TRNG Technology

A hardware random number generator (TRNG) is different from a pseudo-random number generator - a pseudo random number generator approximates the assumed behaviour of a real hardware random number generator. Simple pseudo random number generators suffices for most applications.

General About a Hardware

Random Number Generator

SG100 Whitepaper

Sometimes they do not, however. These include demanding situations as generating cryptographic keys, generating lists of winners of lotteries, generating data selections for statistical research papers and so on.

Do Not Use a Pseudo Random Number Generator in You Gaming Application

The reson why you can not use a pseudo random number generator in any serious gaming application, is possibly not clear at all. There are many variants, but the following hypothetical example show that there is more to this, than a technical issue on random number genereation. It is a core business matter:

Now, suppose that...

1) Rumour that the game can be predicted;
   intense internet dicussion.
2) Rumour go public.
3) Rumour now continue, and a professor in statistics
   surface, and could have something to do with it?
4) The Game Authoroties ask you how you generate your
   random numbers!

Right, and now:

5a) You now respond "Software Hack?!"
6a) Game authoroties cut off your servers for a
    minimum of a month.
7a) Bad press and reputation
8a) Never again good business, if you don't go
    bankrupt at this point!

Alternative:

5b) You respond "Hardware random number generator".
6b) Professor in statistics deny that he has any to do
    with it.
7b) Rumor have originated by some teen-age
    beer-drinkers.
8b) Buisness as usual.

So there is not so, that the method of generating random numbers
is some minor and possibly technical question; it has the potential of beeing much more important to you; eventually it can be essential. This is a general problem with IT security, that the value to protect can suddenly become (or be) much higher than first anticipated.

When Not to Use a Pseudo Random Number Generator in Encryption

Suppose we wish to encrypt a communications link with a cipher system. We wish to generate 365 independent daily keys, and we chose a pseudo random number generator to expand an initial seed to 365 different daily keys. We assume that the length of the initial seed is much less then the total length of the 365 keys.

In this situation we have modified our cipher system, no longer do we have 365 independent daily cipher keys but instead we have a single "Initial Seed". The main reason why the use of a pseudo random number generator is not recommended, in this situation, is that to maintain security we must have a pseudo random number generator whose cryptographic strength is much higher than the cryptographic strength of the cipher system. If this is the case we may chose, without loss of security, to expand the "Initial Seed" to the length of all transmitted messages and then replace the cipher system with a "One Time Pad"-cipher.

In a cryptographic environment the use of independent daily keys are recommended because if one key is stolen only one day of communication can be read by the enemy. To obtain this we need to generate 365 independent initial seeds for our pseudo random number generator...
which we apparently cannot simplify by using yet another pseudo random number generator...

The fact hidden in the above story is that it is not possible to expand the amount of information contained in the "Initial Seed" by clever computing.
It is difficult or impossible to generate 365 independent daily keys with a pseudo random number generator. Generating 365 independent daily keys with a hardware random number generator, however, is not that difficult or expensive.

Additional information about the generation of good random numbers can be found in the RFC Randomness Recommendations for Security. This RFC briefly explains currently known methods of random number generation without special purpose hardware.

Can a Hardware Random Number Generator be Used for My Purposes?

Cryptographic and statistical applications are general and demanding. A hardware random number generator supporting these applications can directly or easily be used for most random selection problems. If a statistician is in need of true random numbers drawn from some specified distribution he can usually, often quite easily, convert a series of true random numbers
to this distribution. If not, some problem or situation may be simulated and the random numbers obtained as observations from the simulation.

If a cryptographer needs some specific entity, such as a prime number with a specific security property, the possibility to at least be able to select the starting point for the search, in a true random way, is of great importance.

For a lottery application we need, in addition to the use of a good hardware random number generator, cryptographic protection against bias intentionally introduced by some party. We also need radio frequency protection of the computers and building to secure the lottery from possible remote influence by radio waves. All software must be inspected and validated on site, and then protected against unauthorised modification.