A pseudorandom number generator (PRNG) is an algorithm for generating a sequence of numbers whose properties approximate those of a sequence of random numbers. However, sequences generated by a PRNG are not truly random because they are the outputs of a specific algorithm with specific input. The input is also referred to as seed and can be completely random.
The majority of cryptographic applications require random numbers for:
- Key generation.
- Nonce calculation.
- Salt generation for various schemes of digital signature and other encryption.
The randomness of the generated sequences directly impacts the security of these applications; thus, the pseudorandom number generator is further developed into the cryptographically secure pseudorandom number generator (CSPRNG). A cryptographically secure pseudorandom number generator must satisfy two requirements:
- The generated sequence must pass the statistical randomness tests.
- The generator can resist any compromise of the internal state or algorithm: attackers may know the generator’s algorithm, internal state, and output but they still cannot accurately guess the next output sequence.