Random chance is the essence of the lottery

in Security
On the role of Random Number Generators in modern lottery operations.
To the public, the classic lotteryball tumbler has become emblematic. When one thinks about “the lottery” – besides winning a megajackpot – one often imagines the weekly draw on television with the classic ball tumbler machine spinning and regurgitating five to seven numbered balls in succession. This has become a familiar and trusted ritual, and the integrity of the draw is seldom questioned. Players feel comfortable with the classic lottery draw, as the process is for the most part transparent, and it allows them to see chance happening.
Nowadays, we often speak about how technology is changing the lottery and gaming sector. In the last decade, the Internet and mobile devices have both greatly changed the way players interact with the lottery. One technology that is increasingly playing a major role in lottery operations is the Electronic Drawing System or EDS. More and more, we are seeing the classic balldrop drawing machine being replaced by its electronic counterpart. To all but a very few, the EDS is a mysterious entity shrouded in technical jargon and specialized language. Adding to the mystique is the fact that electronic draws typically occur behind closed doors under tight security. As such, Electronic Drawing Systems offer little to ensure the transparency needed to satisfy skeptical critics. It is not hard to see why some players view electronic draws with a wary eye.
Typically, the EDS operates in conjunction with a gaming system, whether that be for lottery or casino games. At the heart of the EDS lies a Random Number Generator (RNG). The EDS has game code that uses game parameters to scale the string of random 0s and 1s generated by the RNG, to the specific game requirements and provides this scaled data to the gaming system.
The Random Number Generator
In general, the generation of random numbers plays a critical role in many important areas – cryptography, statistics, and of course, the lottery and gaming industry. But what exactly is a random number and what are we looking for in random number generation? For the purpose of this article, we’ll say that a random number is a number generated by a process whose outcome is inherently unpredictable, and which cannot be reliably repeated. Ideally, an RNG should provide an outcome that fits this definition.
According to the National Institute of Standards Technology (NIST), a random bit sequence could be interpreted as the result of the flips of a coin with sides that are labeled “0” and “1,” with each flip having a 50% probability of producing a “0” or “1.” Moreover, the flips are independent of each other – that is, the result of any previous coin flip does not affect future coin flips. The coin toss is thus the perfect random bit stream generator, since the “0” and “1” values will be randomly distributed. All elements of the sequence are generated independently of each other, and the value of the next element in the sequence cannot be predicted, regardless of how many elements have already been produced.
Clearly, the use of a coin for generating random bit sequences is impractical. However, the hypothetical output of such an idealized generator of a true random sequence may serve as a benchmark for the evaluation of RNGs.
When it comes to lottery draws, the possible combination of random numbers is almost infinite. This includes sequences in proper numerical order. Although the sequence 123456 appears to be less random than the sequence 102135592 it is just as likely to occur in a lottery draw as any other sequence. (See accordion box, “A seemingly unusual draw”.)
Pseudo Random Number Generators
As mentioned, the RNG generally works in close conjunction with an EDS. It is either a device or a program that produces a sequence of random numbers through a random process. There are two main classifications of RNGs, Pseudo Random Number Generators (PRNG) and True Random Number Generators (TRNG).
PRNGs are softwaredriven and deterministic. As such, they produce simulated randomness rather than actual randomness, hence the name Pseudo Random Number Generator.
The software consists of an algorithm into which some initial value – known as a seed – is fed. Through a process of iteration, it produces a sequence of pseudorandom numbers.
The seed specifies the starting point when a computer generates a random number sequence; this can be any given number. Many PRNGs use the seconds on a computer system’s clock. A computer counts the seconds from January 1, 1970 – a system called Unix time. (See accordion box, “What is Unix time?”.) For instance, at the time of this writing, it is currently March 29, 2021 at 12:07 CET, which is 1,617,012,504 seconds after January 1, 1970. Given the range of integers this provides (0 to 1+ billion), the probability that you will get the same seed twice is rather low. Other systems make use of Microsoft’s CryptoAPI, a Windows operating system facility that provides digital signatures. Digital signatures are ideal for use as RNG seeds as they are cryptographically strong. As such, they provide RNG seeds that are well protected against decryption and abuse, while allowing for analysis and verification by the operator.
A PRNG’s number sequence is completely determined by the seed: thus, if a PRNG is reinitialized with the same seed, it will produce the same sequence of numbers. Since the sequence is repeatable, it is important that the seed be well chosen and that it remains secure, in order to safeguard against its abuse. If any element of the seed generation process is detected, there is the danger that the random number generation process may be predicted or manipulated for fraudulent purposes.
In contrast, some modern PRNG systems apply the “no security by obscurity” approach, whereby the seed generation method and algorithm used are disclosed. Proponents of this approach argue that the PRNG algorithms and the seeding methodology should be in the public domain so that the security of the process does not have to rely on proprietary information, which could leak and be misused. Such systems rely on methodologies for the detection of factors that can impact the integrity of the random number generation, e.g., tampering, hardware deterioration, and software failure. Ideally, one should always be able to detect if a system has been breached by either an insider or an outsider, or if a hardware problem or a software glitch led to questionable results. That is, each time the PRNG generates random numbers, the seed should first be created in a way that the RNG results remain unpredictable, that any breach of the system can be detected, and that any issues with hardware or software failure can be identified. It is equally important that the seed cannot be reverse engineered through its generated values. No correlation between a seed and its values should be apparent.
True Random Number Generators
Whereas PRNGs take a finite random seed and exploit it through a computational process, TRNGs take a physical source of entropy – which generates a lowlevel, statistically random “noise” signal – as a seed and expands it through a computational process. Entropy is a measurement of disorder, or a measurement of random distribution of energy. The properties of the entropy source are what distinguish one TRNG from another TRNG, e.g., an entropy source based on classical physics versus an entropy source based on quantum physics. In generating random numbers, what we in essence are trying to do is grab a piece of entropy and turn it into something understandable. The TRNG takes a physical source of entropy – or randomness if you will – digitizes it, and applies it as a seed to its algorithm. RNGs of this nature allow us to get closer to true randomness.
TRNGs based on classical physics use realworld random occurrences, such as atmospheric noise or the number of times a computer hard drive is accessed within a given period of time, to generate a stream of completely random numbers, or bits. TRNGs based on quantum physics rely on the prediction of quantum mechanics – such as the nuclear decay of atoms – which is truly random. Indeed, until recently, the only Quantum Random Number Generators (QRNG) were based on the observation of radioactive decay of a given element. To illustrate in more detail, each atom of a radioactive substance has some probability of decaying within a given time interval. But the exact time of decay cannot be predicted and is thus considered random. Radioactive decay timing can be recorded through the use of a Geiger counter and applied as a source of entropy. QRNGs of this kind were costly and presented a biohazard owing to the radioactive element that they implemented.
Today, simpler, safer QRNGs based on optical systems are starting to emerge. These optical QRNGs are based on a simple and fundamentally random process that is easy to monitor. Optical QRNGs use a single photon light source pointed at a partially transparent mirror. The photons pass through the mirror at a measurable rate of 50%. That is, each photon has an equal chance of either going through the mirror or being reflected by the mirror. Whether an individual photon passes through the mirror or it is reflected by the mirror is subject to quantum mechanics and cannot be measurably predicted, much in the same way that the toss of a coin cannot be measurably predicted. Optical QRNGs have the advantage that the overall setup is simple, well understood, and safer, owing to the fact that they do not involve the use of radioactive substances.
Nowadays, most lottery operations using RNGs employ a TRNG – PRNG hybrid mix. That is, a TRNG is used to generate the seed from a physical process and fed into a PRNG for random number generation and scaling of the results.
RNG testing and certification
Certifying for randomness is a tricky business. Can one ever be reasonably sure that a number is random, even if it appears to be random? How can we know that there is not a hidden deterministic pattern behind a stream of random numbers? Adding to this dilemma is the constant threat of cyberattack or system manipulation from within an organization.
You often hear lotteries claiming that their RNG has been tested, reviewed, and certified by an independent auditor. Although certification of RNGs is essential, it is important to clarify what it is and what it is not.
Certification means that the RNG has undergone an independent statistical analysis and has been tested with regards to the randomness and distribution of its results, and that the results of the test have been shown to be compliant with a given specification. As mentioned, in randomness we are looking for results that are inherently unpredictable and that cannot be reliably repeated. Ideal distribution requires that all possible results are equally likely to occur.
Unfortunately, no finite test can determine with certainty that a given RNG produces random strings. But there are tests stringent enough to ensure that an RNG produces strings that have properties that one would expect from random strings.
An example of one such test is the National Institute of Standard and Technology’s (NIST) Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications – known as SP 80022 – to test whether an RNG produces highquality random bits. SP 80022 specifies that the following assumptions are to be made with respect to random binary sequences being tested:
 Uniformity
At any point in the generation of a sequence of random or pseudorandom bits, the occurrence of a zero or one is equally likely, i.e., the probability of each is exactly 1/2. The expected number of zeros (or ones) is n/2, where n = the sequence length.  Scalability
Any test applicable to a sequence can also be applied to subsequences extracted at random. If a sequence is random, then any such extracted subsequence should also be random. Hence, any extracted subsequence should pass any test for randomness.  Consistency
The behavior of a generator must be consistent across starting values (seeds). It is inadequate to test a PRNG based on the output from a single seed, or a TRNG on the basis of an output produced from a single physical output.
In RNG testing and certification, it is important to note that neither the RNG’s vulnerability to cyberattack nor vulnerability to tampering with by perpetrators from within the organization are covered.
RNG security and integrity
Just as it is important that the randomness of the RNG is ensured, a lottery operation must guarantee the security and integrity of the draw. They must ensure that hardware is functioning properly and that there were no software errors. A lottery operation must also ensure that the draw was not subject to a cyberattack or manipulated from within.
Random Number Generators in Electronic Drawing Systems face security risks on numerous levels. Among these are:
 Direct attacks on the RNG in order to generate a predictable result. This is done through software or hardware substitution.
 Attacks on the game code in order to circumvent the RNG results.
 Timestamp substitution. In an offline or isolated system, the system time cannot be continuously verified. This means that the draw timestamp could conceivably be altered after the draw results are known by an inside perpetrator.
 Phishing for desired draw combinations. A traditional RNG, and in particular an offline system, may allow for multiple generations of a given draw result. This would allow an insider to continue phishing until the desired draw result is found. The desired draw result could then be published as the proper draw outcome.
Fraud perpetrated against an EDS is generally a highly complex exploit and often executed from within an organization with external collusion. The highest impact is generally on the reputation of the organization.
Other factors may affect the RNG and impact the integrity of the draw:
 Hardware deteriorating. RNG hardware may deteriorate over time, leading to nonrandom or repetitive draws.
 Inadequacies in RNG software design may also lead to integrity degradation. Software design deficiencies could include:
 Weak algorithm cryptography
 Draw system software lacking builtin checks for hardware deterioration or hardware malfunction
 Software bugs and configuration errors
Each of these is difficult to detect, as incorrect or fraudulent numbers cannot be differentiated from numbers that are randomly generated. Adding to this problem is the fact that many lotteries lack the inhouse expertise in cryptography, statistics, and RNG technology needed to evaluate thirdparty EDS systems.
Ensuring the security and integrity of electronic draws is dependent on two key elements: 1. Sound preventive measures to hinder draw manipulation and; 2. A system to verify the true and conclusive nonrepudiation of the draw.
Preventive measures can be systematically incorporated into processes and best practices so that the likelihood of cyberattack or insider fraud is minimized. However, preventative measures alone are not sufficient. In order to ensure the integrity of an electronic draw, preventative measures must be paired with a system of nonrepudiation.
Nonrepudiation is a legal concept for the assurance that someone cannot deny the validity of something. In a legal setting, the term is often seen when the authenticity of a signature is being challenged. The concept of nonrepudiation has been widely adopted in the IT world. In information security, a system of nonrepudiation provides proof of the origin of a given data set and the integrity of that data and allows for the verification of that data by an independent third party.
By integrating a system of nonrepudiation, lottery operators can ensure the integrity and origin of the draw data so that it can be audited and verified by a third party at any time. It facilitates the detection of fraud and is a reliable means of auditing for fraud detection at a later date. It also serves as legal protection providing verifiable proof in a court of law that a given draw was not interfered with or was affected by a faulty system.
The player’s perspective
For lottery operations, Electronic Drawing Systems offer an array of advantages. They offer support for more types of games, provide the ability to have more frequent draws, and allow for better management of draw outcomes. Since draws for all games can be handled by one system – as opposed to having a separate machine for each game – EDSs offer more cost efficiency, and they require fewer human resources to manage them. When security measures and draw transparency are correctly implemented, an EDS provides better control and protection of the gaming environment than a mechanical draw system. With such advantages, it is likely that the EDS will soon be a mainstay of modern lottery operations across the globe.
However, owing to their cryptic nature, Electronic Drawing Systems are viewed by a significant portion of the playing public with skepticism. While lotteries may see the live broadcast of a traditional drawing as an unnecessary overhead, a significant number of players view it as an essential way to maintain their confidence in fair draws.
The website lotterypost.com has set up an online petition to stop electronic draws and to impose federal guidelines on how lottery draws are to be conducted in the US. The petition has close to 11,000 signatures. Some of the reasons given for the launch of the petition are:
 The public’s lack of confidence in the randomness of the drawn numbers;
 Public concern with cybersecurity and the vulnerability of RNGs to attack from both outside and within the organization;
 Playervisible drawing methods are more fun and confidenceinspiring for lottery players
Although these concerns are largely unfounded, they are something that the lottery industry needs to address. As we have seen, modern EDSs/RNGs are reliable and secure. What is needed is a way to offer the playing public transparency into the draw process. And we must provide a level of transparency that is simple and easy to understand. At the same time, we need to find a way to make electronic draws entertaining and engaging for players. Allowing players to see chance happen in realtime is part of the allure and excitement of playing the lottery. Perhaps the next innovation in Electronic Drawing Systems will take these concerns into consideration.
https://www.worldlotteries.org/insights/editorial/blog/randomchanceistheessenceofthelottery