Random numbers are used for a wide variety of purposes in the information processing fields, such as, without limitation, generating distinctive identifiers for databases records, computer processes, or other objects, data encryption keys and hash values, simulating or modeling complex phenomena, and for selecting random samples from larger data sets. Random numbers have been used in creative endeavors, such as generating music, and even in the literary and visual arts. Additionally, random number generation is essential in gambling and other games.
Producing a random number using a computer system continues to be a challenge. A truly random number is taken from a set of possible values, with each value being equally probable as a uniform distribution. In a sequence of random numbers, each selected number is ideally statistically independent of the others. A truly random number cannot be predicted, or estimated as falling within some range of values as a finite subset of a greater set of possible values.
A computer system executes its program instructions and, as such, is entirely predictable. Pseudorandom number generators (PRNGs) are computationally efficient ways to generate random-looking numbers, but the PRNG output is in fact deterministic, meaning that the next value of a pseudorandom sequence may be known if the sequence's starting point is known. In critical and security applications, PRNGs present a vulnerability to attackers seeking to break an encryption code.
True random number generators (TRNGs) obtain randomness from observation of physical events and introduce it into a computer. For instance, known techniques use timing between keypresses of a keyboard. However, the systems observing the events may themselves introduce bucketing and other granularity effects, which reduce the randonmess in the observation of what is otherwise a legitimately random event. For instance, input buffering of keystrokes may cause keystroke-reading applications to interpret successive buffered keystrokes as appearing artificially close in time based on the time of reading of the keypresses from the buffer by the random-number-generating application. The problem of obtaining true random values by computer systems is sufficiently difficult that some services have gone to such lengths as using radioactive sources as sources for random physical events. This latter approach introduces numerous complexities, many of which are readily apparent, in addition, it introduces a vulnerability in the communication link with the radioactive-source monitoring system, which may be subject to attack.
A practical solution for the generation of a random, distinctive, value in computing systems is needed.