Why is TRNG and why does it matter?
To understand the purpose of TRNG, first, we have to learn about "How a private key is generated". Because whether a private key is generated in a secure methodology will impact the security level of the private key itself.
A private key is a list of digits and numbers that are randomly generated based on an asymmetric cryptographic algorithm. The more random the creation source is, the more secure a private key will be. In such a case, a random number generator(RNG) is used to create a list of random values with random sources, including physical sources, or software sources.
There are two types of random number generators
- True random number generator(TRNG), and
- Pseudo-random number generator(PRNG)
TRNG measures some physical phenomenon that is expected to be random and then compensates for possible biases in the measurement process. Example sources include measuring atmospheric noise, thermal noise, and other external electromagnetic and quantum phenomena. For example, cosmic background radiation or radioactive decay as measured over short timescales represent sources of natural entropy.
PRNG uses computational algorithms that can produce long sequences of apparently random results, which are in fact completely determined by a shorter initial value, known as a seed value or key. As a result, the entire seemingly random sequence can be reproduced if the seed value is known. This type of generator typically does not rely on sources of naturally occurring entropy, though it may be periodically seeded by natural sources. This generator type is non-blocking, so they are not rate-limited by an external event, making large bulk reads a possibility.
Based on the above descriptions, it is not difficult to notice that a TRNG is using more random and unpredictable sources compared to a PRNG. In our daily life, most cellphones or computers are using PRNG, while SafePal S1 is embedded with a TRNG. This is to ensure a new private key is generated on a secure basis when a user creates a new wallet on the device.
How is TRNG applied to the S1 hardware wallet?
SafePal S1 is embedded with a true random number generator qualified with both the AIS31 standard from the Germany BSI and the FIPS PUB 140-2 standard from the U.S. government computer security standard, the two most well-known standards of encryption and information security. Both AIS31 and FIPS PUB 140-2 standards have utilized more advanced and strict testing criteria to test upon the quality of random number generators instead of regular randomness examinations.
Learn more about the US FIPS PUB 140-2 standard here.