8 Randomness and secrets


This chapter covers

  • What randomness is and why it’s important
  • Obtaining strong randomness and producing secrets
  • The pitfalls of randomness

This is the last chapter of the first part of this book, and I have one last thing to tell you before we move on to the second part and learn about actual protocols used in the real world. It is something I’ve grossly neglected so far — randomness.

You must have noticed that in every cryptographic algorithm you’ve learned (with the exception of hash functions), you had to use randomness at some point: secret keys, nonces, IVs, prime numbers, challenges, and so on. As I was going through these different concepts, randomness always came from some magic black box. This is not atypical. In cryptography white papers, randomness is often represented by drawing an arrow with a dollar sign on top. But at some point, we need to ask ourselves the question, “Where does this randomness really come from?”

In this chapter, I will provide you with an answer as to what cryptography means when it mentions randomness. I will also give you pointers about the practical ways that exist to obtain randomness for real-world cryptographic applications.


For this chapter, you’ll need to have read chapter 2 on hash functions and chapter 3 on message authentication codes.

8.1 What’s randomness?

8.2 Slow randomness? Use a pseudorandom number generator (PRNG)

8.3 Obtaining randomness in practice

8.4 Randomness generation and security considerations

8.5 Public randomness

8.6 Key derivation with HKDF

8.7 Managing keys and secrets

8.8 Decentralize trust with threshold cryptography