Review of Methodologies and Metrics for Assessing the Quality of Random Number Generators

Abstract

Random number generators are a key element for various applications, such as computer simulation, statistical sampling, and cryptography. They are used to generate/derive cryptographic keys and non-repeating values, e.g., for symmetric or public key cyphers. The strength of a data protection system against cyber attacks corresponds to the strength of the weakest point in the security chain. Therefore, from a mathematical point of view, the security chain can be compromised even if the strongest algorithm is implemented. In fact, if the system requires keys or other random values and the generation process shows a certain vulnerability, the security of the system itself can be compromised. In this article, we present the most reliable tools and methodologies and the main standardisation efforts in the field of computer security to assess the quality of random number generators and ensure that they can be applied to computer security applications by offering adequate security strength. We offer a comprehensive guide that can be used as a quick and practical reference by developers of random number generators of any type to evaluate the random bit streams generated by implemented modules and determine whether or not they can be used in cybersecurity applications. Finally, we also present some use cases to which we applied the presented approach.