Good cryptography requires good random numbers. Almost all cryptography protocols require the generation and use of secret values that must be unknown to attackers. A RNG for cryptography applications should appear to computationally bounded adversaries to be close as possible to a perfect RNG. Most “random” number sources actually utilize a pseudo random generator (PRNG). PRNGs use deterministic processes to generate a series of outputs from an initial seed state. Because the output is purely a function of seed data, the actual entropy of be output can never exceed the entropy of the seed. It can, however, be computationally infeasible to distinguish PRNG from a perfect RNG.
This paper evaluates the hardware based random number generator (RNG) for use in cryptography application. The paper simulates the fastest and efficient algorithm towards the random number generator and the function generating 50% time different values.
Random numbers refers to” a sequence of independent numbers with a specified distribution and a specified probability of falling in any given range of value”. As a result, the ideal random number generator will provide a stream of uniformly distributed, non-deterministic, independent bits over an infinite data set. The mathematical evaluation of randomness is difficult, it is possible to use statistical analysis on sample data sets to detect characteristics that point to “non_randomness”.
Random number generation can be divided into two categories:
True random number generation: With true random number generation the next random number generated is not known, and the sequence of random numbers cannot be generated.
Pseudo random number generation: With pseudorandom number generation a sequence of random numbers is generated using a known algorithm, and the exact same sequence can be regenerated.For software based systems, it is very desirable to use a pseudorandom number generator to be able to test the software system with a repeatable set of random numbers, so one can re_run a test to the exact same random numbers being used. Also with a pseudo random number generator that has been formally evaluated, one can be sure of the resulting of sequence numbers.
Security Enhancement By RNGs
The strength of the security mechanism like encryption algorithm is directly proportional to the randomness of the numbers it uses. While many available solutions use cryptically strong algorithms, they start from random seed that are not truly random and unpredictable.Cryptographic applications demand a high level of randomness to maintain the needed level of confidentiality and security.
The increased randomness of RNG produces random numbers that can increase the strength of the three major elements of cryptography:
Authentication: Random numbers are used to authenticate client systems that want access protect information stored on a server.
Confidentiality: Random numbers play a critical role in generating cryptographic keys used for encrypting and/or decrypting data and thus ensuring that an unauthorized person who intercepts a transaction won’t be able to extract meaningful information.
Integrity: Random numbers are an important part of digital signatures and cryptographic hashes, so that transactions aren’t modified as they travel from a sender to an intended recipient.
Hardware Vs Software RNG’S:
PRNG’s employ a mathematical algorithm for number generation, all PRNG’s possess the following properties:
A seed value is required to initialize the equation.
The sequence will cycle after a particular period.
Therefore, application developers who require non-deterministic output from its PRNG must take pains to provide an unguessable seed value and an algorithm with a period that is sufficiently long. The software manufacturer must possess enough understanding of the PRNG implementation to prevent its properties from producing undesirable results for its users. Hardware RNGs are non deterministic by nature-no algorithm can be used to predetermine subsequent bits. Thus, hardware RNGs are not susceptible to intrusion by algorithm disassembly or disclosure. With the use of hardware RNGs, software manufacturers do not need to hire developers with PRNG expertise nor pay fees for a third-party PRNG solution.However, software manufacturers still need to select hardware RNG with a quality design and implementation from a reliable vendor. A quality design and Implementation includes engineering to prevent failure, thorough testing to detect defects and non-random output, and software support for easy integration in to applications.
Many theoretical and numerical tests are available, but none can ever prove that an RNG is perfect. RNG is very important in IT industry; it is used in games, security, database, and a lot more. RNGs improve the integrity and security of cryptographic applications.
The main idea about RNG is that it must generate a different value each time for about at least 50% of the size of the value, and if it can reach up to more than 75% of the size then it is very excellent program.