Lessons from Arizona, Part II: A Solution
Following the recent incorrect draw results in Arizona, perception of electronic lottery drawings are at an all-time low. We outline a solution to the types of problems that occurred.
If you haven’t already, read the first part of this post: Lessons from Arizona: Redefining Transparency for Lottery Draws.
Lessons from Arizona, Part II: A Solution
Once again computerized lottery drawings are coming under scrutiny as a machine responsible for generating random numbers has done the opposite, it generated exact duplicates. There was a system failure that caused the same draw results in Arizona Lottery on 9/28, 9/29, 9/30, and 10/3. We believe the problem was most likely caused by a malfunction in the RNG seed generation, which could be a result of a hardware and/or software fault.
Could such a draw problem be avoided in the future?
Yes. Szrek offers solutions that prevent problems with generating electronic draw results. These solutions are based on our RNG system, Trusted Draw 360 (TD360), that provides fault-tolerance and integrity verification to address any draw problems. At the core of our system is our patented RNG technology that ensures the nonrepudiation of random numbers: the irrefutable proof of integrity that can be verified anytime.
TD360 detects problems with the generation of the RNG seed in real time, thus not allowing a draw with a faulty seed to take place. If the device providing the RNG seed fails, the draw system will switch to a second device to provide the seed. There are two HSMs connected to each TD360 system. If both fail, the RNG system will terminate, thus indicating there was a failure during the draw. A second RNG system will then be used, ensuring that there will be no faulty draw numbers generated.
TD360 uses redundant RNG seed generation devices (LYNKS II HSMs/hardware security modules) and verifies their correctness during each draw. HSMs are very reliable; to date they have never failed in any of our deployments. Some of them generated over 300 million seeds.
Szrek’s patented RNG technology detects software and hardware malfunctions, integrity problems and fraud, and provides a fully transparent draw. In addition to the TD360 draw system, Szrek offers its Trusted Audit system, which verifies the integrity of every draw, so the lottery can be confident in its draw results. The lottery can also easily address any inquiries about draw integrity by verifying any draws that are questioned by any of the various stakeholders.
Technical details of the Szrek RNG solution
The RNG seed is a digital signature calculated by the HSM. The digital signature can be verified, as it is created by a standard algorithm. TD360 generates the digital signature using an HSM and verifies this signature with a different set of software. Should the verification fail due to a faulty HSM, the TD360 system automatically switches to use another HSM. If both fail, the machine will not generate draw results and the Lottery is alerted to use a different draw machine or to correct the problem. Please note that signature verification is not a hardware status check but a hardware functionality verification.
Ultimate integrity verification is performed by Trusted Audit, which enables for full transparency of the draw process. Even though the random numbers are unpredictable, and all outcomes are possible before the generation, once generated specific numbers can be proven as the only valid selections. For example, if for lotto 6 of 49 numbers 7, 9, 11, 23, 25, 37 are generated by TD360, Trusted Audit will mathematically verify the numbers and confirm that the numbers are valid, or it will detect and report a discrepancy.
Draw nonrepudiation – the randomness and integrity of all draws can be verified:
- For each draw, the RNG system creates a record with the nonrepudiation information (containing the RNG seed and draw input information). This record is written to a tamper-proof Signature File that is transferred to the Trusted Audit system (manually or automatically).
- The Trusted Audit system reads the Signature File and for each draw (1) verifies the RNG seed (digital signature) and (2) recreates draw results. Comparison of the draw results on the Audit and RNG systems will detect any kind of problem: an incorrect configuration on the RNG system, CPU or memory errors on the RNG system that would affect RNG outcomes, and any type of integrity issues including manipulation of the draw results, etc.
- If there are suspicions of draw problems or a need to check on draw integrity for historical draws, these can be easily verified on the Trusted Audit system by processing Signature Files for these draws. This is in contrast with traditional draw systems, where you cannot be sure if there have been any problems that have gone unnoticed.
Currently, RNG systems on the market use the traditional method of random number generation and do not offer full draw transparency. In addition, they do not provide RNG nonrepudiation, thus problems may exist and may not be seen externally. The traditional process of random number generation does not create proof of integrity that could be verified on an independent system. By contrast, Szrek’s RNG solution detects 100% of draw faults and fraud, every time, every step of the way.