Gavin, the descendant of Satoshi Nakamoto, returns to the cryptocurrency circle with a new project Random Sanity

Gavin Andresen, the former chief developer of Bitcoin, was stripped of his code maintenance privileges for Bitcoin Core due to misidentification as Satoshi Nakamoto. Now he has returned to the Bitcoin community with his new project Random Sanity.

In recent months, Andresen has become more active in discussing Bitcoin block size issues on Twitter (his name even appeared on the latest New York Bitcoin Scaling Agreement), and he has been away from the Bitcoin development community for a year.

But this does not mean that this developer, who has made great contributions to Bitcoin, has been doing nothing.

In early May, Andresen tweeted:

“I’m looking for beta testers and collaborators for my Random Sanity project, http://www.randomsanity.org/”

The project is reportedly aimed at better protecting the internet by examining the sources of randomness used by individuals and organizations.

Still watching Bitcoin

Andresen created the Random Sanity project not only because of his interest in learning the GO programming language, but also because of the lack of熵（entropy） in monetary systems such as Bitcoin.

“I’m certainly still following Bitcoin closely,” Andresen told reporters, saying he might provide code review assistance for Digital Currency Group’s (DCG) new bitcoin scaling proposal, but he is unlikely to write any code himself.

“Bitcoin is a very interesting project and its security is paramount,” he said. “If the security of Bitcoin is lost, obviously people will lose money and the reaction will be very rapid.”

This is different from an email account being taken over or hacked, he continued.

In the Bitcoin ecosystem, there have been many minor incidents due to random number issues.

In May 2015, a vulnerability in Blockchain.info's Android Bitcoin wallet caused multiple users to lose funds. According to Softpedia, the vulnerability allowed duplicate Bitcoin addresses to be created and assigned to different users. The core problem of the vulnerability was that Blockchain.info's random number generator, random.org, provided insufficient entropy for certain versions of the Android operating system.

And in August 2013, when multiple vulnerabilities were discovered in another random number generator, Java SecureRandom, all Bitcoin wallet applications based on the Android operating system were potentially at risk.

Keep your distance

"So far, there's only one person on this project, but I love it," Andresen told reporters. "It's nice and simple, and I chose something small and intentionally boring."

He continued:

“Bitcoin is a huge, complex project that involves a lot of people around the world, and I don’t want to be subjected to too much pressure and political struggle again.”

Andresen has been working on the Random Sanity project for about six months, and he said the project is not intended to be a for-profit business. Instead, ideally, the project would be run by an entity similar to the Linux Foundation, providing services to anyone for free.

So, how does Random Sanity work? Every system and every programming language has a way to get random bytes, for example Linux has a special folder called '/dev/urandom', OpenSSL provides multiple random number generators (also used by Bitcoin Core).

Users of the Random Sanity project can take these random numbers (from 16 bytes to 64 bytes) and input them into the service. If the bytes look random, the return value will be "true", otherwise it will be "false".

“The problem of testing whether your random numbers are good enough is a very tricky one,” Andresen said. “There are a lot of reasons why you can screw up.”

Check your digital health

While the purpose of a random number generator is to provide entropy, there are some reasons why randomness may be reduced.

Software downloads and upgrades can screw up the randomness. Or when someone exploits the random number generator to trip up a virtual machine.
A classic failure case, Andresen said, is when an organization uses cloud computing and starts multiple virtual machines at the same time.

In this case, the organization might save an image of the software and run multiple copies for the web servers that handle traffic. Because the virtual machines are started in the same state, Andresen said, they might get the same "random" number.

“There are general tools for increasing entropy, so this is preventable,” he said, “and the Random Sanity Project might be a good tool to check for this.”

"It's designed as a way to make sure that a catastrophic disaster doesn't happen, or that you can find the problem quickly," Andresen said.

Furthermore, the more people and organizations use the system, the more valuable it becomes, as it can provide better randomness based on more bytes.

Distrust Trend

On Twitter, some praised the service, but others expressed concerns about the architecture of the system.

For one thing, the initial version of the system used HTTP, which would allow anyone to eavesdrop and view random bytes sent to the system. To provide a secure connection, Andresen quickly switched to HTTPS.

In addition, people also complained about other issues, and Andresen responded to them one by one.

“I’m trying to arrange things so that people don’t have to trust me,” he said.

While the service is currently running on Google Cloud Platform's App Engine, Andresen's next goal is to open the project up for third-party audits. Currently, people can only audit the project's open source code on GitHub, Andresen told reporters.