# Encryption Basics

On the encryption page Encryption Basics we write about encryption in general, and the problems industry face today.

# Updates on the TRNG9880 Embedded Random Number Generator

We are working with an update on the TRNG9880 for embedded systems. We will include a recalibrate for the serial port communication, to make it easy to adjust the bit rate to match the host system.

# Production of the TRNG9880-SMT units for embedded systems

We are investigating a simpler production method for the TRNG9880 SMT modules. On the web shop the unit is listed as "coming soon"; but we need a substantial pre-order volume to make ends meet, as production costs is basically of the NRE type.

We now reconsider all steps in the manufacturing of the modules, and as a first step
we now make available samples as **TRNG9880T** units. We have also enabled the
"Quantity" field of the web shop, to indicate the number of samples currently available
for immediate shipping. The price tag for these sample units cannot go lower than EUR 20/unit.

We have a new report on how to test the TRNG9880-SMT units prior to shipping.

# TRNG98 True Random Number Generators

## What Is Randomness?

#### THE MATH BEHIND

Suppose that a source produce a sequence of numbers. Intuitively we may classify the number sequence based upon its randomness. We may say that one sequence is random, but another sequence is not considered random. But associating the concept of "randomness" to a sequence, or a source, is wrong. The randomness property should correctly be associated with the Observer of the sequence. The observer see the sequence, and try to describe it. If he cannot to this, the sequence lack a description, and we say that it is a Random sequence. (Lars LÃ¶fgren)

We should understand that the concept of randomness is relative to the analytic capability of the observer. If we do random testing on a technical system of low complexity, such as an elevator, a simple sequence such as (floor) 1,3,1,3, could be considered random relative to this system. An integer division module (software) for a micro- controller could in a similar way be tested using "random" numbers. If we know much on the internal structure of the system, we could select special numbers that is especially effective testing the system. An integer division routine, where some adjustments occur with very low probability, is known to be able pass a million random test numbers and still be wrong!

A good source of random numbers, where any structure of any kind would be difficult to obtain, is typically needed when the observer is a human, he can profit from any small deviation, and he can gain access to large amounts of random numbers to analyse on a computer. Typical examples would be encryption products and game solutions, where players play with real money.

# Advantages Using a True Random Number Generator

The main advantage using a TRNG, is in its simplicity; switch on power and then comes random numbers. No need for synchronisation and most problems with secrecy of seed numbers is an order of magnitude lower. Even generating a simple seed to a pseudo random number generator could be tricky, problematic and time consuming. (To sit in a vault and roll a dice carefully 64 times etc.)

There will always be "statistics" in any practical application. A player that apply a strategy and always win (so far) might not consider the ten thousand other players with no success. There are always rumours around any game implementation, and possibly the best argument for basing security (randomness) upon a hardware generator is that it is possible to explain. You don't want to go to court and explain your pseudo random number implementation!

A related problem is that if statistical tests are applied repeatedly, the usual statistical test criteria no longer apply. If you apply a test ten thousand times, don't be surprised finding a four sigma deviation on one test. The hardware solution is also independent of the application, and the game software and the hardware generator can be tested separately if there is a problem.

Again we mention prevention of fraud. If the game server mix and work the deck of cards, it is more easy to include some extra manipulation into the server software, compared to where there should be no such operations anywhere in the code at all.

# Conversion of Distribution

#### Flat Distribution

Random number generators typically have a binary output with a flat distribution. This distribution is easy to convert into any other specified distribution, and I give the following typical example:

#### Select a card of 52 randomly using an input random byte.

Divide the input number range [0..255] on the 52 cards. Since the input number have a flat distribution any such conversion will produce identical randomness quality. We have 256=4*52 + 48. To each of the 52 cards we associate 4 numbers. If the input is any of these 4*52=208 combinations, a card was randomly selected using a flat distribution. The remaining 48 combinations are not used, as it would skew the distribution. A new byte, hopefully better, is taken from the generator, and the procedure is repeated.

# Tests of Randomness

We usually test the randomness of a sequence using a software package. There are several such test packages, they work similar, and usually include common test such as frequency test, long run test, pattern test, correlation test, and so on. These tests assign a property to the sequence, and then test the sequence comparing with the properties of a sequence that don't have the assumed property.

A typical issue, is that almost all these tests are very sensitive to a deviation in the 0/1 relative frequency. If an "1" bit is more common than the zero, long runs of "1111" will be more common than the "0000" run, same results for any other kind of pattern test, and a "1" will correlate with any other bit, that is also "1" more often than "0".

# NOTES

## 2018-07-25

- We have an update on the TRNG98.com site.