Random number generation plays an important role for numerous products and services and the cryptographic applications they rely on.
Two categories of random number generators exist. Many computer-generated random numbers use pseudo random number generators (PRNG) aka deterministic random number generators (DRNG). They produce random-looking yet deterministic sequences of numbers. While these algorithms can create long runs of numbers with good random properties, a poorly designed DRNG may show . Security evaluation schemes specify evaluation criteria for such DRNGs. In practice, these types of random numbers can be sufficiently strong for many applications.
But they are not as random as numbers generated by coin tosses or rolls of a dice, or by true random number generators (TRNG). Such true random numbers form at the core of strong encryption. The generated random numbers are based on an electrical, optical or quantum phenomenon, such as measuring thermal noise. Therefore, they do not show any predictable pattern and are most suited to generate highly secure cryptographic keys. Implementing a DRNG that is regularly re-seeded with entropy from a TRNG combines the best of both types, i.e. the speed of the DRNG and the true randomness from the TRNG.
In conclusion, protecting sensitive or critical information requires a TRNG.
For more details on the difference between PRNG, DRNG and TRNG, read our blog post “Why do you need true random number generation?”
Vulnerabilities and implementation errors of random number generators are not unheard of. You should therefore consider implementing certified solutions and software/hardware components. Cryptographic RNG implementations have to fulfill strict requirements, e.g. in accordance with the BSI (German Federal Office for Information Security) AIS 31. These define a standardized evaluation methodology to assess functionality classes and security properties of random number generators. Class 4 is the highest class for deterministic random number generators (DRG). A RNG complying with DRG.4 requirements is a so-called hybrid RNG: It offers maximum mathematical complexity for calculating random numbers and continuously inserts entropy from a true random number generator. In the functionality class of true, physical random number generators, PTG.2 represents the highest security level.
The AIS 31 standard defines different functionality classes for random number generators:
- PTG – Physical RNG with internal tests that detect a total failure of the entropy source and non-tolerable statistical defects of the internal random numbers
- DRG – Deterministic RNG with (enhanced) forward secrecy, and additional (enhanced) backward secrecy depending on the DRG level
- NTG – Non-physical true RNG with entropy estimation
Utimaco HSMs implement a hybrid random number generator complying with DRG.4 requirements, the highest level of security for DRG. A physical quantum noise-based random number generator of the highest security class PTG.2 is used as the entropy source for seeding this deterministic random number generator.