Random numbers are used everywhere. They are used in gaming, simulation, statistics, and most importantly, encryption. But how do computers generate random numbers? There are two ways to do so (pseudo-random and true-random number generation), and these methods are associated with entirely different concepts. Let’s find out what they are.
A computer processor can only execute what it’s instructed to do. It has no way of making truly random numbers because no algorithm can do so. Instead, they can run algorithms from a seed value so that even small changes make a huge difference.
However, numbers generated from a PRNG (Pseudo-random number generator) just look random. But in fact, it is predictable. Remember that it’s just an algorithm, and one who discovers the algorithm and the last value produced by the algorithm can predict the next “random” number.
Moreover, PRNGs which purely depend on the previous number to generate the next one can be periodic. The generator will produce the same number again after a finite number of iterations. But when it encounters the same number, periodic PRNGs will repeat the same sequence all over again rather than choosing a different route. This is an alarming flaw, and the longer the period and the more sensitive dependence to initial conditions the algorithm displays, the more unpredictable the PRNG is.
Nevertheless, most PRNGs are not unpredictable enough to be used in encryption. A fundamental rule to generate truly random numbers is “no bias allowed”, which means that every number should have an equal chance to be chosen. For instance, “bias” can occur if, for example, a number has two (or more) values that lead to it in an algorithm instead of an average count of one.
Truly random numbers
As mentioned before, you can’t generate random numbers with algorithms alone. That means computers should observe external phenomena rather than calculate them through their algorithms to make truly random numbers. This ensures that the process of shaping the data is almost entirely unrelated to the computer.
How can you do so? Well, it’s all about gathering entropy, which is essentially true randomness. You can do so by, for example, precisely extracting data from user behavior. Or take precise measurements of temperature, atmospheric pressure, wind speed, humidity, etc., as long as it’s precise enough so that a sufficient amount of digits are subject to change within fractions of a second.
But above all, measurements of the radioactive decay of an atom is particularly random because it cannot be predicted with current algorithms at all. This might demonstrate true randomness in the Universe, and computers can harness it to make the most uncrackable encryption keys.
These generators typically carry extra sensors and are called True Random Number Generators (TRNG), also known as Hardware Random Number Generators (HRNG).
Pseudo-random Numbers and Truly random Numbers: Which Is Better?
It depends on the situation to decide whether your app should use a PRNG or a TRNG. For most games, pseudo-random numbers are already enough. Regular users probably won’t recognize the fake randomness involved in the app. PRNGs are more efficient than TRNGs because you mainly rely on algorithms to generate the numbers. PRNGs also bring an advantage if you want to repeat the same values later when reproducing bugs. If you can allow some bias in random numbers for your software, using PRNGs is a better choice.
However, for encryption and authentication, TRNGs must be used. Guessing decryption keys can lead to sensitive information in a storage device or message being exposed to the public, leading to all kinds of privacy issues, data breaches, or even identity theft. Chances for these kinds of attacks to succeed must be minimized by reducing bias as much as possible, which can be done by implementing TRNGs.
Random numbers generated by your computer are likely not random and entirely predictable. Instead, computers have to gather data from the outside world to make truly random numbers that contain no bias. But there’s more to random numbers. If you’d like to learn more, please visit the webpages in the references below. Moreover, if I’ve missed any crucial points, please include them in the comments as well.
References and Credits
- (n.d.). Introduction to Randomness and Random Numbers. Retrieved September 14, 2021, from https://www.random.org/randomness/
- Alexander Arobelidze. (2020, October 26). Random Number Generator: How Do Computers Generate Random Numbers? Retrieved September 14, 2021, from https://www.freecodecamp.org/news/random-number-generator/
- Chris Hoffman. (2019, November 4). How Computers Generate Random Numbers. Retrieved September 14, 2021, from https://www.howtogeek.com/183051/htg-explains-how-computers-generate-random-numbers/
- PBS Infinite Series. (2017, October 13). How to Generate Pseudorandom Numbers | Infinite Series. Retrieved September 14, 2021, from https://www.youtube.com/watch?v=C82JyCmtKWg