The security of most cryptographic mechanisms depends on the generation of random bits. This is for example the case
for the Advanced Encryption Standard (AES) secret key, or for the primes of the RSA signature or encryption algorithm, or the
private exponents in a Diffie–Hellman key exchange, or the fresh random integer drawn each time an ECDSA signature is
computed, etc. The security of most of these primitives miserably fails when used in conjunction with a bad random
number generator. An ECDSA signature, for example, may even leak the private key.
Randomness is everywhere
Cryptography isn’t the only field requiring good randomness. Whether you are building an online casino, backtesting a
quantitative financial strategy, generating random samples for a population survey, or relying on a Monte Carlo method to
obtain a numerical results, you need unbiased randomness or your results might be meaningless.
Does this look random?
There are many ways to test the quality of a random number generator. When the source code of the generator is
available, CryptoExperts can perform a full source code review, together with a quality and performance analysis (check
our Cryptographic Product Review service for more). When you don’t have access to the source code (or don’t want to
disclose it), there are still many empirical tests that can be performed.
Testing binary generators
Many generators output (pseudo)random bits. CryptoExperts has developed its own statistical test suite, made of 15+
statistical tests, carefully chosen for their complementary. Our tests include all those recommended by the
NIST’s Special Publication 800-22, which is the de facto standard in the field, but also Diehard tests. Any test
from TestU01 or dieharder can be included. Our proven methodology is very simple:
-
On the basis of the high-level description of your generator and of its intended use, we provide you with the exact
number of random samples that are needed for an appropriate analysis.
-
You are in charge of the samples’ generation, giving you the chance to choose the most appropriate setting, e.g.,
using test servers as similar as possible to your production servers.
-
Given the samples, we perform the tests for you, and deliver a complete technical report (including the detailed
description of the tests performed and the results obtained) as well as an executive report (much shorter, where
results are represented graphically, no-headache guarantee).
What if my generator does not only output 0’s and 1’s?
Does your generator output numbers between 1 and 49, does it draw cards in a deck of 52 cards, or randomly chooses a set
of winners in a pool of thousands of players?
No problem.
CryptoExperts has developed its own suite of generic tests, that apply in many different scenarios, and chances are
we already encountered yours. And in case your problem is indeed very specific, don’t worry: over the years, our team
has learned how to deal with uncommon scenarios and will provide you with a custom-made solution.
We give you real guarantees
We do provide expert knowledge and tailor-made solutions. Unlike our competitors, we don’t blindly restrict to
\(\chi^2\) tests, which would consider that the following sequence is random:
1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 ...
Whatever the intended use of your random generator, you shouldn’t leave bad randomness a chance. If you want to know
more about what we have to offer you, contact () or () now (this might be your lucky day).
Related publications
-
Distinguishing Distributions Using Chernoff Information.
Thomas Baignères, Pouyan Sepehrdad, Serge Vaudenay.
In ProvSec 2010, pp. 144-165, 2010.
-
Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance.
Shi Bai, Adeline Langlois, Tancrède Lepoint, Damien Stehlé, Ron Steinfeld.
In ASIACRYPT (1) 2015, 2015.
Best Paper Award