True random numbers are the foundation of strong, unique encryption keys. A random number generator (RNG) is a function or device (computational or physical) designed to generate a succession of numbers or characters. These are selected by pseudo, deterministic or pure randomness and therefore cannot be predicted. Utimaco HSMs implement a hybrid random number generator complying with AIS 31 DRG.4 requirements for the highest level of security. A physical quantum noise-based random number generator (PTG.2) is used as the entropy source for seeding this deterministic RNG.
A random number generator is a must for highest security when using HSMs
True random numbers are a must for ensuring the highest security and reliability
Random number generation plays an important role for numerous products and services and the cryptographic applications they rely on.
Making the difference: PRNG – DRNG – TRNG
Two categories of random number generators exist. Many computer-generated random numbers use pseudo random number generators (PRNG) aka deterministic random number generators (DRNG). They produce random-looking yet deterministic sequences of numbers. While these algorithms can create long runs of numbers with good random properties, a poorly designed DRNG may show . Security evaluation schemes specify evaluation criteria for such DRNGs. In practice, these types of random numbers can be sufficiently strong for many applications.
But they are not as random as numbers generated by coin tosses or rolls of a dice, or by true random number generators (TRNG). Such true random numbers form at the core of strong encryption. The generated random numbers are based on an electrical, optical or quantum phenomenon, such as measuring thermal noise. Therefore, they do not show any predictable pattern and are most suited to generate highly secure cryptographic keys. Implementing a DRNG that is regularly re-seeded with entropy from a TRNG combines the best of both types, i.e. the speed of the DRNG and the true randomness from the TRNG.
In conclusion, protecting sensitive or critical information requires a TRNG.
For more details on the difference between PRNG, DRNG and TRNG, read our blog post “Why do you need true random number generation?”
What are the main uses of a RNG?
- in IT security applications
- Key generation for government purposes, e.g. passports and eID cards
- Lottery systems & gaming
- Nonce generation for use in cryptographic protocols
- Chip manufacturing and seeding of device-specific keys, e.g. for NFC (Near Field Communication) or device IDs
Trust in externally validated random number generators
Vulnerabilities and implementation errors of random number generators are not unheard of. You should therefore consider implementing certified solutions and software/hardware components. Cryptographic RNG implementations have to fulfill strict requirements, e.g. in accordance with the BSI (German Federal Office for Information Security) AIS 31. These define a standardized evaluation methodology to assess functionality classes and security properties of random number generators. Class 4 is the highest class for deterministic random number generators (DRG). A RNG complying with DRG.4 requirements is a so-called hybrid RNG: It offers maximum mathematical complexity for calculating random numbers and continuously inserts entropy from a true random number generator. In the functionality class of true, physical random number generators, PTG.2 represents the highest security level.
The AIS 31 standard defines different functionality classes for random number generators:
- PTG – Physical RNG with internal tests that detect a total failure of the entropy source and non-tolerable statistical defects of the internal random numbers
- DRG – Deterministic RNG with (enhanced) forward secrecy, and additional (enhanced) backward secrecy depending on the DRG level
- NTG – Non-physical true RNG with entropy estimation
Why use Utimaco HSMs for random number generation?
Utimaco HSMs implement a hybrid random number generator complying with DRG.4 requirements, the highest level of security for DRG. A physical quantum noise-based random number generator of the highest security class PTG.2 is used as the entropy source for seeding this deterministic random number generator.
- True randomness (passes all randomness tests, including DIEHARD and AIS 31)
- Utimaco’s HSM compliance with the AIS 31 standard has been validated in several different contexts. One of the evaluation certificates for Utimaco CryptoServer CSe is available here.
- Easy integration (e.g. via PKCS#11)
- Physical security through active tamper protection
