Overview
ABSTRACT
There are two main types of random number generators: the pseudo-random generators based on deterministic algorithms and the true random generators based on physical noise sources with chaotic properties. This document presents their main principles and a few examples of generators, and then discuss the tricky problem of randomness evaluation as well as some typical applications.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Arnaud TISSERAND: Researcher at the Centre National de la Recherche Scientifique (CNRS), PhD in computer science, HDR - Researcher in the IRISA laboratory and the CAIRN project-team at Lannion - Part-time lecturer at Rennes 1 University and the École Nationale Supérieure des Sciences Appliquées et de Technologie (ENSSAT).
INTRODUCTION
Random numbers are needed for a number of applications: lotteries, computer games, cryptography, system security, digital simulation, randomized algorithms, program and IC testing, and so on. RNGs (random number generators) are used for this purpose. There are two main types of RNG: on the one hand, pseudo-random number generators or PRNGs (Pseudo RNGs) based on deterministic algorithms, and on the other, true random number generators or TRNGs (True RNGs) which exploit a source of physical noise with stochastic properties.
Two main characteristics guide the choice of an RNG: its flow rate and the quality of the hazard produced. The flow rate must be adapted to the target application, but there are other characteristics such as the cost of the generator, its start-up time and whether its flow rate is constant or variable over time.
The quality of an RNG is probably its most important feature, but also the most complex to assess. The random sequence generated must have a uniform, equiprobable probability distribution. In addition, each new element in the sequence must be statistically independent and unpredictable in relation to the preceding elements. Some applications require the sequence to be non-reproducible, i.e. totally different after each restart. Finally, in some secure applications, nothing or no-one must be able to predict or bias the values produced: this is attack resistance.
PRNGs can be implemented in software or hardware. High-performance software PRNGs, i.e. with very high throughput and good randomness at low cost, are available for most processor types. In hardware, numerous PRNGs exist for ASICs (Application Specific Integrated Circuits) and FPGAs (Field Programmable Gate Arrays). We know how to design PRNGs with excellent characteristics of uniformity, equiprobability, independence and non-predictability. But since PRNGs are deterministic, they cannot guarantee the characteristic of non-reproducibility of sequences after each restart. In practice, you need a truly random source to initialize them correctly.
TRNGs require a hardware implementation, such as an integrated circuit, for the physical noise source. This physical noise source has properties of non-predictability and non-reproducibility due to certain stochastic physical phenomena (e.g. thermal or electro-magnetic noise, quantum mechanics, radioactive decay). But "ideal" physical noise is mixed, and often diluted, with other noises linked to the operation of the integrated circuit and its environment (circuit clock, electromagnetic disturbances, variations in supply voltage or temperature, etc.). To design a good TRNG, you need to extract the truly random physical noise from the other noises. This extraction is complex and delicate. What's...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
KEYWORDS
True random number generator | pseudo random number generator | physical noise sources | randomness quality evaluation | Information technology | microelectronic | integrated circuits | digital security
This article is included in
Software technologies and System architectures
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Electronic circuits for random number generation
Bibliography
Software tools
DIEHARD: statistical test library proposed in 1995 by G. Marsaglia https://github.com/nmondal/diehard.c
DIEHARDER: statistical test library more comprehensive than DIEHARD and maintained by R. Brown since 2003 http://www.phy.duke.edu/rgb/General/dieharder.php
...Websites
L'ECUYER Pierre. Professional page (numerous publications, software and references on PRNG) http://www.iro.umontreal.ca/lecueyer
Page of a group of computer scientists and mathematicians working on the mathematical, testing and software aspects of PRNG. http://www.random.mat.sbg.ac.at/
...Events
CHES (Cryptographic Hardware and Embedded Systems) annual international conference since 1999. The reference in hardware cryptography with regular papers on RNG (TRNG and PRNG hardware). http://www.chesworkshop.org/
Annual CryptArchi (Cryptographic Architectures Embedded in Reconfigurable Devices) study days since 2003, mainly European....
Standards and norms
- Secure Hash Standard (SHS). Federal information processing standards (FIPS) http://www.csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf - FIPS 180-4 - 03-12
- Security Requirements for Cryptographic Modules. Federal information processing standards (FIPS) http://www.csrc.nist.gov/publications/fips/fips1401.htm - FIPS 140-1 - 01-94
- A Statistical Test Suite for Random and Pseudorandom Number Generators...
Patents
Parker (R.D.). – Telegraph ciphering key tape machine. US Patent 2 406 031 (1946).
Directory
Organizations – Federations – Associations (non-exhaustive list)
ANSSI: French National Agency for Information Systems Security http://www.ssi.gouv.fr/
BSI (Bundesamt für Sicherheit in der Informationstechnik ) : German Federal Office for Information Technology Security
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference