An object which is often to be solved in security controllers is the creating of random numbers and in particular true random numbers as a true random number generator may generate them. True random number generators are also called true RNGs (RNG=random number generator). The implementation of such true RNGs is time-consuming and expensive. Therefore, pseudorandom number generators, so-called PRNGs (PRNG=pseudorandom number generator), are often used which, however, generate sequences of numbers, based on a deterministic algorithm commencing from a starting value, which are principally understandable by outsiders with knowledge of the algorithm and thus are no longer random.
The term pseudorandom numbers denotes sequences of numbers which are calculated by means of a deterministic algorithm in a pseudorandom number generator and which are therefore not random, but appear random for sufficiently short sequences. Because the calculation of random numbers is accomplished deterministically on the basis of a starting value, which is also called seed, a random sequence of numbers which is created in this manner is reproducible when a known starting value is assumed. With knowledge of the algorithm and the starting value, the resulting sequence of numbers is predictable even by outsiders.
Conventional true random number generators necessitate the existence of analog circuit elements which are, however, only reluctantly implemented in primarily digital circuits. True random numbers can be created, for instance, by means of analog elements by sampling of a noise signal, the amplitude of which is random.
More common, however, is the use of a pseudorandom number generator which does not provide an optimal random sequence of numbers but which can be implemented purely in digital technology. Yet such a pseudorandom number generator necessitates a starting value. If one wishes to avoid the fundamental possibility of recalculating, this starting value must even be unknown to the potential manufacturer. This necessitates that the starting value of the pseudorandom number generator should be created within the chip itself which, however, is only feasible on the basis of a true random number generator, so that the problem of the possibility of recalculation is not solved by the implementation of a pseudorandom number generator with a known starting value.
Because the implementation of an analog unit, as would be necessary for creating a true random sequence of numbers, on, for example, a smart card/chip card is possible only to a very limited extent or with much effort, the problem of creating a non-recalculatable random number on a smart card or another cryptographic device poses a great technical problem.