random number background
Random numbers are an important concept in cryptography, and they are widely used in key distribution and authentication, session keys, and stream encryption. Random numbers are divided into true random numbers and pseudo random numbers. The true random number is obtained by converting the unpredictable entropy source of the external physical environment into the corresponding binary bit stream, and the true random number generator (TRNG) is responsible for this conversion process. Pseudo-random numbers are binary bit streams obtained by applying a fixed value (or seed) to a deterministic random number generation algorithm. There are two different pseudo-random number generation tools, one is a pseudo-random number generator (PRNG), which generates a bit sequence of unlimited length, and the other is called a random function (PRF), which generates a fixed-length bit sequence . The main difference between TRNG and PRNG is that PRNG is more efficient. It can be implemented entirely by software algorithms or by hardware, while TRNG needs to adopt real unpredictable physical processes, so it needs hardware support.
Random numbers can be used for a variety of purposes, such as generating data encryption keys, simulating and modeling complex phenomena, and selecting random samples from larger data sets. They have also been used aesthetically, for example in literature and music, and are of course popular in games and gambling. When talking about singular numbers, random numbers are drawn from a set of possible values, each equally likely; when talking about sequences of random numbers, each number drawn must be statistically independent of the others.
Pseudorandom and true random numbers
With the advent of computers, programmers recognized the need to introduce randomness into computer programs, however, it is surprisingly difficult to get a computer to do something by chance. Computers follow instructions blindly and are therefore completely predictable. There are two main methods of generating random numbers using computers: pseudorandom number generators (PRNGs) and true random number generators (TRNGs). These two methods have different characteristics and each has advantages and disadvantages.
TRNG True Random Number Generator: A random source is used as input, called an entropy source;
PRNG Pseudo-Random Number Generator: The seed is used as an input, and a certain algorithm is used to generate a bit output sequence. The output is only related to the seed, and is used to generate an algorithm of unlimited length bit stream;
PRF Pseudo-random function: Generates a fixed-length pseudo-random string.
pseudo random number
Pseudo-Random Number Generators (PRNGs)
PRNG generation steps
takes as input a fixed value called a seed
Produces a sequence of output bits using a deterministic algorithm
Some results of the algorithm are fed back as input through the feedback path when additional output bits are generated.
The important thing to note is that the output bitstream is only determined by the input values, so an adversary who knows the algorithm and the seed can copy the entire bitstream.
PRNG and PRF
Pseudo-Random Number Generator (PRNG): A PRNG refers to an algorithm for generating open-ended bit sequences. A common application of open bit sequences is as input to symmetric stream ciphers;
Pseudo-random function (PRF): PRF is used to generate a fixed-length pseudo-random bit string. For example a symmetric encryption key. Typically, a PRF takes as input a seed plus some context-specific values, such as a user ID or application ID.
There is no difference between PRNG and PRF other than the number of bits produced. The same algorithm can be used in both applications. Both require a seed, and both must exhibit randomness and unpredictability. In addition, PRNG applications can also use context-specific inputs.
Introduction to Pseudorandom Numbers
A deterministic algorithm can generate a sequence that can withstand randomness detection, and the sequence is not statistically random, which is called a pseudo-random number. As the term "pseudorandom numbers" suggests, pseudorandom numbers aren't the kind of random numbers you'd expect, at least not if you're using them to roll dice or buy lottery tickets. Essentially, PRNGs are An algorithm that uses a mathematical formula or a simple precalculated table to generate a randomly occurring sequence of numbers. Linear congruence is a good example of a PRNG. A great deal of research has been done on pseudorandom number theory, and modern algorithms for generating pseudorandom numbers are so good that the numbers appear completely random.
The basic difference between PRNGs and TRNGs is easy to understand if you compare computer-generated random numbers to the numbers rolled by a dice. Because PRNGs generate random numbers by using mathematical formulas or precomputed lists, using one corresponds to someone rolling the dice multiple times and writing down the results. Whenever you want a dice, you get the next one on the list. In fact, these numbers appear to be random, but in fact they are predetermined. TRNGs work by having a computer actually roll dice—or, more commonly, using some physical phenomenon that is easier to connect to a computer than dice.
PRNGs are efficient, meaning they can generate many numbers in a short amount of time, and deterministic, meaning a given sequence of numbers can be replicated at a later date if the starting point in the sequence is known . PRNGs are also usually periodic, meaning that the sequence will eventually repeat itself. While periodicity has never been a desirable characteristic, modern PRNGs have such a long period that it can be ignored in most practical cases.
These properties make PRNGs suitable for applications that require many numbers and where the same sequence can be easily replayed. Common examples of such applications are simulation and modeling applications. PRNG is not suitable for applications where the data is unpredictable, such as data encryption and gambling.
Pseudo-random number algorithm
Pseudo-random number generators can use specialized algorithms to generate pseudo-random numbers, such as: linear congruential and BBS.
linear congruence
BBS
true random number
True Random Number Generators (TRNGs)
TRNG generation steps
Use a true random number source (entropy source) or combination of sources as input to an algorithm that produces a random binary output
It may be as simple as converting an analog source to a binary output, or it may involve additional processing to overcome any bias in the source.
output random bitstream
Introduction to True Random Numbers
Essentially, sources of entropy are extracted from the computer's physical environment and can include things such as keystroke timing patterns, disk electrical activity, mouse movements, and the instantaneous value of the system clock
In contrast to PRNGs, TRNGs extract randomness from physical phenomena and introduce it into computers. You can think of it like a dice hooked up to a computer, but usually people use a physical phenomenon that's easier than hooking up a computer. Physical phenomena can be as simple as subtle changes in mouse movement or the length of time between key presses. In practice, however, you have to be careful which source you choose.
However, there are many other ways to make your computer truly random. Radioactive matter is a good physical phenomenon, the point in time at which the radiation source decays is completely unpredictable, they are easily detected and fed into the computer, avoiding any buffering mechanisms in the operating system. The HotBits service from Fourmilab in Switzerland is a good example of a random number generator using this technique. Another suitable physical phenomenon is atmospheric noise, which is easily picked up by ordinary radios. This is the method used by RANDOM. You can also use background noise from an office or lab, but you have to pay attention to the pattern, the fan in your computer may cause background noise, since the fan is a rotating unit, the noise it produces will most likely not be as random as atmospheric noise .
Regardless of the physical phenomenon used, the process of generating truly random numbers involves identifying small, unpredictable changes in data.
compare the two
The characteristics of TRNGs are quite different from PRNGs. First, TRNGs are generally very inefficient compared to PRNGs, taking much longer to generate numbers. They are also non-deterministic, meaning that a given sequence of numbers cannot be reproduced, although of course the same sequence may happen by chance several times. TRNGs have no periods.
Characteristics of random numbers
randomness
Uniformity of distribution: the probability of occurrence of 0 00 and 1 11 is roughly equal;
Independence: any subsequence cannot be derived from other sequences;
Consistency: For any seed, the behavior of the generator is consistent;
Scalability: Subsequences of any sequence can also pass the randomness test;
Unpredictability: the adversary cannot derive the following random numbers from the previous random numbers;
Forward unpredictability: it is known that the previous digit cannot predict the next digit;
Posterior unpredictability: the seed value cannot be inferred from any random sequence;
Irreproducibility: true and false random numbers
Seed requirements: The seed itself must be a random number or a pseudo-random number, such as generated by TRNG.
random number application
Key distribution and mutual authentication schemes;
Generation of session keys;
Key generation in the RSA public key encryption algorithm;
Bit stream generation for symmetric stream ciphers.