A random number generator (RNG) is a system or method for generating a random sequence of numbers. Certain difficulties arise in the design, application or operation of an RNG that may compromise the actual randomness of the sequence of numbers generated. For example, one approach is an algorithm-based RNG, commonly used in computer simulations of physical systems as well as in cryptography systems. However, algorithm-based RNG's are more accurately referred to as pseudo random number generators (PRNG's), since their output is not truly random due to their derivation from at least one base algorithm: their outputs only approximate some of the properties of random numbers. Moreover, the underlying algorithms may be determined through reverse engineering or computational code-breaking or hacking efforts, thus enabling defeat of cryptography security.
Analog noise-based or hardware RNG structures are generally preferred over PRNG's to produce unpredictable and unbiased digital signals derived from a fundamental noise mechanism. FIGS. 1(a) and 1(b) illustrate a prior art hardware RNG 100, which uses microscopic physical process phenomena (thermal noise, photoelectric effect or other quantum phenomena) as an analog noise source 102, an amplifier 104 to amplify the quantum-level noise output 103 into a macroscopic noise signal 105. A transducer 108 samples the amplified noise signal 105 in response to a periodic digital clock signal 109 clocked through a gate or switch 106. In one example as sampled at rising clock signal 110, the amplified noise signal 105 has a value 112 lower than the signal waveform midpoint M, and value 112 is therefore converted by the transducer 108 into a digital stream 130 zero. On the next rising clock signal 120, the amplified noise signal 105 has a value 122 higher than the signal waveform midpoint M, and this value 122 is therefore converted by the transducer 108 into a digital stream 130 one output.
If the waveform profile 126 of the rising and falling amplified noise signal 105 signal is random relative to the constant periodic clock signal 109 profile 128, then the stream of ones and zeros generated by the transducer 108 will also be random. However, the hardware RNG 100 may be influenced by deterministic forces that may compromise or even program the randomness of the stream of numbers 130.
More particularly, electromagnetic radiation interference (EMI) emitted by other electrical circuits carrying rapidly changing signals as a by-product of their normal operation may cause unwanted signals such as crosstalk and power supply noise to impact the RNG 100. Strong EMI forces may also reprogram the random amplified noise signal 105, in one example through clock signal coupling with another clock signal through a structural substrate. FIG. 1(b) illustrates the effect of a strong radio frequency interference (RFI) signal 170 on the hardware RNG 100. RFI is interference caused by the portion of the electromagnetic spectrum above audio wavelengths (about 20 kHz) but below infrared wavelengths (about 30 THz), and includes amplification modulation (AM), shortwave, frequency modulation (FM), television (TV), ham radio and citizen's band (CB) broadcast signals. RFI may be generated by commercial, governmental and civilian broadcasters, as well as by local devices such as remote controls, wireless phones, cellular phones, microwave ovens, motion sensors, radar systems, and medical and industrial devices.
The strong RFI signal 170 acts upon and effectively overwhelms the amplified noise signal 105, thereby producing a resultant interfered noise signal 172 having a waveform profile 192 substantially similar to the RFI signal 170 waveform profile 190. And if the RFI signal 170 has a periodicity and profile 190 substantially in common with the oscillating digital value profile 128 of the sampling clock signal 109, then at each clock signal sampling point (the rising edges 110, 120 of the clock signal 109) the interfered amplified noise signal 172 has a value 182,184 higher than the signal waveform midpoint M and is converted by the ADC 108 into a digital stream 130 one output. Thus, the otherwise random data stream 186 has been now programmed to an all-ones signal. This may occur unintentionally, or it may be intentional through synchronization-based hacking techniques, either of which results in a breach of cryptographic system security.
Thus, although algorithm-based pseudo random number generators may provide simple, cost effective random number generation, the underlying algorithm methodology renders the PNRG inherently insecure for cryptography applications. And although hardware random number generators can in theory produce truly random number streams not subject to decryption, EMI modulation of the hardware noise source signals may compromise randomness, and in some conditions even allow programming of the generated number stream.