Random number generators (RNGs) are critical components in online gaming, cryptography, and many other fields requiring random data. Their role in ensuring fairness, unpredictability, and security cannot be overstated. RNGs come in various types, each with unique features, strengths, and weaknesses.
Today, we’re taking a closer look at the various types of RNGs and how they compare to the cutting-edge Elliptic Curve Random Number Generator (ECRNG).
Existing Types of RNGs
In RNGs, we mainly encounter two types: True Random Number Generators (TRNGs) and Pseudo-Random Number Generators (PRNGs).
TRNGs generate randomness from a fundamentally random physical process, such as radioactive decay or atmospheric noise. Their unpredictability relies on the unpredictability of the physical world. However, they can be slow and environmental conditions can influence their quality.
PRNGs, such as the Linear Congruential Generator (LCG) and the Mersenne Twister, are algorithms that produce sequences of numbers that only appear to be random. Given the same initial state, or “seed,” they will always have the same sequence. They are often used in simulations and games, but the deterministic nature can be a security concern in cryptographic operations.
It is also possible to distinguish a subtype of PRNG — Cryptographically Secure Pseudo-random Number Generators (CSPRNGs). It makes it possible to use this RNG for cryptography. Even if part of the output is known, it’s computationally infeasible to predict other parts.
The Rise of the ECRNG
The ECRNG has emerged as a promising solution in the quest for better RNGs. It leverages the mathematical complexity of elliptic curves to produce its number sequences. This complexity provides an additional layer of security, making the ECRNG more resistant to prediction and reverse-engineering than traditional PRNGs.
ECRNG works by taking as input two points on an elliptic curve, P and Q, that are fixed and not assumed to be secret. A secret seed is inserted into the ECRNG, and this combination generates random numbers that are believed to be unpredictable. Because of this, successive values will have no relationship that can be exploited to obtain private keys and break the cryptographic functions.
Advantages and Disadvantages of ECRNG
The main advantage of ECRNG is its security. The complex mathematical nature of elliptic curves makes it hard for attackers to predict or reverse-engineer the RNG’s outputs. This feature makes ECRNG a compelling choice for applications that require a high level of security, such as cryptography and online gaming.
However, ECRNGs have their disadvantages. The complexity that provides their security also makes them more computationally intensive than other PRNGs. It can be a drawback in systems with limited computational resources.
Choosing the Best ECRNG for PokerDAO
1. Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)
This is a PRNG based on elliptic curve cryptography. It generates random numbers by repeatedly applying an elliptical curve point multiplication operation. The Dual_EC_DRBG was standardized by the National Institute of Standards and Technology (NIST), but it became controversial due to potential backdoor concerns raised by security researchers. The main advantage of this algorithm is its solid theoretical basis in the mathematics of elliptic curves, which can provide a high degree of randomness. However, its main disadvantage is the controversy and potential security concerns related to a potential backdoor. These concerns have led to it being largely deprecated in favor of other algorithms.
2. Elliptic Curve Digital Signature Algorithm (ECDSA) based RNG
ECDSA is a cryptographic algorithm used for digital signatures. Although not primarily a random number generator, it utilizes a random number in the signature generation process. This number must be unique for each signature and generated securely; otherwise, if it is predictable or reused, it can lead to the private key’s exposure. The advantage is that it’s part of a widely used and well-studied cryptographic algorithm, ECDSA. The security of the RNG is tied to the safety of the ECDSA, which is generally considered vital. The disadvantage is that it’s not primarily an RNG, and the secure generation of random numbers is a crucial but ancillary requirement of the ECDSA. If not implemented correctly, it can lead to serious security issues.
3. Elliptic Curve Cryptography (ECC) based RNGs
Other RNGs use elliptic curve cryptography principles but may not be as widely recognized or standardized as Dual_EC_DRBG or ECDSA. These could include various custom RNGs built for specific applications or research. The advantages and disadvantages of these algorithms can vary widely depending on the specifics of the algorithm. In general, they can benefit from the solid mathematical properties of elliptic curves, but they may also suffer from potential security issues if they are carefully designed and vetted.
The PokerDAO algorithm shuffles and encrypts a deck of cards using a set of 52 points on an elliptic curve, with each card mapped to a single point. Each player generates a scalar and shuffles the set of points, multiplying each point by their scalar before passing it on to the next player. The final deck is encrypted by each player using unique keys, and no player can decrypt any card without the cooperation of all other players.
It’s how we have chosen at PokerDAO — to use an existing and proven cryptographic algorithm and build fast and independent trustless cryptography on it.
The future of online gaming is already here!
