Statistical Randomness Analysis logo

Any cryptographic algorithm requires randomness at some point. And it's better be good! Even the most advanced cryptosystem will eventually fail if associated with a bad TRNG or PRNG, putting at risk the full stack of security measures you carefully crafted. Hopefully, we've got you covered.

Related services

Cryptographic Product Review

A fresh pair of eyes on your design.

The development of a cryptographic product, from a protocol on a whiteboard to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.


AIS 20/31

Certifying your RNG should not be a random process!

CryptoExperts offers consulting services to evaluate the security of RNG implementations. Do you have your own RNG legacy and need to undergo a AIS20/31 or FIPS 140-2 certification process? We can help you put together the appropriate security arguments as a source for your certification documents.


Random Number Generation

Good random number generation is not a matter of chance!

Random Number Generation (RNG) is the cornerstone primitive for most security applications. The design of Random Number Generators, whether hardware-based or fully software, is at the core of our expertise.


The security of most cryptographic mechanisms depends on the generation of random bits. This is for example the case for the Advanced Encryption Standard (AES) secret key, or for the primes of the RSA signature or encryption algorithm, or the private exponents in a Diffie–Hellman key exchange, or the fresh random integer drawn each time an ECDSA signature is computed, etc. The security of most of these primitives miserably fails when used in conjunction with a bad random number generator. An ECDSA signature, for example, may even leak the private key.

Randomness is everywhere

Cryptography isn’t the only field requiring good randomness. Whether you are building an online casino, backtesting a quantitative financial strategy, generating random samples for a population survey, or relying on a Monte Carlo method to obtain a numerical results, you need unbiased randomness or your results might be meaningless.

Does this look random?

There are many ways to test the quality of a random number generator. When the source code of the generator is available, CryptoExperts can perform a full source code review, together with a quality and performance analysis (check our Cryptographic Product Review service for more). When you don’t have access to the source code (or don’t want to disclose it), there are still many empirical tests that can be performed.

Testing binary generators

Many generators output (pseudo)random bits. CryptoExperts has developed its own statistical test suite, made of 15+ statistical tests, carefully chosen for their complementary. Our tests include all those recommended by the NIST’s Special Publication 800-22, which is the de facto standard in the field, but also Diehard tests. Any test from TestU01 or dieharder can be included. Our proven methodology is very simple:

  • On the basis of the high-level description of your generator and of its intended use, we provide you with the exact number of random samples that are needed for an appropriate analysis.

  • You are in charge of the samples’ generation, giving you the chance to choose the most appropriate setting, e.g., using test servers as similar as possible to your production servers.

  • Given the samples, we perform the tests for you, and deliver a complete technical report (including the detailed description of the tests performed and the results obtained) as well as an executive report (much shorter, where results are represented graphically, no-headache guarantee).

What if my generator does not only output 0’s and 1’s?

Does your generator output numbers between 1 and 49, does it draw cards in a deck of 52 cards, or randomly chooses a set of winners in a pool of thousands of players?

No problem.

CryptoExperts has developed its own suite of generic tests, that apply in many different scenarios, and chances are we already encountered yours. And in case your problem is indeed very specific, don’t worry: over the years, our team has learned how to deal with uncommon scenarios and will provide you with a custom-made solution.

We give you real guarantees

We do provide expert knowledge and tailor-made solutions. Unlike our competitors, we don’t blindly restrict to \(\chi^2\) tests, which would consider that the following sequence is random:

1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 ...

Whatever the intended use of your random generator, you shouldn’t leave bad randomness a chance. If you want to know more about what we have to offer you, contact () or () now (this might be your lucky day).

Related publications

  • Distinguishing Distributions Using Chernoff Information.
    Thomas Baignères, Pouyan Sepehrdad, Serge Vaudenay.
    In ProvSec 2010, pp. 144-165, 2010.
  • Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance.
    Shi Bai, Adeline Langlois, Tancrède Lepoint, Damien Stehlé, Ron Steinfeld.
    In ASIACRYPT (1) 2015, 2015. Best Paper Award