As you might expect, not all random number generators (RNG) are created equal. The degree of security is subject to several internal and external factors.

RNGs can basically be divided into two fundamental types: software and hardware. Software RNGs are also known as Pseudo RNGs or PRNGs, which gives you a clue to exactly how truly random the output is. Although they offer a low-cost introduction to randomness, the problem with PRNGs is that they are deterministic. The output of a PRNG depends deterministically on an input, known as the seed. To get good cryptographic randomness, the seed of a PRNG has to be both random and private, which brings us back to the original problem of how to generate this random seed.

Hardware devices allow us to get closer to true secure randomness. Unfortunately, the terminology is slightly confusing. The so-called True RNGs or TRNGs, are RNGs where the source of randomness relies on classical physics. In contrast, for Quantum RNGs or QRNGs the source of randomness is a quantum process. QRNGs are indeed True RNGs, but they are considered as separate. In both cases, since physical systems are not perfect, both TRNGs and QRNGs depend on some mathematical processing to reach perfect randomness. In order to adapt this processing to the source, the imperfections have to be well understood and monitored.

TRNGs require a physical source of randomness, which outputs digitized results of a measured physical event. TRNGs rely on classical physics, which is intrinsically deterministic. To obtain randomness, you have two solutions. One is to use an external noise source, which may be compromised, or may not be always available (for example in secure locations with controlled environment). The other is to rely on some complex process, which cannot be predicted easily. One typical example is a chaotic process, where the output depends on the minute details of the input.

In both cases, the randomness is created by complex interactions, either with an external system or through the temporal evolution of the system. It is not possible to fully monitor these physical processes, nor ensure their integrity. This introduces uncertainty in the cryptographic system and compromises its security.

For provably secure random number generation, you need to look to quantum physics for the answer. Quantum physics is fundamentally nondeterministic, producing unpredictable outcomes even in a robust and fully controlled environment.

Systems that rely on deterministic processes such as Pseudo Random Number Generators (PRNGs) to generate randomness are not secure because they rely on deterministic – thus predictable – algorithms.

A better solution is to use hardware random number generation. However, many still rely on classical physics processes that run in an uncontrolled and chaotic manner. This opens the door to cheating by controlling the environment or predicting the chaotic behavior in a better way.

The most reliable processes are based on quantum physics, which is is fundamentally random. In fact, the intrinsic randomness of subatomic particles’ behavior at the quantum level is one of the few completely random processes in nature. By tying the outcome of an RNG to the random behavior of a quantum particle, it is possible to guarantee a truly unbiased and unpredictable system through live verification of the numbers and monitoring of the hardware to ensure it is operating properly.

QRNGs are safer and more robust than classical TRNGs because the quantum entropy source is based on a simple, controlled and, most importantly, provably secure and unpredictable physical process. Moreover, many classical TRNGs are sensitive to environmental changes and thus vulnerable to undetected attacks or failures, while IDQ’s QRNGs offer a high degree of protection against external factors that could affect randomness thanks to a simple monitoring of a few key parameters.

Using a QRNG as a source of entropy makes a cryptographic system robust against attacks for the secure collection and transmission of sensitive data. Moreover, with IDQ’s QRNG chip, a QRNG can now be embedded locally, even for the protection of IoT and edge devices that are connecting home, cars, hospitals, factories, infrastructure, schools, and shopping locations. QRNGs can be trusted to make our connected world safer.

Yes! As random numbers are used everywhere, QRNG can of course be used everywhere.

Random numbers are used to ensure the legitimacy of gaming operations, to protect the privacy of sensitive data. Anyone with online access to their bank account relies on random numbers to generate security access keys for two-factor authentication. The most pervasive use of random numbers is in modern cryptography, strengthening the basis of any cyber security ecosystem.

The Public Key Infrastructure we all rely upon to secure the internet is dependent upon random numbers, as are all forms of data encryption. Random numbers are the source of encryption keys, used to secure data both at rest and in motion as it travels around an increasingly connected world.

IDQ offers various QRNG form factors: USB, PCIe cards, network appliance, and chips. Our world’s smallest QRNG chip is available in three models, depending on size, performance, power consumption and certifications, in order to fit various industry-specific needs. It can be embedded into any mobile, IoT, and edge device to benefit from QRNG.

Of course! IDQ was the first company to develop a QRNG in 2001 and has continued improving its successive generations of QRNGs. IDQ has also made quantum technology reach mass-market applications with its Quantis QRNG chip which has been successfully embedded into selected Samsung smartphones since 2020.

It remains the market leader in terms of flexibility, reliability and certification.

The highest level of security requires local generation of entropy. Sending the random number through a communication network always adds a risk to privacy.

Therefore, the safest bet will always be to have the quantum random number generating device on the local machine. However, in some instances, for example when the randomness does not need to be secret, or if it is generated in a secure environment, a centralized source may be used. The advantage is that the end-user does not need any hardware but can purchase random numbers as a service.