Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Cryptographically Secure Pseudorandom Number Generator

1 min read
Pronunciation
[krip-toh-graf-i-klee si-kyoor soo-doh-ran-duhm nuhm-ber jen-er-ey-ter]
Analogy
Imagine a special dice-rolling machine designed for a high-stakes casino. A regular pseudorandom number generator might produce sequences that look random but have hidden patterns a clever gambler could eventually figure out. A CSPRNG is like a dice machine that is so well-designed and unpredictable that even if you know all its past rolls, you still can't guess the next roll with any better odds than pure chance. It's designed to be 'unbeatable' by observers.
Definition
An algorithm that generates a sequence of numbers that appears random and is unpredictable, even if parts of its internal state or previous outputs are known. CSPRNGs are suitable for generating cryptographic keys, nonces, and other values where unpredictability is crucial.
Key Points Intro
CSPRNGs are essential for generating high-quality random numbers for cryptographic applications.
Key Points

Produces outputs that are computationally indistinguishable from true random numbers.

Must be resistant to prediction even if an attacker has access to some previously generated numbers or parts of the generator's state (forward and backward secrecy).

Requires proper seeding with sufficient entropy (true randomness) from the environment.

Used for key generation, nonces, initialization vectors, salts, etc.

Example
Operating systems use CSPRNGs (e.g., /dev/urandom on Linux, CryptGenRandom on Windows) to provide random numbers for applications that need them for security, like generating session keys for TLS or random passwords.
Technical Deep Dive
CSPRNGs are often built using cryptographic primitives like hash functions (e.g., Hash_DRBG), block ciphers in counter mode (CTR_DRBG), or HMAC (HMAC_DRBG), as specified in standards like NIST SP 800-90A. They typically maintain an internal state that is updated with each call. The initial state must be seeded with entropy gathered from unpredictable physical sources (e.g., mouse movements, keyboard timings, disk I/O timings, dedicated hardware random number generators). If the initial seed is weak or compromised, the entire output sequence of the CSPRNG can be compromised.
Security Warning
The security of a CSPRNG depends critically on the quality and quantity of entropy used for its initial seeding and periodic reseeding. Insufficient entropy can lead to predictable outputs. It's also important to use standardized and well-vetted CSPRNG algorithms and implementations.
Related Terms
CSPRNG
Cryptography
Key Generation
Nonce

Cryptographically Secure Pseudorandom Number Generator - Related Articles

No related articles for this term.