Certifications.

See

Support

Downloads

Certifications

FAQ

Contact Us

True (Hardware) Random Number Generator Certification

Certification of a true random number generator means getting a “certification” report from an independent testing laboratory stating they have analyzed and tested the provided generator. The certification means the system design is sound and performs in a way consistent with expected statistical results, as well as with the relevant standards set by NIST and the German BSI.

ComScire’s CryptoStrong™ generators are independently tested and certified compliant with both NIST SP 800-90C and BSI AIS 20/31 Class PTG.3. These are the highest recommended standards for true random number generators. ComScire generators are the first and only ones to receive certifications under both standards.

QNG devices used in customers’ applications have been certified many times by well-known testing laboratories around the world. These certifications are obtained by the companies that use them in their proprietary systems. Testing laboratory reports and certifications are typically confidential and covered by non-disclosure agreements and copyrights.

NIST Standards

NIST DRAFT Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions, specifies approved RBG constructions consisting of deterministic random bit generators (DRBG), as specified in NIST SP 800-90A, and entropy sources, as specified in SP 800-90B. ComScire’s CryptoStrong™ generators are independently tested and certified compliant with both NIST SP 800-90C and BSI AIS 20/31 Class PTG.3.

NIST SP 800-90B, Recommendation for the Entropy sources Used for Random Bit Generation, describes the latest recommendations for entropy source requirements, construction, reliability, testing and security for non-deterministic random bit generators. ComScire PureQuantum® Models PQ4000KS, PQ4000KSI, PQ4000KU, PQ32MS, PQ32MU, PQ128MS and PQ128MU are fully compliant with these recommendations. Full entropy random output is provided with no data conditioning required.

Testing and Quality Assurance

ComScire QNG devices are guaranteed to pass any properly designed test for randomness. Standard models PQ128MS and CS128M were continuously tested to more than 500 terabits – the longest sequences of directly-tested true random generator output bits in the world. All generators are tested to at least 100 Gbits or 10 Tbits for the CS128M at the time of manufacture as part of our QA program. Our testing procedures are more stringent than any other manufacturers’. We have been selling online, worldwide for over 25 years – the longest of any hardware RNG company, and our technology is covered by 8 issued US and foreign patents with others pending – also the most of any company.

Internal Certification Letters and Testing Results

ComScire (The Quantum World Corporation) supplies the following letters describing the operation
and testing and internal certification of each of its hardware true random number generators:

pdf file Model CS128M Internal Certification Letter
pdf file Model PQ4000KS Internal Certification Letter
pdf file Model PQ4000KU Internal Certification Letter
pdf file Model PQ32MS Internal Certification Letter
pdf file Model PQ32MU Internal Certification Letter
pdf file Model PQ128MS Internal Certification Letter
pdf file Model PQ128MU Internal Certification Letter
pdf file Model R2000KU Internal Certification Letter
pdf file Model R32MU Internal Certification Letter

The following documents summarize representative test results for each model of hardware generator:

pdf file Model CS128M Validation Tests
pdf file Model PQ128MS Validation Tests
pdf file Model PQ32MS Validation Tests
pdf file Model PQ4000KS Validation Tests
pdf file Model PQ128MU Validation Tests
pdf file Model PQ32MU Validation Tests
pdf file Model PQ4000KU Validation Tests

pdf file Model R2000KU NIST and DIEHARD Validation Tests
pdf file Model R2000KU QNGmeter Validation Tests

pdf file Model R32MU NIST and DIEHARD Validation Tests
pdf file Model R32MU QNGmeter Validation Test

if use on computers containing classified information is required:

pdf file Statement of Volatility for CS128M
pdf file Statement of Volatility for PQ4000KS
pdf file Statement of Volatility for PQ4000KU
pdf file Statement of Volatility for PQ32MS
pdf file Statement of Volatility for PQ32MU
pdf file Statement of Volatility for PQ128MS
pdf file Statement of Volatility for PQ128MU

pdf file Statement of Volatility for R2000KU
pdf file Statement of Volatility for R32MU

USB EEPROM Sanitizing Program

The Sanitizing Program confirms the small EEPROM used to configure serial numbers and product-specific
codes in the USB interface chip has not been added or altered in any way by verifying its SHA-1 hash.

QngEepromSha1Check.zip (Windows XP SP3/2003/Vista/2008/7/8)

Source code available upon request.