communication, however, if I ever need it, this seems like a really interesting solution.

Generating a shared sequence of random numbers is the basis of zero knowledge proofs, hence it could be useful for authentication. I can think of one interesting feature this scheme would have, if we assume the numbers from GPS are truly random. If you know the shared secret then you can predict the output as far back in time as you want, but you can't predict more than a day ahead.

> Generating a shared sequence of random numbers is the basis of zero knowledge proofs

Could you give an example? The zero knowledge proofs I know are of the type: here's an X, tell me f(secret, X) - which doesn't require any shared information (apart from the secret you're verifying).


It'd be more correct to say pseudorandom. The way I was taught ZKPs was in terms comparing the output of pseudorandom number generators seeded by a challenge and a shared secret, but you can also explain it in terms of hash functions instead.

What I was thinking was that the random number from GPS (or some sequence derived from it) could serve as the challenge, basically akin to a 2FA scheme like HOTP. Or a variety of other schemes, hinging on the trait that you can't predict the next output of the random number from GPS.


Two factor authentication......

If you combined this with a local GPS receivers location + other data (system I/O load, temperature, etc), it then is random. But I agree without anything else it is... just a long-digit number that anyone can reproduce ?

Take block-chain insanity out of this, and a distributed reliable consistent unpredictable random value feels like a socially useful thing.

Put signed public ledger (which is block chain shed of the economic games to ICO) back on the table, and It feels like this, alongside a trusted third party time stamp, would become enabling technology for a non-repudiation 'happened on this day' service.

I would prefer to use GPS than NIST. If this is combined with mix-in from Glonass and Galileo, Does it get stronger or weaker?


signed public ledger ... alongside a trusted third party time stamp, would become enabling technology for a non-repudiation 'happened on this day' service.

Indeed. https://motherboard.vice.com/en_us/article/j5nzx4/what-was-t...




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: