The present disclosure is generally directed to random number generation and, more particularly, to techniques for improving random number generation security in a data processing system.
Random number generators (RNGs) may be employed in various applications, such as computer simulation, statistical sampling, cryptography, and other areas where producing an unpredictable result is desirable. There are two primary approaches for generating random numbers. A first approach measures some physical phenomenon that is expected to be random and then compensates for possible biases in the measurement process. For example, atmospheric noise, thermal noise, and other external electromagnetic and quantum phenomena may be utilized to generate random numbers. A second approach employs computational algorithms that can produce long sequences of apparently random numbers, which are, in fact, completely determined by a shorter initial value (i.e., a seed value). Unfortunately, if the seed value is known or readily discernible, a random sequence generated by a computational algorithm based on the seed value may be readily reproduced.
In general, pseudo (software) RNGs do not rely on sources of naturally occurring entropy, although they may be periodically seeded by such sources. While a software RNG based solely on deterministic logic can never be regarded as a true random number source, in practice software RNGs are sufficient for many applications. In applications where unpredictability is demanded, e.g., security applications, hardware RNGs are generally preferable to software RNGs that implement pseudo random algorithms. In computing, a hardware RNG is an apparatus that generates random numbers from a physical process, as contrasted with pseudo random numbers generated by a computer program. Hardware RNGs usually utilize phenomena that generate low-level statistically random noise signals (e.g., thermal noise, the photoelectric effect, and other quantum phenomena). A hardware RNG typically includes: a transducer that converts some aspect of a physical phenomena to an electrical signal; an amplifier and other electronic circuitry to increase the amplitude of the random fluctuations to a measurable level; and some type of analog-to-digital converter to convert an analog input signal to a digital output signal. By repeatedly sampling a randomly varying signal to provide different seeds, a series of random numbers may be obtained from a hardware RNG.
A primary application for hardware RNGs is cryptography, where hardware RNGs are used to generate cryptographic keys for secure data transmission. For example, hardware RNGs are widely used in various Internet encryption protocols, e.g., secure sockets layer (SSL). Hardware RNGs generally produce a limited number of random bits per second. In order to increase the data rate, hardware RNGs may be used to generate a seed for a faster cryptographically secure software RNG that generates a pseudo random output sequence. Hardware RNGs are generally a more secure alternative to software RNGs, which are software programs commonly used in computers to generate random numbers. Software RNGs employ a deterministic algorithm to produce numerical sequences. While pseudo random numerical sequences usually pass statistical pattern tests for randomness, by knowing the algorithm and the conditions used to initialize the algorithm (i.e., the seed), the output of a software RNG can be predicted. That is, a sequence of numbers produced by a software RNG may be predictable and data encrypted with pseudo random numbers provided by a software RNG is potentially vulnerable to being decrypted by an unrelated third-party. In contrast, hardware RNGs produce sequences of numbers that are not predictable and, therefore, provide greater security than software RNGs when used to encrypt data.