CubeRNG: A RNG using Rubik's Cubes

Select a facelet color:
Selected color:

Here is your 21-bit random number for this cube:

Here is your 65-bit random number for this cube:

Here is your 152-bit random number for this cube:

Here is your 247-bit random number for this cube:

The security of using the Rubik's Cube as a hardware random number generator (HWRNG) is based strictly on the size of the permutation space for each cube. Which means our threat model is requiring the adversary to find the exact permutation state we just created. The cube can be thought of as a series of 18 unique quarter-twists. Because the current permutation is strictly based on the previous permutation, this makes the Rubik's Cube chaotic rather than truly random. However, chaotic systems, such as lava lamps and double pendulums, can still be good sources of randomness if handled carefully, so that's what this page is hoping to accomplish.

The number of unique permutations in an N×N×N cube are as follows:

This means that each N×N×N cube provides the following symmetric security:

  • 2×2×2: ~21 bits
  • 3×3×3: ~65 bits
  • 4×4×4: ~152 bits
  • 5×5×5: ~247 bits

When generating the random number in the web app, the color for each facelet on the cube is recorded row-by-row starting with the top-left corner on the up face and working to the bottom right corner on the down face then hashed with SHA-256 and truncated. As every HWRNG produces biased raw data, SHA-256 hashing is used to whiten the output. The index order of the cube when collecting facelet colors is shown below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

Because the security of CubeRNG is based on the permutation state of the cube, it's critical that you do sufficient quarter twists such that it is difficult for an adversary to reproduce. For solving the 3×3×3 Rubik's Cube, it has been shown that regardless of the permutation state of the cube, it can always be solved in 20 moves, or 26 quarter twists, or less. This is known as "God's Number. As such, the World Cube Association has a Java program called "TNoodle" that applies on average 20 twists to a 3×3×3 cube before a competitor can attempt solving it. In fact, the number of turns TNoodle performs on each cube it supports in competition is:

  • 2×2×2: ~11 moves (average)
  • 3×3×3: ~19 moves (average)
  • 4×4×4: ~44 moves (average)
  • 5×5×5: 60 moves
  • 6×6×6: 80 moves
  • 7×7×7: 100 moves

However, solving the cube is different than producing an unpredictable state for an adversary. Some research has been done investigating the number of required twists to maximize uniform distribution of permutations. For the 2×2×2 cube, according to that post, 20 moves are necessary, which is about 10 more than what the World Cube Association requires for competition. So scrambling a cube for sufficient security might require 10+ more moves past God's Number. This would then look like:

  • 2×2×2: 20 quarter twists
  • 3×3×3: 30 quarter twists
  • 4×4×4: 55 quarter twists
  • 5×5×5: 70 quarter twists

More rigor needs to be executed to properly define the security margins for each cube. This could be accomplished by using a pseudorandom number generator to apply different number of random quarter twists to each cube, then calculate the Shannon entropy when finished. As the number of quarter twists increases, we should see the entropy approach the theoretical security margins listed above.