I wrote a code which generates random numbers based on a private cryptography project ( for educational purposes ). Now i want to check how the quality of my random number generator is.
Tests i already did:
- Count all numbers together and check the distance to zero ( Numbers can be negative and positive )
- Compare the random numbers with the
System.Randomclass ( The duplicated numbers are at the half of the .NET’s random generator )
What can i further do to check how good the algorithm is working?
The ultimate way would be to give a formal proof for that it is hard to distinguish this pseudorandom sequence from a truly random sequence, e.g., by reducing this distinguishing problem to another problem that is proven (or at least strongly believed) to be hard (like for example taking the discrete logarithm).
This part of Cryptography is called Provable Security, which provides some nice proof techniques and concepts (hard-core predicates, one-way functions, distinguishing attack, hybrid distributions, …). However, it can only be applied if your algorithm has a mathematical fundament that can be handled formally.
From this field, the very first quality check is: Would it be ok if you would tell the rest of the world all the details of your algorithm and all its concepts and ideas? If not, then there is something wrong, since no encryption scheme should base on hiding how it works. The only secret must be the individual secret key (resp. random seed), but not the algorithm itself. For example, the Caesar chipher is easy to break once it is known how it works. In contrast to that, AES is an open standard, but it is still believed to be secure.