Number Generator

A random number generator is a process of getting a random number every time it is needed, without the ability to define a pattern from previously generated numbers. This number can be generated either by an algorithm or a hardware device.

The Use of Random Number Generators

Generating random numbers is needed for various tasks, from computer games to common applications. For example, the system uses a random number generator to display a random banner or a random ad unit on a website. In cryptography, random numbers are also used to make a unique cipher or key.

Random number generation is used to generate numbers or text for captcha, encryption, generating salt for storing passwords, a password generator, an order of cards in an online casino, decision-making, sampling, and simulation.

The random number generator algorithm is often used in video games. Even if you play at the same level in a game, it will not be precisely the same every time you try to complete a mission. Maybe the differences will not be seen in the location or mission. Still, they will be seen in the number of enemies approaching and the areas where they appear, the climate changes, and the various obstacles encountered. This makes the game more exciting.

The Random and a Non-Random Sequence Difference

Let there be a sequence of numbers: 1 , 2 , 3 , 4 , 5. Is it random?

A random variable is a variable that takes on one of some values as a result of a trial. And you cannot accurately predict the occurrence of a particular value before it appears.

Let's say that the given numbers were obtained by typing on one of the top rows of the keyboard. In this case, it turns out that this combination is not random because, after 5, the following number, 6, can be predicted with high probability.

The sequence will be random only if there is no dependence between symbols.

The basic condition, which is extremely important for the correct and fair principle of the random number generator, is an absolutely equal probability of any possible number that could fall out in this system. This indicates complete independence of the randomness factor and independence of what other numbers fell out before or after the random number.

For example, suppose you roll a six-sided die for the first time. In that case, you can have absolutely any number from 1 to 6 falling out with the same probability. Regardless of your number, you can roll the dice again with the same chance of getting the same number on the second, hundredth, or thousandth roll.

The sequence of digits in the number Pi appears to be non-repetitive, and to many, it might seem random. Suppose our hypothetical generator relies on the bit representation of Pi, beginning from an undisclosed point. Such a generator might be unpredictable in many contexts, potentially passing certain tests for randomness. However, relying on Pi for cryptographic purposes poses risks. If an adversary determines the specific segment of Pi being used, they can predict both preceding and following segments, compromising the security of the system.

The U.S. National Institute of Standards and Technology proposed the "Statistical Test Package for Random and Pseudorandom Number Generators for Cryptographic Applications." It includes 15 statistical tests whose purpose is to determine the measure of randomness of bits generated by either hardware or software generators.

The Types of Random Number Generators

There are two types of random number generators (RNG): true random number generators (TRNG) and pseudo random number generators (PRNG). TRNGs use physical phenomena to generate numbers, while PRNGs use mathematical algorithms.

A true random number generator algorithm is created with a hardware device that uses tiny physical processes to generate random numbers, namely entropy. Entropy is pure, unfiltered chaos.

True random number generators use physical phenomena such as:

• radioactivity,
• thermal noise,
• electromagnetic noise,
• quantum mechanics, and others.

A true RNG is commonly used in security-oriented systems worldwide and some forms of encryption.

Random number generators use entropy sources to accumulate entropy and obtain the initial value (seed) needed by random number generators.

The pseudorandom number generator algorithm is used in areas with no security concerns. Randomness helps to avoid repetition and make the process more attractive to the end user. Implementing the technology of pseudorandom number generators is cheaper and faster because it does not require hardware and can easily be built into program code. Although the process is not entirely random and is determined based on an algorithm, it is more suitable for games and programs.

The PRNG uses a single initial value, from which its pseudo-randomness follows. At the same time, the true random number generator always generates a random number by having a high-quality random value provided at the beginning by various sources of entropy.

Pseudorandom number generation has its drawbacks. They work because they are random to the untrained eye. However, suppose you knew the initial value for a particular sequence of PRNGs. In that case, you could predict which numbers would be next.

Speed-playing video game enthusiasts often exploit this vulnerability—they call it manipulation of the PRNG. They make the game run predictably so they can pass it as quickly as possible. Fortunately, it does not entail critical problems.

But there are times when predicting random numbers is much more critical. For example, when creating security keys.

If the attacker figures out the initial value used to create RSA keys in TLS certificates, he could potentially decrypt network traffic. This means he can get passwords and other personal information sent over the Internet.

In these situations, a more secure way to get random numbers, i.e., a true random number generator, is needed.

Google's Generator

Google has its own tool for generating random numbers based on JavaScript. This tool can be useful when playing games with friends and family. You can find this generator if you type in the Google search query "random number generator."

The Linear Congruent Method

One of the most popular algorithms for pseudorandom number generators is the Linear Congruent Method. It is used in simple cases and has no cryptographic strength. Derrick Henry Lehmer proposed the linear congruent method in 1949.

To implement the generation of numbers by this method, we need to pick four numbers:

m > 0, modulo

0 ≤ a ≤ m, the multiplier

0 ≤ c ≤ m, the increment

0 ≤ X₀ ≤ m, the initial number

The sequence of random numbers itself is generated using the formula:

Xₙ₊₁ = (aXₙ + c) mod m

It is worth noting that this method depends on the choice of parameters.

For example, for the following set:

X₀ = 3, a = 4, c = 5, m = 6

we get a short repetitive sequence of

3, 5, 1, 3, 5, 1

which does not look random.

But it's worth changing the parameters to something else:

X₀ = 2, a = 85, c = 507, m = 1356

And the scatter of results becomes more unpredictable. You must choose the numbers for this algorithm with special care.

2, 677, 1100, 443, 194, 725, 1112, 107, 110, 365, 344, 1271, 62, 353, 680, 1355, 422, 1121, 872, 47, 434, 785, 788, 1043, 1022, 593, 740, 1031, 2, 677, 1100, 443, 194, 725, 1112, 107, 110, 365, 344, 1271, 62, 353, 680, 1355, 422, 1121, 872, 47, 434, 785, 788, 1043, 1022, 593, 740, 1031, 2, 677, 1100, 443, 194, 725, 1112, 107, 110, 365...

Although the linear congruent method generates a statistically good pseudorandom number sequence, it is not cryptographically robust. Generators based on the linear congruent method are predictable, so you cannot use them in cryptography.

Linear congruent method generators were first cracked by Jim Reeds in 1977 and then by Joan Boyar in 1982. She also managed to break quadratic and cubic generators. Thus, they proved the uselessness of generators based on congruent methods for cryptography. However, generators based on the linear congruent method retain their usefulness for non-cryptographic applications, for example, for simulations. They are efficient and show good statistical performance in most empirical tests.

Modern Hardware Random Number Generators

QRBG121

The randomness effect in the device depends on the quantum physical process of photon emission in semiconductors and the subsequent detection of individual photons. In this process, photons are detected randomly, independently of each other, and the timing information of the detected photons is used to generate bits.

Lava lamps

CloudFlare's San Francisco office houses random number generators called "lava lamps". Such a lamp is a glass vessel filled with transparent oil and translucent paraffin. Paraffin is slightly heavier than oil, but when heated slightly, it becomes lighter and floats up.

The movement of the liquids is monitored by several cameras that take snapshots. The snapshots are converted into numbers, from which encryption keys are then generated.

The other two CloudFlare offices use different ways to get random values. In London, a camera captures the movements of three chaotic pendulums. In Singapore is used a Geiger counter that measures the radioactive decay of a small piece of uranium. In the latter case, uranium is used as a "data source" because radioactive radiation is characterized by the randomness of each decay act.

HotBits

HotBits is a site that provides true random numbers generated by a Geiger counter that registers ionizing radiation to everyone. You fill out a request form on the site specifying the number of random bytes and choose your preferred method of obtaining the data. Once the random numbers are provided to the customer, they are immediately removed from the system.

Vacuum Quantum Fluctuations

Contrary to its name ("vacuus"-empty), the vacuum cannot be considered empty. Under the Heisenberg uncertainty principle, virtual particles are born and die unceasingly.

Canadian physicists have designed a fast and structurally simple random number generator based on vacuum fluctuations. The generator consists of a pulsed laser with a high frequency of radiation, a medium with a high refractive index (diamond), and a detector. Passing through the diamond, each pulse on the sensor shows different characteristics depending on the vacuum field fluctuations encountered on the photons' path.

In the spectrum of the scattered radiation, spectral lines appear. Because of the unpredictability of the vacuum fluctuations, these lines differ in unpredictable ways each time.

Carbon Nanotube Generator

This method combines compactness with generated thermal noise.

The researchers built a random number generator from a static random access memory cell printed with special inks containing semiconducting carbon nanotubes. The memory cell uses thermal noise fluctuations to generate random bits.

The carbon nanotube generator can be printed on flexible plastic substrates, allowing it to be integrated into tiny, flexible electronics devices, wearable sensors, disposable labels, and smart clothing items.

Cubes and the Electronic Frontier Foundation (EFF)

The company has proposed a simple way to create secure passwords using a physical random number generator. It is based on dice.

For example, you roll five dice at a time and write down the resulting numbers. The dice are arranged from left to right as follows: 63131. Next, you open a long list of words on the EFF website to find the corresponding word next to 63131. That word is "turbofan."

You can repeat this procedure several times. For example, five times. You may end up with a phrase of five words. Let's say, "turbofan purge unfitting try pruning." If you know how to use the rules of mnemonics, you can memorize phrases like these.

A Quantum Random Number Generator from a Nokia Smartphone

In 2014, the University of Geneva created a QRNG device that used the camera of the Nokia N9 smartphone.

The smartphone camera counted the number of photons hitting each pixel. The light source was a standard LED. Each pixel in the 8 MP camera detected about 400 photons in a short time. The total number of photons at all pixels was then converted into a sequence of random numbers.