Inferensys

Glossary

True Random Number Generator (TRNG)

A True Random Number Generator (TRNG) is a hardware device that generates random numbers from a physical, non-deterministic process, providing a fundamental source of entropy for cryptographic security.
Modern WeWork hardware lab area with product team collaborating around AI device prototypes, 3D printer in background, dramatic industrial lighting with product sketches on glass walls.
EMBEDDED SECURITY FOR TINYML

What is a True Random Number Generator (TRNG)?

A hardware-based entropy source critical for cryptographic security on resource-constrained devices.

A True Random Number Generator (TRNG) is a hardware device that derives random numbers from a non-deterministic physical process, such as thermal noise, quantum effects, or metastable circuit behavior. Unlike software-based Pseudorandom Number Generators (PRNGs), a TRNG's output is fundamentally unpredictable and provides the essential entropy required for generating cryptographic keys, initialization vectors, and nonces in secure systems.

For TinyML and embedded systems, TRNGs are integrated into microcontrollers to establish a hardware root of trust. This enables secure key generation for lightweight cryptography, device authentication via Physical Unclonable Functions (PUFs), and secure firmware attestation. Their physical nature makes them resistant to software-based prediction attacks, forming the foundation for authenticated encryption and secure boot processes on constrained devices.

DEFINITIONAL ATTRIBUTES

Core Characteristics of a TRNG

A True Random Number Generator (TRNG) is a hardware device that derives randomness from a physical, non-deterministic process. Its defining characteristics ensure the generated numbers are unpredictable and suitable for high-assurance cryptography.

01

Physical Entropy Source

The foundational characteristic of a TRNG is its reliance on a fundamentally unpredictable physical phenomenon to seed randomness. This is in stark contrast to software-based Pseudorandom Number Generators (PRNGs). Common entropy sources include:

  • Thermal noise (Johnson–Nyquist noise) in a resistor.
  • Quantum effects like shot noise in a semiconductor or photon arrival times.
  • Metastability in digital circuits (e.g., ring oscillators).
  • Radioactive decay (less common in commercial devices). The quality of the entropy source directly determines the statistical randomness and unpredictability of the output.
02

Non-Deterministic Output

A TRNG's output sequence is inherently unpredictable and cannot be reproduced, even with complete knowledge of the device's initial state and design. This non-determinism arises from the analog, chaotic nature of the underlying physical process. It provides a critical security property: forward and backward secrecy. If an attacker captures a sequence of random numbers, they cannot computationally derive past or future numbers from the generator. This makes TRNGs essential for creating cryptographic keys, nonces, and initialization vectors where predictability would be catastrophic.

03

Hardware Implementation

By definition, a TRNG is a hardware component, either a discrete chip or a module integrated into a System-on-Chip (SoC) or microcontroller. This hardware-centric design is necessary to directly interface with and sample the analog entropy source. Implementation styles vary:

  • Discrete analog circuits with amplifiers and comparators.
  • Digital circuits exploiting metastability (e.g., ring oscillators feeding a flip-flop).
  • Dedicated peripheral within a secure microcontroller or Hardware Security Module (HSM). This hardware isolation helps protect the entropy generation process from software-based attacks and contamination.
04

Entropy Conditioning & Health Testing

Raw analog noise is often biased or correlated. Therefore, a TRNG includes post-processing circuitry or firmware to 'condition' the raw bits. This typically involves:

  • A digital conditioner like a cryptographic hash function (e.g., SHA-256) or a randomness extractor (e.g., a von Neumann corrector).
  • Continuous health tests that run in real-time to detect failures, such as a stuck output or a significant statistical deviation (e.g., monobit test, poker test). If a failure is detected, the generator must halt output to prevent the use of compromised randomness. Standards like NIST SP 800-90B define rigorous health testing requirements.
05

Cryptographic Security & Speed

A TRNG for security applications must meet two key performance metrics:

  • Cryptographic Security: The output must pass stringent statistical test suites for randomness (e.g., NIST STS, Dieharder) and be suitable for generating cryptographic key material. Its design must resist environmental manipulation (e.g., voltage, temperature) aimed at influencing the entropy source.
  • Bit Generation Rate: The speed at which it produces conditioned random bits, measured in bits per second (bps). Rates vary from kilobits/sec for simple microcontroller TRNGs to gigabits/sec for high-performance HSMs. The rate is limited by the entropy source's inherent noise bandwidth and the conditioning logic. For many TinyML security tasks (e.g., key generation), a slow but secure TRNG is sufficient.
06

Integration with a CSPRNG

In practical systems, a TRNG is rarely used directly to output a long stream of random numbers. Instead, it seeds a Cryptographically Secure Pseudorandom Number Generator (CSPRNG). The architecture follows this pattern:

  1. The TRNG generates a high-entropy seed.
  2. This seed initializes a deterministic CSPRNG algorithm (e.g., CTR_DRBG, Hash_DRBG).
  3. The CSPRNG produces a high-speed stream of pseudorandom numbers. This hybrid approach combines the unpredictability of the TRNG with the high performance and deterministic reproducibility (if seeded identically for testing) of the CSPRNG. The TRNG periodically reseeds the CSPRNG to maintain long-term security.
EMBEDDED SECURITY FOR TINYML

How Does a True Random Number Generator Work?

A True Random Number Generator (TRNG) is a hardware device that generates random numbers from a physical, non-deterministic process, providing a fundamental source of entropy for cryptographic security.

A True Random Number Generator (TRNG) derives its randomness from a physical, inherently unpredictable process, known as an entropy source. Common sources include thermal noise in a resistor (Johnson-Nyquist noise), quantum effects like photon arrival times, or metastable circuit behavior. This analog signal is sampled and digitized by an entropy harvester, then processed through a conditioning algorithm (often a cryptographic hash) to remove any bias and produce uniformly distributed, cryptographically secure random bits. Unlike a Pseudorandom Number Generator (PRNG), a TRNG's output is non-deterministic and cannot be reproduced, even with full knowledge of its initial state.

For TinyML and embedded security, a TRNG provides the essential seed entropy required to initialize cryptographic protocols, generate session keys, and create nonces. Its hardware implementation is critical for establishing a Hardware Root of Trust on a microcontroller, enabling Secure Boot, firmware attestation, and device authentication. Without a reliable TRNG, systems rely on deterministic PRNGs, which are vulnerable if their seed is predictable. In constrained environments, integrated circuit (IC) TRNGs or microcontroller-based designs using ring oscillators are common, providing the high-quality randomness needed for Lightweight Cryptography algorithms without significant power or area overhead.

ENTROPY SOURCES

TRNG vs. PRNG: A Critical Comparison

A fundamental comparison of True Random Number Generators (TRNGs) and Pseudorandom Number Generators (PRNGs) for cryptographic applications in embedded and TinyML systems.

Feature / MetricTrue Random Number Generator (TRNG)Pseudorandom Number Generator (PRNG)

Entropy Source

Physical, non-deterministic process (e.g., thermal noise, quantum effects)

Deterministic mathematical algorithm (e.g., ChaCha20, AES-CTR)

Randomness Quality

True, non-deterministic entropy

Deterministic, statistically random output

Seed Requirement

None (generates its own entropy)

Absolutely requires a high-entropy seed

Predictability

Unpredictable, even with full knowledge of system state

Fully predictable if the seed and algorithm are known

Cryptographic Suitability

Ideal for generating long-term secrets (keys, nonces)

Suitable for streams, simulations; requires secure seeding for crypto

Hardware Dependency

Requires dedicated hardware entropy source

Pure software implementation possible

Speed / Throughput

Typically slow (< 100 Kbps)

Extremely fast (> 1 Gbps)

Power Consumption

Higher (active analog components)

Lower (digital logic only)

NIST SP 800-90B Compliance

Designed to meet entropy source validation standards

N/A (validated as DRBGs under NIST SP 800-90A)

Common Use Case in TinyML

Seeding PRNGs, generating device-unique keys, secure boot nonces

Bulk encryption, Monte Carlo simulations, data shuffling

PHYSICAL ENTROPY SOURCES

Common TRNG Implementations & Use Cases

True Random Number Generators derive non-deterministic entropy from measurable physical phenomena. This section details the primary hardware mechanisms and their critical applications in secure systems.

01

Ring Oscillator Jitter

The most common digital TRNG implementation in microcontrollers and FPGAs. It exploits timing jitter—the inherent, unpredictable variations in the propagation delay of logic gates within a free-running oscillator loop.

  • Mechanism: Multiple inverter gates are connected in a loop. The unstable oscillation frequency is sampled at a rate derived from a second, stable clock.
  • Key Advantage: Can be implemented entirely in digital logic, making it suitable for integration into System-on-Chip (SoC) designs.
  • Challenge: Requires careful design to ensure sufficient entropy and to be resilient against environmental changes like temperature and voltage fluctuations.
02

Metastability & SRAM PUF Startup

This method leverages the unpredictable power-up state of bi-stable circuits. When SRAM cells are first powered, inherent transistor mismatches cause each cell to settle into a random 0 or 1 state.

  • Dual-Use: The initial pattern acts as a Physical Unclonable Function (PUF) for device fingerprinting. The noise around the settling point provides entropy for a TRNG.
  • Process: The unstable startup values are harvested, whitened (using a cryptographic hash like SHA-256), and output as random bits.
  • Use Case: Found in many secure microcontrollers as a low-area entropy source that requires no dedicated analog components.
03

Analog Noise Sources

These TRNGs sample fundamental analog noise phenomena, considered among the highest-quality entropy sources.

  • Thermal (Johnson-Nyquist) Noise: The random motion of electrons in a resistor, present in all conductors above absolute zero. Amplified and sampled to generate bits.
  • Shot Noise: Results from the discrete nature of electrical current (individual electrons flowing). Prevalent in semiconductor junctions like diodes and transistors.
  • Avalanche Noise: Generated by a semiconductor junction (e.g., a Zener diode) operated in reverse breakdown. Produces a broad-spectrum, high-amplitude noise signal.
  • Implementation: Requires precision analog circuitry (amplifiers, comparators) and is sensitive to power supply noise, making integration more complex than digital methods.
04

Quantum Optical Processes

Represents the gold standard for high-assurance randomness, leveraging the intrinsic probabilistic nature of quantum mechanics.

  • Photon Detection: A beam splitter directs single photons randomly to one of two detectors. The path choice is fundamentally unpredictable.
  • Vacuum Fluctuations: Quantum fluctuations in a vacuum state are measured to produce randomness.
  • Use Case: Primarily used in high-security applications like quantum key distribution (QKD) systems, cryptographic key generation for national security, and fundamental physics research. These are typically external, laboratory-grade devices, not integrated into microcontrollers.
05

Cryptographic Key Generation

The paramount use case for TRNGs. Cryptographic security is entirely dependent on the unpredictability of keys.

  • Process: The raw entropy from a TRNG is fed into a Deterministic Random Bit Generator (DRBG), also known as a Pseudorandom Number Generator (PRNG), which expands the seed to generate long key streams.
  • Standards: NIST SP 800-90A/B/C specify approved DRBG mechanisms (e.g., CTR_DRBG, Hash_DRBG) and entropy source requirements.
  • Impact: A weak or predictable TRNG compromises all encryption (AES), digital signatures (ECDSA), and key exchange protocols (Diffie-Hellman) on the device.
06

Secure Boot & Device Identity

TRNGs provide the essential randomness for foundational device security operations.

  • Nonce Generation: Creates unique cryptographic nonces ('number used once') to prevent replay attacks in authentication protocols.
  • Secure Boot Seeds: Provides randomness for generating the unique device keys used in firmware attestation and establishing a hardware root of trust.
  • PUF Helper Data: Used to generate the error-correcting helper data for Physical Unclonable Functions (PUFs), ensuring reliable key reconstruction without storing the key itself.
  • Secure Session Initialization: Generates random salts and initialization vectors (IVs) for secure communication sessions.
TRUE RANDOM NUMBER GENERATOR (TRNG)

Frequently Asked Questions

A True Random Number Generator (TRNG) is a hardware device that generates random numbers from a physical, non-deterministic process, providing a fundamental source of entropy for cryptographic security. This FAQ addresses its role in securing TinyML deployments on microcontrollers.

A True Random Number Generator (TRNG) is a hardware device that generates random numbers by sampling a physical, non-deterministic process. Unlike software-based Pseudorandom Number Generators (PRNGs) that use deterministic algorithms, a TRNG derives its randomness from inherently unpredictable physical phenomena.

How it works:

  • Entropy Source: The core is a physical entropy source, such as thermal noise in a resistor (Johnson-Nyquist noise), semiconductor junction noise, or quantum effects like photonic shot noise.
  • Signal Conditioning: The analog noise signal is amplified and sampled.
  • Digitization & Post-Processing: The sampled signal is digitized. Raw bits may be biased or correlated, so they are fed through a digital post-processing stage, often a cryptographically secure deterministic random bit generator (DRBG) or a whitening algorithm like Von Neumann correction, to produce unbiased, statistically independent random bits.
  • Output: The final stream of high-quality random bits is made available to the system's cryptographic library for key generation, nonces, and initialization vectors.
Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.