The Futility of Lava Lamps: What Random Really Means

岩浆灯的徒劳：随机性的真正含义

May 2026 2026年5月

Cloudflare brags about using lava lamps to “help with internet encryption”. They have this impressive wall of lava lamps, one hundred of them, standing witnesses of their commitment to security, dutifully generating entropy to make the internet a safer place. Cloudflare 吹嘘他们使用岩浆灯来“辅助互联网加密”。他们有一面令人印象深刻的岩浆灯墙，上面摆放着一百盏岩浆灯，作为他们致力于安全保障的见证，尽职尽责地产生熵值，让互联网变得更加安全。

It’s not just one wall of lava lamps. They have double pendulums, wave motion (my personal favourite), mesmerising mobiles… different setups, same core principle: unpredictability before your very eyes, at a non-trivial cost. You can see how serious Cloudflare is about your safety. 这不仅仅是一面岩浆灯墙。他们还有双摆、波浪运动装置（我个人最喜欢）、令人着迷的动态雕塑……装置各异，但核心原理相同：在你的眼皮底下展示不可预测性，且成本不菲。你可以看出 Cloudflare 对你的安全有多么重视。

That’s all marketing. Security theatre. Cloudflare stops shy of openly lying, but the impression they give that lava lamps significantly contributes to their security is false. They don’t. They’re worse in fact than more mundane alternatives, and Cloudflare almost certainly knows it. To understand why though, we need to know what randomness actually is. 这全是营销，是“安全剧场”。Cloudflare 并没有公然撒谎，但他们给人的印象——即岩浆灯对他们的安全有重大贡献——是错误的。事实并非如此。事实上，它们甚至比更普通的替代方案还要糟糕，而 Cloudflare 几乎肯定知道这一点。然而，要理解其中的原因，我们需要先了解什么是真正的随机性。

Probability is in the mind

概率存在于思维中

Take a look at this program: 看看这个程序：

int getRandomNumber() {
    return 4; // chosen by fair dice roll.
              // guaranteed to be random.
}

Does this function return a random number? Most people would look at you funny if you asked them with a straight face: the thing returns 4 every time, fair dice roll or no, that’s obviously not random at all. 这个函数返回的是随机数吗？如果你一本正经地问别人，大多数人会觉得你很奇怪：它每次都返回 4，不管是不是掷骰子决定的，这显然一点也不随机。

Now what if the only thing we knew about this function was the following: 那么，如果我们对这个函数唯一的了解是下面这样呢：

// Return a constant number, chosen by fair dice roll.
int getRandomNumber();

We call it once, and it returns 4. Was that random? Well, there are basically two ways to look at it: 我们调用它一次，它返回 4。这算随机吗？嗯，基本上有两种看待方式：

If you see randomness as a property of the thing itself, you’d say of course not, that’s the same function that always return 4, you think I’m going to get fooled by your obvious gaslighting? 如果你将随机性视为事物本身的属性，你会说当然不是，这还是那个总是返回 4 的函数，你以为我会因为你明显的“煤气灯效应”而上当吗？

If you see randomness as a property of your knowledge of the thing, you’d say of course it was, my probability was uniformly distributed between integers from 1 to 6, there was no way I could have known it was 4, you think I’m stupid? 如果你将随机性视为你对事物认知程度的属性，你会说当然是，我的概率在 1 到 6 的整数之间均匀分布，我根本不可能预知它是 4，你以为我傻吗？

Which is the correct perspective is a matter of philosophy of science that should have been settled over a century ago, yet somehow the wrong one still permeates papers written today. I won’t get into that. What I want to stress, is which perspective is useful, for encryption. 哪种观点才是正确的，这是一个早在上个世纪就应该解决的科学哲学问题，但不知何故，错误的观点至今仍充斥在各种论文中。我不会深入探讨这一点。我想强调的是，对于加密而言，哪种视角才是有用的。

One-time pad

一次性密码本

Let’s say you’re playing Russian roulette. There’s a 6-shot revolver on the table, with one bullet already inside. The opponent in front of you, and people watching you and shouting bets about when the gun will fire. To avoid an untimely death, you’ve decided to cheat: you have an accomplice who can know where the bullet is. They’ll just shout the number, and you’ll know exactly when to quit. 假设你在玩俄罗斯轮盘赌。桌上有一把 6 发弹巢的左轮手枪，里面已经装了一颗子弹。对手在你面前，周围的人在围观并大声下注赌枪何时会响。为了避免英年早逝，你决定作弊：你有一个同伙，他能知道子弹的位置。他只需喊出数字，你就知道什么时候该退出。

Problem is, your opponent has very good spies. He knows when you’re cheating, and how. Once he hears your accomplice, he too will know when to stop. To avoid that, you devised a strategy: Before the game, you get alone with your accomplice and throw a die. Your accomplice does their magic to learn where the bullet is. Your accomplice adds the position of the bullet and the die throw, subtracts 6 if the sum is 7 or more, then shouts the result. You subtract the die throw to whatever you hear, and add 6 if the result is zero or less. That’s where the bullet is. 问题是，你的对手有非常厉害的间谍。他知道你何时作弊以及如何作弊。一旦他听到你同伙的声音，他也会知道何时该停止。为了避免这种情况，你设计了一个策略：游戏开始前，你和同伙单独待在一起并掷骰子。你的同伙施展“魔法”得知子弹的位置。他将子弹的位置与掷骰子的结果相加，如果总和为 7 或以上则减去 6，然后喊出结果。你从听到的数字中减去掷骰子的结果，如果结果为 0 或更小，则加上 6。这就是子弹的位置。

When you threw the die this morning, the result was 4. Now the game begins, and your accomplice shouts “Three!”. You subtract 4 in your head, that’s -1. Add 6, the bullet is in the fifth chamber. The question is, can your opponent guess? 今天早上你掷骰子时，结果是 4。现在游戏开始，你的同伙喊道：“三！”。你在脑海中减去 4，得到 -1。加上 6，子弹就在第五个弹巢里。问题是，你的对手能猜到吗？

To answer that rigorously, we need some probability theory. Your opponent starts with the following prior information (note that i is an integer between 1 and 6): 为了严谨地回答这个问题，我们需要一些概率论。你的对手开始时拥有以下先验信息（注意 i 是 1 到 6 之间的整数）：

• P(Ci), his prior probability that the bullet is in the chamber i.
• P(Ci)，他认为子弹在第 i 个弹巢的先验概率。
• P(Di), his prior probability that the die rolled on an i.
• P(Di)，他认为骰子掷出 i 的先验概率。
• P(Si), his prior probability that your accomplice will shout i.
• P(Si)，他认为你同伙会喊出 i 的先验概率。

There’s exactly one bullet, so the sum of all P(Ci) is 1. The die is fair, so P(Di) is 1/6 for all i. P(Si) is the sum of all P(Cj ∧ Dk), such that i = j + k or i = j + k - 6. Since the die and the gun are independent, P(Cj ∧ Dk) = P(Cj) × P(Dk) = P(Cj) ÷ 6, and the sum is 1/6. 子弹只有一颗，所以所有 P(Ci) 之和为 1。骰子是公平的，所以对于所有 i，P(Di) 均为 1/6。P(Si) 是所有满足 i = j + k 或 i = j + k - 6 的 P(Cj ∧ Dk) 之和。由于骰子和枪是独立的，P(Cj ∧ Dk) = P(Cj) × P(Dk) = P(Cj) ÷ 6，其总和为 1/6。

From there we can compute P(Ci|S3), the posterior probability of your opponent that the ith chamber is loaded, knowing that your accomplice has shouted 3. This is given by the Bayes formula: 由此我们可以计算出 P(Ci|S3)，即在已知同伙喊出 3 的情况下，对手认为第 i 个弹巢装有子弹的后验概率。这由贝叶斯公式给出：

P(Ci|S3) = P(Ci) × P(S3|Ci) ÷ P(S3) P(Ci|S3) = P(Ci) × 1/6 ÷ 1/6 P(Ci|S3) = P(Ci)

Conclusion: the prior and posterior probabilities of your opponent are identical, he has learned absolutely nothing. The one-time pad works. 结论：对手的先验概率和后验概率完全相同，他什么也没学到。一次性密码本奏效了。

Reusing the one-time pad

重复使用一次性密码本

You won. Your opponent gave up after the gun harmlessly clicked 4 times. With only two chambers left he didn’t like his odds. Instead he’s asking for a rematch. You can’t throw the die again, so you make do with your first throw. Your accomplice shouts “Four!”: the bullet is in the last chamber. The die is still as random now as it was then, right? So your opponent has no way to know, right? Riight? 你赢了。在枪无害地空响了 4 次后，对手放弃了。只剩下两个弹巢，他觉得胜算不大。于是他要求重赛。你不能再掷一次骰子，所以只能沿用第一次的结果。你的同伙喊道：“四！”：子弹在最后一个弹巢里。骰子现在和当时一样随机，对吧？所以你的对手没法知道，对吧？是吧？

Wrong of course, but it’s not clear why at a first glance: our die roll was fair, the result was random. But that’s the wrong way to look at it: we don’t care about the intrinsic properties of the die roll. Not directly. What matters is who knows how much about the result. 当然错了，但乍一看并不清楚原因：我们的掷骰子是公平的，结果是随机的。但这是错误的看待方式：我们不在乎掷骰子本身的内在属性。至少不直接在乎。重要的是谁对结果了解多少。

And the first game revealed a lot: with the first four chambers of the gun shown empty, your opponent knows the die could only have landed on a 3 or 4. Which is not nearly as random as not knowing anything. And at the very least, he now knows the bullet is either in the very first chamber, or the very last one. Heck, if he knows about some bias in the barrel, he might make an even better guess. 第一场游戏泄露了很多信息：随着枪的前四个弹巢被证明是空的，你的对手知道骰子只能是 3 或 4。这远没有“一无所知”那么随机。至少，他现在知道子弹要么在第一个弹巢，要么在最后一个。见鬼，如果他知道枪管有什么偏差，他甚至能猜得更准。

On this game your opponent goes first. The odds still aren’t great, but he’s desperate enough to risk it anyway. The gun clicks. He sighs in relief: he knows he’ll win. It’s called “one-time pad” for a reason: it works only once. Next time, try to prepare several die throws in advance. Or quit. In this game, it’s not clear how cheating affects life expectancy. 这一局对手先来。胜算依然不大，但他已经绝望到愿意冒险一试。枪响了（空响）。他松了一口气：他知道自己会赢。它被称为“一次性密码本”是有原因的：它只能用一次。下次，试着提前准备好几次掷骰子。或者干脆退出。在这场游戏中，作弊如何影响预期寿命尚不清楚。