Making sense out of randomness

Randomness and random numbers are critical parts of our everyday life. Matti Tommiska, Xiphera’s Co-founder and CEO, discusses the significance and purpose of randomness and random number generators.
Randomness and random numbers are critical parts of our everyday life.

What is randomness?

Randomness can be loosely defined as the unpredictability of an individual event in a way that if the probability distribution of an individual event is known, the frequency of individual events when repeated often enough becomes predictable. Let’s study this scenario through a very generic example: flipping a coin. The probability of either heads or tails is 1/2 in a coin flip, and if a fair and untampered coin is flipped ten thousand times, it is highly likely that both heads and tails result approximately five thousand times.

Random numbers – or often just random bits, which are a subset of random numbers – have many use cases in our everyday life. Randomness and random numbers are needed in computer simulations and gaming (who would like to play an identically progressing Clash of Clans each and every time?), and very importantly in cryptography, where they are used, for example, as seed material for secret keys and initialisation vectors.

A well-known quote from famous mathematician and computer scientist Donald Knuth states that “Random numbers should not be generated with a method chosen at random”, and it is indeed of paramount importance to use a dependable and proven method to generate random numbers for security-critical applications, such as cryptography.

A few words about entropy sources

The actual origin of randomness is often called an entropy source, and examples of these include athmospheric noise (this is the basis for the well-known website www.random.org), quantum mechanical phenomena, external analog components (such as reverse-biased Zener diodes) in electronics, as well as an internal entropy source (for example, in Xiphera’s True Random Number Generator (TRNG) Intellectual Property (IP) core) inside ASICs (Application Specific Integrated Circuits) and FPGA (Field Programmable Gate Arrays). The advantages and disadvantages of various entropy sources are a subject of ongoing comparisons and discussion, both in the academic research and literature as well as in the private sector.

Very important factors in evaluating the “goodness” of entropy sources are statistical tests, and there are both formally standardised, for example, the NIST SP 800-22 (National Institute of Standards and Technology Special Publication), and de facto standard test suites, such as PractRand, gjrand, TestU01, and dieharder, which are used to test the statistical properties of the random output of an entropy source. However, just the fact that a particular entropy source passes all relevant statistical tests is not in itself sufficient to prove that the entropy source can be used for cryptographic applications; an additional critical requirement is the ability to present a well-founded stochastic model for the entropy source.

The output of an entropy source also needs to be continuously monitored with so-called online health tests to make sure that its output is not compromised. Additionally, once the output bits or numbers of the entropy source have passed the online health tests, they are typically fed into an entropy extractor, whose output is the actual output of a TRNG.

Want to hear more about randomness and random numbers? Join our webinar What Everyone Should Know about Randomness? from the link below.

Xiphera’s webinar: What Everyone Should Know about Randomness?

Various examples and paradoxes show that human intuition about randomness is flawed. What actually is randomness and how do we generate random numbers?

Randomness is used everyday in various situations, including science, statistics, gaming, and, most importantly, cryptography. Random numbers are one of the fundamental corner stones of cryptography, and high-quality random number generation is critical for modern information security. An inadequate random number generator is the Achilles’ heel in the implementation of security protocols, and may undermine security entirely.

In this webinar, held on Tuesday, 24th of January at 3p.m. CET, we will dive into the principal questions regarding randomness and random numbers. What are random number generators? How are they built and tested? What can go wrong with random number generation? The webinar gives a compelling yet concise half an hour introduction to randomness, presented by Xiphera’s CEO and Co-founder Matti Tommiska. You will definitely learn a lot more than just random facts!

Find the full recording of the webinar and presentation slides here.

If you want receive information about Xiphera’s upcoming webinars, sign up for Xiphera’s webinar subscription list here, and you’ll never miss any of our fascinating webinars!

Find all episodes of Xiphera’s webinar series Cryptography under the hood here.

Read more
Another year has come to an end, and Xiphera’s team is turning on the Christmas mood and getting ready for the well-deserved holidays. Let’s take a look into what we have done and accomplished this year.
Xiphera’s board of five includes company’s co-founders and three other people from different backgrounds. The new board is filled with new kind of expertise, and the versatile background of the board members benefits the whole company.
Combining Crypto Quantique’s PUF technology with Xiphera’s quantum-resilient cryptography provides future-proof hardware trust engines to protect devices and data for decades to come.