Random number generation for cryptography
Author: Jamie McLauchlin
Revised: April 6, 2007
There are numerous applications for random numbers which has led to the development of many methods for generating them. Some of the earliest methods for generating random numbers include rolling dice or flipping a coin. More recently, physical phenomenon such as thermal noise, which appears to be truly random, has been used as the basis for hardware random number generators. There are countless applications for random numbers including gambling, statistical sampling, and computer simulation, but one of the most significant is that random numbers form the centerpiece of cryptography. 
There are two main methods used for generating random numbers. The first measures a physical phenomenon that is thought to be random and compensates for any potential biases in the measurements. The second uses computational algorithms to produce long sequences of apparently random results, which are determined by a shorter initial seed or key.
A hardware, or true, random number generator is a piece of electronics that plugs into a computer and produces genuine random numbers as opposed to pseudo-random numbers, which are produced by a computer program. The usual method is to amplify noise generated by a resistor or a semi-conductor diode and feed this to a comparator or Schmitt trigger. If the output is sampled, a series of bits are given that are statistically independent. These bits can be assembled into bytes, integer or floating point numbers, and then if necessary into random numbers from other distributions using certain methods. 
The computational methods for generating random numbers are known as pseudo-random number generators (PRNGs). A PRNG is a deterministic algorithm that is used to generated a sequence of numbers that approximate the properties displayed by random numbers. This sequence is not truly random since it is determined by initializing what is known as a "seed." A seed is a random event, such as the current time of day in milliseconds, that is used to simulate a different sequence every time it is used. A computer is likely to generate pseudo-random numbers and not actual random numbers.  A PRNG cannot be regarded as a "true" random number generator, since its output is predictable.
Random numbers form the centerpiece of cryptography provided the seed that the random number generator provides remains secretive and a high degree of randomness is maintained. A seed represents a secret parameter, known only by the communicants, for a specific message exchange context. seeds are important since ciphers without variable keys are easy to break.  A PRNG that is suitable for a cryptographic application is called a cryptographically secure PRNG (CSPRNG). The difference between a PRNG and CSPRNG is quite complex since a CSPRNG is required to meet certain criteria and be resistant to known attacks. Certification of an algorithm takes years of review and even then there is potential for future attacks to be developed. 
Blum Blum Shub (BBS) is a pseudo-random number generator that was proposed by Lenore Blum, Manuel Blum, and Michael Shub in 1986.
BBS has the form:
xn+1 = (xn)2 mod M
where M = pq and p and q are large prime numbers. At each iteration of the algorithm, an output is derived from xn which is usually either the parity bit of xn or one or more of the least significant bits of xn.  The parity bit is a binary digit that indicates whether the number of bits with the value of one in a given set of bits is odd or even. 
It is important that p and q both be congruent to 3 (mod 4) and that the gcd(φ(p-1), φ(q-1)) should be small.  The two integers a and b are considered congruent modulo n if a - b is divisible by n or if they have the same remainder upon being divided by n.  gcd(a, b), or the greatest common divisor of a and b, represents the largest positive integer that divides both integers a and b without a remainder.  Euler's totient function, φ(n), of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.  Two integers are considered to be coprime when they have no common factor other than 1 and -1, or equivalently, their gcd is 1. 
This PRNG is suitable for cryptography, though it is not very fast. It possesses a very strong security proof. When the primes p and q are chosen appropriately and a sufficient number of lower-order bits of each xn are output. 
n-1 = m (mod p) 
The standard formula for an inversive congruential generator is
xi+1 = (axi-1 + c) (mod m)
0 ≤ xi < m.