Grab a coin and toss it.
Heads or tails, it doesn’t matter. What matters is that you can’t predict the result. At most, you can try to guess it. And in this case, that would be pretty easy because you only have two options. But what if you had to guess a long sequence of numbers and/or symbols? That would be almost impossible to get correct, right?
Random number generators (RNG) are hardware devices or software algorithms that spawn a different sequence of numbers (and/or symbols) every time they are activated — pretty much like tossing a coin but in the digital world.
Given that this imaginary digital coin can have as many 'sides' as needed to maintain a high level of randomness, modern RNGs are generally used in cryptography, computer simulations, online gambling, videogames, and many other applications.
Here is how.
The early history of RNGs
Humans have made use of randomness since ancient times. Dice, dating back to roughly 2400 BCE, have been found in archeological sites in Egypt, and pyramidal-shaped dice (with four sides) date back to the 3rd millennium Sumer.
A lot of time has passed since then. In the modern world, dice rolling and coin flipping have become insufficient for certain applications.
In 1947, the RAND Corporation created an electronic device that generated numbers using a random pulse generator. They then published the results in a book that was intended to be useful to scientists and researchers in need of random sampling.
The British electrical engineering firm Ferranti Ltd added a random number generator to the Ferranti Mark 1, the world’s first commercially available general-purpose digital computer, which became available in February 1951 (one month ahead of the UNIVAC I). The built-in RNG used electrical noise to produce up to 20 random digits at a time.
In a paper from 1946, Hungarian-American mathematician and computer scientist John Von Neumann disclosed his middle-square method for obtaining random numbers based on an initial random seed value. By squaring this initial seed value and slicing out its middle digits several times, scientists could reach a pseudorandom sequence of numbers. This is the first algorithmic RNG. However, Von Neumann’s approach was not a true random number generator as the sequence would eventually fall into a short repeated cycle of numbers, no matter what seed value was used to start with.
In 1957, the former Bletchley Park codebreakers Tommy Flowers and Harry Fensom invented ERNIE (Electronic Random Number Indicator Equipment) to use for the Premium Bond lottery in the United Kingdom. ERNIE produced 50 random digits per second, which were used to determine the winning numbers of the British Saving Bonds Lottery. Although it’s been through many upgrades since then, ERNIE is still used today for the same purposes.
After this, a huge variety of true RNGs were developed, including one based on the movements of a lava lamp.
How does a Random Number Generator work?
As mentioned above, both hardware devices and software algorithms are used today to produce random numbers. To understand how RNGs work, we have to explore these two different methods of random number generation.
Hardware random number generators (HRNG) are also called true random number generators (TRNG). This is because they rely on physical changes with random properties to create a certain number of random bits per second.
For example, HRNGs can measure atmospheric noise through a radio receiver, thermal noise from a resistor, avalanche noise or Zener breakdown noise from diodes, etc. Or they can detect quantum mechanical physical randomness in a radioactive decay process using a Geiger counter, variations in vacuum energy through homodyne detection, Poisson noise in electronic circuits, photons in semi-transparent mirrors, and amplified signals from reverse-biased transistors (via quantum tunneling through energy gaps), and other sources.
All of these natural events are considered to be chaotic. HRNGS are designed to measure and make use of that entropy for random number generation.
In contrast, software-based RNGs resort to algorithms to carry out the randomization process. An algorithm is a limited set of instructions. An algorithm in RNG implies a series of mathematical operations that must be performed on a random seed, or initial, value. Because this can condition the final random bit sequences, as with Von Neumann's algorithm, software-based RNGs are not believed to be truly random but only emulate randomness. Therefore, they are called pseudorandom number generators (PRNG).
In fact, John Von Neumann wrote that “anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin”. Pseudorandom number generators are deterministic. Because they have a finite number of states (defined by the algorithm and the seed number), they can end up repeating a sequence of bits, and/or the possible result of the randomization process can become predictable over time.
However, PRNGs are much faster than HRNGs, and the level of randomness that they can provide is still useful for certain applications.
Cryptographically-secure pseudorandom number generators
Cryptography is the practice and study of techniques for ciphering and encoding data and communications in order to keep them private.
Because it is a field that aims at making information inaccessible to unauthorized users, cryptography often relies on random number generation, for example, in order to produce the keys that are used to encrypt data, nonces (non-reusable, arbitrary numbers) for initial values or authentication protocols for cryptography-protected communications, one-time pads, etc.
As you can guess, this application requires highly secure, unpredictable random number generation. Common pseudorandom number generators are not sufficiently safe, and hardware number generators are not sufficiently fast or find themselves limited by the amount of entropy that is available for use. Therefore, they are not generally suitable for cryptography.
Due to these disadvantages, cryptographers make use of a hybrid approach that works with both natural entropy and computer algorithms combined. This kind of random number generation is called cryptographically-secure pseudorandom number generation (CSPRNG).
CSPRNGs extract random bits from physical events taking place in a machine (such as from an on-chip thermal noise generator) and encode them with a hash function that is suitable for cryptography. Then, CPRNGs act like normal PRNGs and apply an algorithm to that chaotic, initial seed in order to generate additional (and even more unpredictable) random numbers.
Linux CPRNG, for example, can be found in action in secure shell protocols, web servers, and VPN servers.
RNG in gaming
Randomness livens up a lot of games. Think of board games or casino games that utilize dice or cards. The digital version of these games simulates the dice rolling or the card shuffling through PRNG.
In videogames, PRNGs are used to maintain a high level of unpredictability and add replay value to the game, while also saving time and effort to the developers as it is much easier for them to randomize the loots instead of programming what every single enemy of the game will drop when killed, for example.
RNG in videogames can also be applied to determine what item the player will obtain from a chest, what random events they will encounter in an open-world game (including weather changes), and when and if the player will land a critical hit during a battle, and other uses.