Random number generation has many applications in computing technology, as well as in the sciences and useful arts. Randomness is, in fact, crucial to cryptography, network security, online gaming and gambling, statistics and statistical analysis, mathematical systems modeling and many other fields. For example, in controlled medical trials, random assignment of treatments eliminates possible biases when testing treatment efficacies. Computerized generation of random or pseudo-random numbers are also required to simulate real world events in applications such as video games, as well as gaming machines like video blackjack.
Mathematically, there are well-known distinctions between randomization, pseudo-randomization, and quasi-randomization, as well as between pure random number generators (RNGs) and pseudo-random number generators (PRNGs). While hardware-based RNGs can reliably generate numerical sequences that are close to truly random, software-based PRNGs are more ubiquitous because of their speed and reproducibility. Nevertheless, such PRNGs are not truly random, because the numerical sequences are typically generated from a relatively small set of initial values, called seed values. Thus, PRNGs are susceptible to becoming more predictable when, for example, brute-force attacks or the like are surreptitiously used to determine underlying seed values.
PRNGs, also known as a deterministic random bit generators (DRBGs), comprise various algorithms, executed in software, for generating a sequence of numbers whose properties approximate the properties of sequences of truly randomized numbers. However, the requirements for randomness and predictability vary for different application. For example, applications in cryptography usually have strict high-randomness and low-predictability requirements, whereas other uses, such as generating a PRNG for determining outcomes in a children's video game, can use a looser standard of pseudo-randomness.
A PRNG suitable for cryptographic applications is called a Cryptographically Secure PRNG (CSPRNG). A requirement for a CSPRNG is that an attacker, not knowing the seed values, has only negligible advantage in distinguishing the generator's output sequence from a random sequence. In other words, while a PRNG is only required to pass certain statistical tests, a CSPRNG must pass stringent statistical tests in relation to the size of the seed(s). Existing PRNGs that have been designed specifically to be cryptographically secure include: MICROSOFT'S CRYPTOGRAPHIC APPLICATION PROGRAMMING INTERFACE function “CryptGenRandom,” MAC OSX operating systems, UNIX systems incorporating FREEBSD, and LINUX systems incorporating FORTUNA.
Accordingly, as computing power continues to increase, there is a continuing need for improved methods and systems for pseudo-random number generation, which are easily implemented and effective to secure computer systems and the applications requiring randomization functions.