Fantasy Football Random Numbers

The Fantasy Football (FFB) client uses a random number generator (RNG) called Fortuna. This generator is designed by Bruce Schneier and Niels Ferguson and is a cryptographically secure implementation, which some consider to be a true RNG, meaning that it provides truly random numbers as opposed to other RNGs which provide pseudo random numbers.

Fortuna is composed of two major parts:

• The generator itself, which produces random numbers
• The entropy accumulator

The generator is a fairly simple construct based on the AES-256 crypto running in what's called counter mode. In essence, it encrypts an endlessly incrementing sequence of 128 bit numbers (yes, AES-256 works internally with 128 bit blocks; the 256 refers to the keylength).

At startup, a stream of entropy taken from network timing and random effects from the computer hardware timer is used to generate the first 256 bit key used. This key is used only once to generate a new key for future use.

The purpose of the entropy accumulator is to create true randomness and continuously rekey the generator. In the FFB implementation, the entropy accumulator is composed of 32 separate pools. Each pool is effectively an SHA-256 stream hash. These entropy pools are fed with entropy data from the different entropy sources, and once the pools have accumulated enough entropy a rekeying is made.

There are currently two entropy sources implemented:

• A server-side network entropy source, which measures ping latencies and random timing by the OS scheduler to generate entropy. This generates about 1 byte of entropy roughly every 10 seconds.
• A client-side mouse movement entropy source, which tracks mouse movement in the client and sends this entropy data to the server every now and again. Each instance of the client used will provide entropy, so every player will be providing this information.

In tests, the implementation used by the FFB client requires on the order of 1 byte of entropy from the sources per 100 dice rolls generated to remain healthy. The network entropy source on its own will provide 10 dice rolls per second in its current rate, and the mouse movement sources will create more than enough to keep the system healthy and secure.

It should be noted that each client is a source for entropy to the system. This does not mean that a malicious client could tamper with the dice rolls, or predict future rolls. To be able to do this, the malicious user would have to control all sources of entropy which requires direct access to the FFB server. With only partial access to the entropy sources, the malicious user would need to crack the AES-256 crypto; a task that would be worth a lot more than a few fantasy football wins (note that this is an understatement of truly epic proportions).

Effectively, the RNG used by the FFB client is a modern, state-of-the-art generator which relies on very very strong cryptographic technology. The output of the generator has been run through rigorous tests of randomness (such as DIEHARD) and is effectively indistinguishable from true randomness.

From a theoretical perspective, the system may be a hairs-width from true randomness because of the fact that without rekeying, the 128 bit blocks of the AES crypto will not repeat. In a true random scenario, there's a non-zero chance of this happening. This effect is reduced because of the rekeyings, but between those, the random numbers are ever so slightly "too random". However, in an application where dice are being rolled the effect of this is not visible without many many billions of dice rolls. The discrepancy between true randomness and what this generator produces will certainly be less than one dice roll within the next million years (literally), regardless of how many games are being played in that time. This, of course, assumes that there are no bugs in the implementation.

Further information can be found on the Wikipedia pages on Fortuna, AES and SHA which describe the underlying technologies in more detail.

Also have a read through this great study, which shows that dice are actually less random than the RNG FUMBBL uses - That's How I Roll - A Scientific Analysis of Dice