0 35

In many systems, “random” numbers are supplied by algorithms called pseudo-random number generators (PRNGs) or deterministic random bit generators (DRBGs). These algorithms generate long sequences of seemingly random bits that are based on a secret initial value called a seed, and other possible inputs [1]. This approach creates the illusion of unpredictability.

In practice, however, many PRNGs exhibit design artifacts that can cause them to fail statistical tests. Such artifacts include consecutive values that are correlated and values with different lengths. Moreover, because the outputs are determined solely by the input values, an attacker who knows the algorithm and the seed can calculate or even reproduce the entire sequence of output values [2].

### True to Form

These weaknesses lead many to believe that only numbers produced by true random number generators (TRNGs) should be used by mission-critical systems and data processing applications, including those that use distributed ledger technology (DLT). TRNGs, also called non-deterministic random bit generators (NRBGs), use naturally-occurring sources of entropy to generate sequences of binary digits with the following properties [3]:

#### Randomness [2]

• Uniform distribution(no bias): All numbers are equally likely to appear in a sequence. In terms of binary bits, the probability of a zero or one is exactly 1/2.
• Consistency: The RNG’s behavior is consistent across seeds.
• Scalability: Tests that are applied to a sequence can also be applied to randomly extracted subsequences.

#### Unpredictability [2]

• Independence: Each generated value is statistically independent and does not convey any information about other values.
• Forward unpredictability: Predicting future output is infeasible with only knowledge of past output.
• Backward unpredictability: Determining the seed is infeasible with only knowledge of past output.
• Irreproducibility: Two of the same generators, given the same starting conditions, will produce different outputs.

### Tried and True

The term “true random number generator” often refers to physical RNGs that use dedicated hardware to capture or measure unpredictable physical phenomena [4]. These hardware-dependent solutions usually come in the form of on-chip components (for example, Intel Digital Random Number Generator) [5], special add-on cards (for example, IDQ Quantis) [6], or physical sensors. All form factors tend to be slower and more expensive compared to PRNGs.

TRNGs are based on the idea that true randomness can be obtained only from natural sources such as electromagnetic and quantum phenomena, essentially sources outside of man-made systems. The following are examples of natural sources:

• Thermal noise from semiconductor diodes or resistors: This electrical or radio frequency noise is generated when charge carriers, typically electrons within an electrical conductor, are thermally agitated. The charge carriers vibrate as a result of the temperature–the higher the temperature, the higher the agitation and hence the thermal noise level [7].
Example: Intel Digital Random Number Generator [5]
• Atmospheric noise: This radio noise is caused by natural atmospheric processes, primarily lightning discharges in thunderstorms. Around 40 lightning discharges occur around the world per second, which translates to roughly 3.5 million lightning discharges per day [8].
Example: Random.org [9]
• Radioactive decay: This is the spontaneous breakdown of an unstable atomic nucleus that results in the release of energy (electromagnetic waves) and/or matter (subatomic particles). Random numbers are usually produced by measuring the elapsed time between particle emissions [10].
Example: HotBits [11]

You might also like