Quote from: Guru on September 21, 2012, 11:29 pmIn the context of Silk Road, OTPs are basically a toy; an interesting toy, but a toy nonetheless. People here have neither the ability to generate truly random keys in sufficient quantities, nor the means to securely distribute the pads/keys. I think I do have a way though Guru.There are a number of ways of obtaining relatively decent random numbers, such as shuffling cards (a lot... e.g. weeks and weeks) or using a lottery ball (it's this big container full of balls with numbers on them, buffeted by air, it is actually quite effective at being random, at least good enough for things like powerball lotteries).However, I'm not talking about those toys, but something infinitely more complex, the stock market. Don't think "how absurd" until you've read my entire argument.--This is not going to make much sense to you unless you make an attempt (it takes years to get it properly, anybody who says otherwise is a fool who thinks the universe has SparkNotes some place and that everything is reducible to Powerpoint slides) to understand EMH.EMH is essentially, in one sentence, the idea that price movements on the stock market must be random. The entire network, all the people and machines working on their behalf on the market, they are all continually endeavoring to find patterns, it is like this giant pattern matching machine searching for new matches. If they are found, they are exploited. This is an exceptional process because the collective intelligence of some of the smartest people on the planet is working to this end. In case you don't think the stock market could ever be sufficiently random, it can! Because markets actually are attempts (from a high level perspective) to incorporate all information about the world into them. Prices are a very very concise numerical synopsis of an absolutely terrific quantity of information.Whenever a match is found on the market, a pattern discovered, it can be used to generate an arbitrage opportunity, and then with successive trades the information becomes used up, the pattern, the information literally becomes part of the price network and prices change as a result. This is not a metaphor, it is a literal statement, this is what happens every day on the market, often within millionths of a second thanks to algorithmic trading and high frequency trading, it's been extensively measured by economists.When we think about it, randomness is merely data that is not information. That is; randomness is the set of all patterns that are not currently understood. If the search space of unknown patterns is very large, then randomness can be of sufficient quality because of this. I mean flipping a coin is colloquially thought to be random, and to an extent it is, good enough for decisions for minor things, but in practice there is probably an equation the length of a telephone book that could be worked out to predict the sequences of heads or tails if you only were able to factor in all information about the coin flipping e.g. the length of your thumb implying upper/lower bounds on flipping velocity, the temperature (the coin should be warming up with each flip due to contact with a human body + air fiction), the heart beat of the coin flipper, the wind speed and so forth. With enough knowledge, prediction becomes possible, it's just a matter of whether it's worthwhile or not.My point is that the stock market is as perfect a seed for a random number generator as you're ever going to obtain. It is the essence of pure information, so it is easy to use, and the only way, I have to emphasize this because it's the entire point of this post, *the only way* a cryptanalyst is going to discover the seed is if they build a machine that is capable of predicting stock market prices. But the entirety of Wall Street has been building such machines for at least a century! It's an arms race! In fact it would be easier to simply poison the seed by delivering fake data. The problem is that you have no idea where inside the stock market the seed comes from. What are you going to do? Poison the seed by placing price controls everywhere to ferret out the seed? Ridiculous! In any case, your opposition are bound to notice unless you are spectacularly subtle... And you don't have control over every single stock market on the planet (this is very similar to our assumptions about anonymity on the Tor network in some ways). And it could be any kind of market so long as it's moderately efficient (or actually, ironically, it is possible this would work even if it isn't... but this is a bizarre subject and you would really have to understand EMH to see where that rabbit hole is going, the tldr; version is that even when markets are rigged or inefficient they exhibit randomness to the extent that insider traders don't on average profit from their inside information, inefficient does not imply consistent predicative power, which is perfect for us and frustration for arbitragers).Now, there is a caveat or two with this idea. Markets are not perfectly efficient because they are not frictionless, meaning that some differentials won't be arbitraged because of trading fees and commissions, or taxes. This will be a problem for your seed, this is something that is in between irrational patterns (inefficiency) and unpredictability (efficiency) that could produce consistent price behavior. You will need to come up with another mechanism for avoiding these situations, a delicate issue, but I think a manageable one.That notwithstanding, I think there is the kernel of a good idea here, something for a cryptanalysis research paper. I am confident I could devise an algorithm for generating extremely powerful random numbers from markets, but I'd probably need about a year to study the appropriate material, I'm aware most ideas shatter in reality!Concept Synopsis:1. The stock market can be a source of superb random information (for two reasons, paradoxically, efficiency and irrationality)2. Everybody has access to the data from all over the world and many channels.3. Price prediction and seed poisoning is impractical due to information races.--Result: A civilian may be able to build highly sophisticated One Time Pads from the stock market(s).--Edit: I am fairly certain that this mechanism described above could satisfy these criteria below in theory. The parallel to economic concepts is simply extraordinary. I think it would be much cheaper than creating specialized hardware and the only reasonable attack would be some side channel attack.QuoteEvery CSPRNG (cryptographically secure pseudo-random number generator) should satisfy the next-bit test. That is, given the first k bits of a random sequence, there is no polynomial-time algorithm that can predict the (k+1)th bit with probability of success better than 50%. Andrew Yao proved in 1982 that a generator passing the next-bit test will pass all other polynomial-time statistical tests for randomness. Every CSPRNG should withstand "state compromise extensions". In the event that part or all of its state has been revealed (or guessed correctly), it should be impossible to reconstruct the stream of random numbers prior to the revelation. Additionally, if there is an entropy input while running, it should be infeasible to use knowledge of the input's state to predict future conditions of the CSPRNG state (Pine: with our idea, the first part of the criteria shouldn't be relevant since there is no repetition of prices possible).Example: If the CSPRNG under consideration produces output by computing bits of in sequence, starting from some unknown point in the binary expansion, it may well satisfy the next-bit test and thus be statistically random, as appears to be a random sequence. (This would be guaranteed if is a normal number, for example.) However, this algorithm is not cryptographically secure; an attacker who determines which bit of pi (i.e. the state of the algorithm) is currently in use will be able to calculate all preceding bits as well.