True Random Number Generators Secure in a Changing Environment

  • Boaz Barak
  • Ronen Shaltiel
  • Eran Tromer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2779)


A true random number generator (TRNG) usually consists of two components: an “unpredictable” source with high entropy, and a randomness extractor — a function which, when applied to the source, produces a result that is statistically close to the uniform distribution. When the output of a TRNG is used for cryptographic needs, it is prudent to assume that an adversary may have some (limited) influence on the distribution of the high-entropy source. In this work:

  1. 1

    We define a mathematical model for the adversary’s influence on the source.

  2. 2

    We show a simple and efficient randomness extractor and prove that it works for all sources of sufficiently high-entropy, even if individual bits in the source are correlated.

  3. 3

    Security is guaranteed even if an adversary has (bounded) influence on the source.


Our approach is based on a related notion of “randomness extraction” which emerged in complexity theory. We stress that the statistical randomness of our extractor’s output is proven, and is not based on any unproven assumptions, such as the security of cryptographic hash functions.

A sample implementation of our extractor and additional details can be found at a dedicated web page [Web].


  1. [BR94]
    Bellare, M., Rompel, J.: Randomness-efficient oblivious sampling. In: 35th Annual Symposium on Foundations of Computer Science (1994)Google Scholar
  2. [CW79]
    Carter, L., Wegman, M.: Universal hash functions. JCSS: Journal of Computer and System Sciences 18, 143–154 (1979)MathSciNetMATHCrossRefGoogle Scholar
  3. [ErCS94]
    Eastlake III, D., Crocker, S., Schiller, J.: Randomness recommendations for security, RFC 1750 (December 1994)Google Scholar
  4. [Gla02]
    Gladman, B.: A specification for Rijndael, the AES algorithm (2002), Available from
  5. [GW96]
    Goldberg, I., Wagner, D.: Randomness and the netscape browser. Dr. Dobb’s Journal, 66–70 (1996)Google Scholar
  6. [ILL89]
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudorandom generation from one-way functions. In: Proceedings of the 21st ACM Symposium on Theory of Computing (1989)Google Scholar
  7. [JK99]
    Jun, B., Kocher, P.: The Intel random number generator. Technical report, Cryptography Research Inc. (1999), Available from
  8. [Mar95]
    Marsaglia, G.: DIEHARD, a battery of tests for random number generators (1995), Available from
  9. [NTS99]
    Nisan, N., Ta-Shma, A.: Extracting randomness: A survey and new constructions. JCSS: Journal of Computer and System Sciences 58 (1999)Google Scholar
  10. [NZ96]
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–52 (1996)MathSciNetMATHCrossRefGoogle Scholar
  11. [Per92]
    Peres, Y.: Iterating von Neumann’s procedure for extracting random bits. Ann. Statist. 20(1), 590–597 (1992)MathSciNetMATHCrossRefGoogle Scholar
  12. [Sha02]
    Shaltiel, R.: Recent developments in extractors. Bulletin of the European Association for Theoretical Computer Science 77 (2002)Google Scholar
  13. [TV02]
    Trevisan, L., Vadhan, L.: Pseudorandomness and average-case complexity via uniform reductions. In: Proceedings of the 17th Annual Conference on Computational Complexity (2002)Google Scholar
  14. [vN51]
    von Neumann, J.: Various techniques used in connection with random digits. Applied Math. Series 12, 36–38 (1951)Google Scholar
  15. [WC81]
    Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. JCSS: Journal of Computer and System Sciences 22 (1981)Google Scholar
  16. [Web]
    Web page for this paper, Available from
  17. [Zim95]
    Zimmermann, P.R.: PGP: Source Code and Internals. MIT Press, Cambridge (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Boaz Barak
    • 1
  • Ronen Shaltiel
    • 1
  • Eran Tromer
    • 1
  1. 1.Department of Computer Science and, Applied MathematicsWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations