RNG Certification

MBHiTech's Random Number Generator (RNG) Certification

We pride ourselves on the high standards our own software. Our software is designed in a way that all in-game activities such as shuffling and dealing of cards are completely random, thanks to our highly enlightened Random Number Generator (RNG). MBHiTech TestLabs is experienced gaming testing laboratory in India. We have been serving gaming industry and our experience, expertise and dedication in this enlightened and evolving market ensure we always exceed client expectations.

MBHiTech is experienced in Test Driven Development and many other development and Quality Assurance methodologies. Our Quality Assurance services and gaming testing frameworks are comprehensive, spanning the entire Software Test Life Cycle. MBHiTech is also flexible enough to meet the needs of product companies that have just one or two specific requirements. MBHiTech provides testing and certification services to operators, platform providers and regulators to ensure effective end-to-end compliance online. Performing functional compliance testing of games, technical and transactional audits.

MBHiTech have done RNG audits on most platform including of C, C++, Java, PHP, C#, Javascript, Node js, etc, we have the industry best standard practices followed for auditing a Random Number Generator (RNG).

Internal state of the RNG
Cycling and Reseeding
Frequency of numbers, pairs
Statistical randomness
Unpredictability Test
Re-seeding and cycling
Poker test

RNG simply ensures that cards, die numbers, slot game symbols, feature game outputs, jackpot triggers etc. are statistically random and unpredictable whereby giving trust for the end users who play that the system is not rigged. A correctly operating RNG gives players confidence in the gaming system and insures against unjustified player complaints.

RNG tested with algorithms, The algorithms of testing a random number generator are based on some statistics theory, i.e. testing the hypotheses.

There are three stages for RNG testing.

1) Examination of Source Code & Compilation
    Identification of RNG algorithm and researching known weaknesses.
    Verify internal state of RNG.
    Verify RNG implementation caters for unpredictability and non-repeatability requirements.
     Verify seeding, background cycling and minimal re-seeding.
     Verify use of the random numbers, including scaling.
     Compile the RNG code (after all code issues are resolved).
2) Raw numbers generated by the RNG algorithm are subjected to “diehard” tests.
3) Generate sample scaled output and apply “Chi-square” tests e.g., if RNG is used to shuffle a deck of cards, then we would apply Chi-square tests to a wide range of shuffled decks.

The second and third stage tests determine statistical randomness, unpredictability and non-repeatability of the RNG. Our RNG evaluation fully complies with the requirements of the applicable gaming jurisdiction such as Australia, Alderney, Denmark, Gibraltar, Isle of Man, Italy, Kahnawake, Malta, Spain or UK.

A Random Number Generator is a technology designed to generate a sequence that does not have any pattern, therefore appear to be random.

There are two types of RNG. one is Pseudo Random Number Generator (PRNG) also called as Software RNG and used in Softwares. Second is True Random Number Generator (TRNG) also called as Hardware Random Number Generator and used in hardware machines.

Software random generators (PRNG): Software RNGs use mathematical algorithms to generate random numbers, initializing the algorithm with a “seed” value derived from some repetitive operation in the computer, such as keystrokes, running processes, the computer’s clock, or mouse movements. However, it is extremely difficult to come up with a completely random seed value, since most such operations only provide seeds with a small range of values.

Hardware random generators (TRNG): Hardware RNGs do not require seeds because hardware random numbers are not computed values; they are not derived through a repeatable algorithm. Rather, hardware-generated random numbers are digitized snapshots of naturally occurring noise. Because there is no algorithm and no repeating sequences of numbers, even if a hacker could determine one number, he would not be able to use it to predict any future numbers. For this reason, hardware RNGs are known as Truly Random Number Generators, or TRNGs.

Why are hardware based random number generators (RNG) considered better than software based generators?

the Software ones are based on computer algorithms that can be predictable or limited. Generally, the average hardware RNG is better compared to the average Software RNG. But although hardware RNG is called ‘true’ and Software RNG (being based on an algorithm) is called ‘pseudo’, I do not consider that a hardware RNG is always better. In the case of hardware, it’s all about how well the design is, how far does it go with the implementation and what else can affect the result. In the case of user input, it becomes a matter of how well a user can randomize. A mouse-moving-based RNG can be better or worse compared to an average hardware one depending on user skill. Likewise, a hardware RNG can be better or worse than the average mouse-moving-based RNG depending on the skill of the HW designer.

Software RNG have an inner state that is updated by input noise. This state is also shuffled by retrieving values from the generator. Basic hardware RNG do not have an inner state. Good hardware generator will continuously seed a software RNG to avoid distribution problems and to avoid interference (the input noise could not be that random under an attack). If the state of a software RNG leaks or is made public, it will not provide any randomness, because an attacker will be able to generate the same outputs. In this way, an hardware RNG is better because it doesn’t have a state that can leak. For example, some software RNG have a state that is initialized with public or poor data before they can gather enough noise. This is a problem with virtual machines that share the same initial state (avoid generating SSH or PGP keys on a virtual machine). On the other hand, a basic hardware generator can, in theory, be influenced by it’s input.

Submission requirements
For Pseudo RNG the source code is required for the evaluation. For hardware RNG, information about the hardware device and output from the device are required. In order to test the scaling, code fragments that call the RNG are required (examples: scaling code for slot games, shuffling code for card games) for both Pseudo and hardware RNG implementations.

We offer excellent value for a quality service at a competitive price. Payment is required at the start of the evaluation. After your payment is received, the code can be submitted for evaluation. For RNG evaluations we offer a firm set price. Our fixed price includes consultations, unlimited retests after bug fixes, test results, detailed certification reports, hot linked certificates and logos.

After completion of RNG testing deliverables

A certification report outlining the evaluation conducted and the results of that evaluation.
Test results for Diehard and Chi-square tests.
A certification seal/logo to be placed on your gaming site, and
A linked certificate indicating compliance of the RNG with the tests carried out. The original certificate is maintained at the MBHiTech’s website so authenticity can be verified.