Random numbers may not sound very important, but they are at the heart of modern cybersecurity.
Every time you make an online purchase, log into your bank, or connect to a secure website, random numbers are being used to create secret keys that keep your information safe.
If those numbers are predictable, hackers can break into even the strongest systems.
That’s why computer scientists spend so much time trying to build better random number generators.
Now, researchers at KAIST (Korea Advanced Institute of Science and Technology) have developed a breakthrough technology that makes these generators both faster and more secure than ever before.
The work was led by Professor Jooyoung Lee and will be presented at the CRYPTO 2025 conference.
The team’s new system, called POSDRBG (Parallel Output Sponge-based Deterministic Random Bit Generator), is a major improvement over the existing methods used worldwide.
Traditional random number generators, especially those based on “sponge constructions” like the one in the SHA-3 hash standard, often struggled with efficiency.
They could only produce part of the available output at a time, meaning the process was slower than it needed to be. POSDRBG fixes this problem by processing data in parallel. Instead of working in a single line, it opens up multiple streams at once, dramatically speeding up the process.
But speed is only half the story. Security is equally crucial, and here too the KAIST team made a major advance. Up to now, the security of random number generators was proven using a method called “game hopping,” which divided the interaction between an attacker and the generator into many small steps.
While effective, this approach underestimated the true strength of the system, giving lower guarantees than what was theoretically possible.
Lee’s group introduced a new, simplified proof technique that showed the real security level of permutation-based random number generators is actually much higher—around 50% stronger than previously thought.
They also proved this is the maximum level of security achievable, meaning the generator is as strong as theory allows.
This combination of maximum efficiency and maximum security makes POSDRBG suitable for a wide range of uses, from small Internet-of-Things (IoT) devices to massive cloud servers. In practice, it could mean faster encryption, stronger protection against cyberattacks, and more reliable security for the growing number of devices that connect our digital world.
Professor Lee believes this research could help shape international standards. “POSDRBG is a new deterministic random bit generator that improves both random number generation speed and security, making it applicable from small IoT devices to large-scale servers,” he said.
“We expect it to influence the revision of the international DRBG standard and formally include permutation-based DRBGs.”
With cybersecurity threats constantly evolving, innovations like this are critical to staying ahead of hackers. By rethinking both the theory and design of random number generation, the KAIST team has taken a big step toward making the internet a safer place.
