Electronic Draw Systems Without the Risks
Helena, can you tell us the motivations for why Szrek2Solutions did this review with Bulletproof?
Helena Pereira: Yes, of course. In 2005, Szrek patented a method for random number generation that generates unpredictable random numbers with verifiability of those same random numbers. Szrek developed this into a technology and offered it to many lotteries. Elsewhere in the industry, there have been problems with electronic draw results which were difficult to trace and conclusively detect. More generally, we believe that the reliability of electronic random number generation must be related to whether the random numbers can be verified for integrity. To say that a problem has not been noticed is not to say that one has not occurred, as random numbers all look the same!
For this reason, we believe the industry as a whole would benefit from transparency in the draw process through proof of integrity which guarantees the integrity of the whole random number generation process. This independent review by Bulletproof highlights the importance of proof of integrity in draw systems and confirms that our technology provides this unique value proposition. Lotteries that use our Trusted Draw and Trusted Audit systems are guaranteed that they will not have any undetected draw problems, whether they are due to hardware faults, software faults, or fraud.
The Outcome: Lottery benefits from the advantages of electronic draw systems without worrying about the risks.
Figure 1: Playing field for an electronic draw system with nonrepudiation and verification
Who is this Review most relevant to — who are you trying to communicate the results of this Bulletproof independent review to?
Helena Pereira: We need to reach security directors, IT directors, and draw staff, but our audience is very much the executive directors and key decision makers in lotteries who are determining whether to use an electronic draw system. We want to make them all aware that the risks of using random number generators can be eradicated by using RNGs which provide nonrepudiation of draw outcomes. We believe that transparency and 100% fault and fraud detection need to become a standard required from any RNG solution used by the industry. The industry continues to be exposed to security risks, unless transparency and nonrepudiation of the draw outcomes is being enforced.
We hope to change the way of thinking regarding electronic draw systems: with proof of integrity for every draw and consistent verification, electronic draw systems provide a viable, secure alternative to mechanical machines at a much lower price point. Similarly to how gaming systems use an independent ICS system to ensure gaming system integrity, an electronic draw system must also provide nonrepudiation and independent verification of integrity for the draw process.
At the PGRI conference in NYC, you illustrated this differentiating factor of your technology using a game. It was a wonderful presentation.
Helena Pereira: Yes. I illustrated the potential risks and benefits of an electronic draw system using the game Chutes and Ladders. (See Figure 2.)
In this game, “the Chutes and Ladders of Electronic Draw Systems” lotteries can benefit from the unique opportunities offered by electronic draw systems- the ability to develop new games, reach new customer segments, to make draw processes more efficient, and to save money. In the game, the benefits are represented by ladders, and each time the lottery climbs a ladder it moves closer to meeting its goals.
However, there are different risks associated with using electronic draw systems as well. These are the vectors of attack or ways that a draw system can be compromised and they are represented as chutes. They include software substitution, hardware substitution, draw time substitution, phishing, hardware deterioration, substitution of numbers drawn, and inadequate RNG design and implementation. Each time a lottery encounters one of these risks, it falls behind in the game, moving away from the goals.
However, when the electronic draw system that the lottery uses has nonrepudiation with proof of integrity, all of these risks can be eradicated- immediately detected by a verification process on an independent system. We illustrate the playing field for an electronic draw system with nonrepudiation and verification in Figure 1: you will notice that the risks still exist, but there are no chutes. This is because all faults and attacks are immediately detected, and thus the risks are greatly mitigated.