ComScire Random Generator
Product Selection Guide

Certification

blue orbs

True (Hardware) Random Number Generator Certification

Certification applied to true random number generators means getting a letter or “certification” from an independent testing laboratory stating they have analyzed and tested a particular generator model and user application program, and in their opinion the combined hardware/software system operated as expected. The certification means the system design appears to be sound and performs in a way consistent with expected statistical results. This gives the company a basis to say their system is “fair, unbiased and unpredictable.”

There is no standard (or certification) for stand-alone non-deterministic (hardware or "true") random number generators in the USA.  Here and in other countries certifications are given for systems including a TRNG used for a specific purpose such as an online gaming system. It is the responsibility of the user of the true random generator and software system to obtain this type of certification as each application or system is different and only the user has control of their own software. Companies that obtain these certifications and testing laboratories that grant them do not share copies of the certificates, either for security reasons, copyright or because the testing firms charge money to provide the certifications. ComScire's true random generators used with customers' applications have been certified several times by well-known testing laboratories throughout the world.

 

FIPS Standard

There is no FIPS approved non-deterministic (true) random number generator. The purpose of FIPS 140-2 is to coordinate the requirements and standards for cryptography modules that include both hardware and software components. As such, stand-alone generators like our PQ4000KU and PQ32MU true random number generators, do not fall within the FIPS specified standards. Therefore, no FIPS "approval" would be available.

 

Internal Testing and Quality Assurance

ComScire Pure Quantum™ random generators are guaranteed to pass any properly designed test for randomness. Four randomly selected Model PQ4000KU generators were directly tested to more than 1 terabit of continuous output data without any indication of statistical defect, and the Model PQ32MU was cumulatively tested to more than 67 terabits. All Model PQ4000KU generators are tested to at least 100 Gbits, and Model PQ32MU generators to at least 1 Tbit at the time of manufacture as part of our QA program. Our testing procedures are more stringent than any other manufacturers'. We have been selling online, world-wide for over 18 years – the longest of any hardware TRNG company, and we hold 5 issued patents (others pending) covering true random number generation and methods.

 

NIST Standards

NIST DRAFT Special Publication 800-90B, Recommendation for the Entropy sources Used for Random Bit Generation and NIST DRAFT Special Publication 800-90C, Recommendation for Random Bit Generator (RBG) Constructions, describe the latest recommendations for entropy source requirements, construction, reliability, testing and security for non-deterministic random bit generators. ComScire Models PQ4000KU and PQ32MU are designed to be fully compliant with these recommendations. Full entropy random output is provided with no data conditioning required.

 

Internal Certification Letters and Testing Results

ComScire (The Quantum World Corporation) supplies the following letters describing the operation
and testing and internal certification of each of its hardware true random number generators:

Model PQ4000KU Internal Certification Letter
Model PQ32MU Internal Certification Letter

Model R2000KU Internal Certification Letter
Model R32MU Internal Certification Letter

The following documents summarize representative test results for each model of hardware generator:

Model PQ4000KU NIST and DIEHARD Validation Tests
Model PQ4000KU QNGmeter Validation Tests

Model PQ32MU NIST and DIEHARD Validation Tests
Model PQ32MU QNGmeter Validation Test

Model R2000KU NIST and DIEHARD Validation Tests
Model R2000KU QNGmeter Validation Tests

Model R32MU NIST and DIEHARD Validation Tests
Model R32MU QNGmeter Validation Test

if use on computers containing classified information is required:

Statement of Volatility for PQ4000KU  
Statement of Volatility for PQ32MU  

Statement of Volatility for R2000KU  
Statement of Volatility for R32MU   

USB EEPROM Sanitizing Program:

The Sanitizing Program confirms the small EEPROM used to configure serial numbers and product-specific
codes in the USB interface chip has not been added or altered in any way by verifying its SHA-1 hash.

QngEepromSha1Check.exe (Windows XP SP3/2003/Vista/2008/7/8)

Source code available upon request.