Certifications.

See

Certifications

True (Hardware) Random Number Generator Certification

Certification applied to true random number generators means getting a letter or “certification” from an independent testing laboratory stating they have analyzed and tested a particular generator model and user application program, and in their opinion the combined hardware/software system operated as expected. The certification means the system design appears to be sound and performs in a way consistent with expected statistical results. This gives the company a basis to say their system is “fair, unbiased and unpredictable.”

There is no standard (or certification) for stand-alone non-deterministic (hardware or “true”) random number generators in the USA. Here and in other countries certifications are given for systems including a TRNG used for a specific purpose such as an online gaming system. It is the responsibility of the user of the true random generator and software system to obtain this type of certification as each application or system is different and only the user has control of their own software. Companies that obtain these certifications and testing laboratories that grant them do not share copies of the certificates, either for security reasons, copyright or because the testing firms charge money to provide the certifications. ComScire’s true random generators used with customers’ applications have been certified several times by well-known testing laboratories throughout the world.

FIPS Standard

There is no FIPS approved non-deterministic (true) random number generator. The purpose of FIPS 140-2 is to coordinate the requirements and standards for cryptography modules that include both hardware and software components. As such, stand-alone generators like our PQ4000KS and PQ32MU true random number generators, do not fall within the FIPS specified standards. Therefore, no FIPS “approval” would be available.

Internal Testing and Quality Assurance

ComScire Pure Quantum™ random generators are guaranteed to pass any properly designed test for randomness. Four randomly selected Model PQ4000KS generators were directly tested to more than 1 terabit of continuous output data without any indication of statistical defect, the Model PQ32MU was cumulatively tested to more than 67 terabits, and the Model PQ128MU was cumulatively tested to more than 300 terabits. All Model PQ4000KS generators are tested to at least 100 Gbits, and models PQ32MU and PQ128MU generators to at least 1 Tbit at the time of manufacture as part of our QA program. Our testing procedures are more stringent than any other manufacturers’. We have been selling online, world-wide for over 20 years – the longest of any hardware TRNG company, and we hold 5 issued patents (others pending) covering true random number generation and methods.

NIST Standards

NIST DRAFT Special Publication 800-90B, Recommendation for the Entropy sources Used for Random Bit Generation, describes the latest recommendations for entropy source requirements, construction, reliability, testing and security for non-deterministic random bit generators. ComScire Models PQ4000KS, PQ4000KSI, PQ4000KU, PQ32MU and PQ128MU are designed to be fully compliant with these recommendations. Full entropy random output is provided with no data conditioning required.

Internal Certification Letters and Testing Results

ComScire (The Quantum World Corporation) supplies the following letters describing the operation
and testing and internal certification of each of its hardware true random number generators:

pdf file Model PQ4000KS Internal Certification Letter
pdf file Model PQ4000KU Internal Certification Letter
pdf file Model PQ32MU Internal Certification Letter
pdf file Model PQ128MU Internal Certification Letter

pdf file Model R2000KU Internal Certification Letter
pdf file Model R32MU Internal Certification Letter

The following documents summarize representative test results for each model of hardware generator:

pdf file Model PQ4000KS NIST and DIEHARD Validation Tests
pdf file Model PQ4000KS QNGmeter Validation Tests

pdf file Model PQ4000KU NIST and DIEHARD Validation Tests
pdf file Model PQ4000KU QNGmeter Validation Tests

pdf file Model PQ32MU NIST and DIEHARD Validation Tests
pdf file Model PQ32MU QNGmeter Validation Test

pdf file Model PQ128MU NIST and DIEHARD Validation Tests
pdf file Model PQ128MU QNGmeter Validation Test

pdf file Model R2000KU NIST and DIEHARD Validation Tests
pdf file Model R2000KU QNGmeter Validation Tests

pdf file Model R32MU NIST and DIEHARD Validation Tests
pdf file Model R32MU QNGmeter Validation Test

if use on computers containing classified information is required:

pdf file Statement of Volatility for PQ4000KS
pdf file Statement of Volatility for PQ4000KU
pdf file Statement of Volatility for PQ32MU
pdf file Statement of Volatility for PQ128MU

pdf file Statement of Volatility for R2000KU
pdf file Statement of Volatility for R32MU

USB EEPROM Sanitizing Program

The Sanitizing Program confirms the small EEPROM used to configure serial numbers and product-specific
codes in the USB interface chip has not been added or altered in any way by verifying its SHA-1 hash.

QngEepromSha1Check.zip (Windows XP SP3/2003/Vista/2008/7/8)

Source code available upon request.