TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Next event

24/Mar - 25/Mar | Webinar

The Path for Cloudifying Payment HSMs

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / applications / random number generator (RNG)

random number generator (RNG)

True random numbers are the foundation of strong, unique encryption keys. A random number generator (RNG) is a function or device (computational or physical) designed to generate a succession of numbers or characters. These are selected by pseudo, deterministic or pure randomness and therefore cannot be predicted. Utimaco HSMs implement a hybrid random number generator complying with AIS 31 DRG.4 requirements for the highest level of security. A physical quantum noise-based random number generator (PTG.2) is used as the entropy source for seeding this deterministic RNG.

Utimaco HSMs random number generator (RNG)

A random number generator is a must for highest security when using HSMs

True random numbers are a must for ensuring the highest security and reliability

Random number generation plays an important role for numerous products and services and the cryptographic applications they rely on.

Making the difference: PRNG – DRNG – TRNG

Two categories of random number generators exist. Many computer-generated random numbers use pseudo random number generators (PRNG) aka deterministic random number generators (DRNG). They produce random-looking yet deterministic sequences of numbers. While these algorithms can create long runs of numbers with good random properties, a poorly designed DRNG may show . Security evaluation schemes specify evaluation criteria for such DRNGs. In practice, these types of random numbers can be sufficiently strong for many applications.

But they are not as random as numbers generated by coin tosses or rolls of a dice, or by true random number generators (TRNG). Such true random numbers form at the core of strong encryption. The generated random numbers are based on an electrical, optical or quantum phenomenon, such as measuring thermal noise. Therefore, they do not show any predictable pattern and are most suited to generate highly secure cryptographic keys. Implementing a DRNG that is regularly re-seeded with entropy from a TRNG combines the best of both types, i.e. the speed of the DRNG and the true randomness from the TRNG.

In conclusion, protecting sensitive or critical information requires a TRNG.

For more details on the difference between PRNG, DRNG and TRNG, read our blog post “Why do you need true random number generation?”

What are the main uses of a RNG?

  • in IT security applications
  • Key generation for government purposes, e.g. passports and eID cards
  • Lottery systems & gaming
  • Nonce generation for use in cryptographic protocols
  • Chip manufacturing and seeding of device-specific keys, e.g. for NFC (Near Field Communication) or device IDs

Trust in externally validated random number generators

Vulnerabilities and implementation errors of random number generators are not unheard of. You should therefore consider implementing certified solutions and software/hardware components. Cryptographic RNG implementations have to fulfill strict requirements, e.g. in accordance with the BSI (German Federal Office for Information Security) AIS 31. These define a standardized evaluation methodology to assess functionality classes and security properties of random number generators. Class 4 is the highest class for deterministic random number generators (DRG). A RNG complying with DRG.4 requirements is a so-called hybrid RNG: It offers maximum mathematical complexity for calculating random numbers and continuously inserts entropy from a true random number generator. In the functionality class of true, physical random number generators, PTG.2 represents the highest security level.

The AIS 31 standard defines different functionality classes for random number generators:

  • PTG – Physical RNG with internal tests that detect a total failure of the entropy source and non-tolerable statistical defects of the internal random numbers
  • DRG – Deterministic RNG with (enhanced) forward secrecy, and additional (enhanced) backward secrecy depending on the DRG level
  • NTG – Non-physical true RNG with entropy estimation

Why use Utimaco HSMs for random number generation?

Utimaco HSMs implement a hybrid random number generator complying with DRG.4 requirements, the highest level of security for DRG. A physical quantum noise-based random number generator of the highest security class PTG.2 is used as the entropy source for seeding this deterministic random number generator.

  • True randomness (passes all randomness tests, including DIEHARD and AIS 31)
  • Utimaco’s HSM compliance with the AIS 31 standard has been validated in several different contexts. One of the evaluation certificates for Utimaco CryptoServer CSe is available here.
  • Easy integration (e.g. via PKCS#11)
  • Physical security through active tamper protection

Start now: try our free-of-charge, fully functional simulator!

Ready to take off?

Download our HSM simulator!

Register for free
Take me there

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Primekey Solutions AB Cogito Group Pty Ltd Encryption Consulting LLC Utimaco HSM - InfoGuard Swiss Cyber Security SecureMetric Technology Sdn. Bhd. Nexus Technology GmbH MTG - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Compumatica secure networks GmbH Nexus - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Baas Control s.r.o. cv cryptovision GmbH Cryptomathic A/S PKI Solutions Inc. Safesoft Kft. Softline Solutions GmbH CewTec S.A. Microexpert Limited Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Cryptomathic GmbH JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Macroseguridad Ascertia - Utimaco Hardware Security Modules Partner Abrantix AG Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Altacom UAB CREA plus d.o.o. Perceptus-sp.-z-o.-o. Compumatica secure networks B.V. Utimaco HSM - QuintessenceLabs CREAplus Italia S.r.l VAR Group SpA - Utimaco Hardware Security Modules Partner Telegrupp AS IQuantics Corp Rohde & Schwarz Cybersecurity GmbH Nexus - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Real security d.o.o. ESYSCO Sp. z o.o. Utimaco HSM - PTESA_profesionales en transacciones electronicas MIcrosec E-Sign S.A. CEGA Security CertiSur S.A. Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG Envoy Data Corporation - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd Fortiedge Pte Ltd. intarsys AG Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Versasec Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Cryptomathic Inc. MALKOM D.Malińska i Wspólnicy s.j.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research