Raw QPP-RNG randomness via system jitter across platforms: a NIST SP 800-90B evaluation

• Published in: Scientific reports Vol. 15; no. 1; pp. 27718 - 19
• Main Authors: Vrana, Georgia, Lou, Dafu, Kuang, Randy
• Format: Journal Article
• Language: English
• Published: London Nature Publishing Group UK 29.07.2025; Nature Publishing Group; Nature Portfolio
• Subjects: 639/301; 639/705; Algorithms; Cryptography; Entropy; Humanities and Social Sciences; Integrated circuits; Internet of Things; Linux; multidisciplinary; PRNG; Pseudo-random number generator; QPP; Quantum computing; Quantum permutation pad; Random number generator; RNG; Science; Science (multidisciplinary); Software; Statistics; Quantum permutation pad; System jitter; Statistical testing; Pseudo-random number generator; PQC; Random number generator; IID randomness; RNG; Platform-independent randomness; Cryptographic primitives; QPP; TRNG; Post-quantum cryptography; Uniform distribution; Entropy source; CPU time jitter; Permutation test; True random number generator; Permutation entropy; NIST SP800-90B; PRNG
• ISSN: 2045-2322; 2045-2322
• DOI: 10.1038/s41598-025-13135-8

High-quality randomness is fundamental to the security of modern cryptographic systems. We present QPP-RNG , a true random number generator (TRNG) that harvests entropy from diverse system-level jitters–including CPU pipeline timing divergences, DRAM refresh cycle perturbations, cache miss-driven memory access latencies, and other subtle hardware and operating system-induced fluctuations. QPP-RNG’s core mechanism measures the elapsed time of randomized array sorting operations–where each Fisher-Yates shuffle is infinitesimally perturbed by these microscopic jitters–and amplifies these timing variations into cryptographically strong randomness through a quantum permutation pad (QPP) architecture, all achievable on commodity hardware. The raw output of QPP-RNG underwent rigorous evaluation for independent and identically distributed (IID) behavior using the NIST SP 800-90B IID test suite, alongside the comprehensive NIST SP 800-22 and ENT statistical test batteries. Across a range of platforms, including Windows, macOS, and Raspberry Pi, QPP-RNG consistently achieved high IID min-entropy between and  bits/byte. It passed all NIST SP 800-90B IID tests with -values significantly above the threshold, confirming that its generated randomness is statistically indistinguishable from ideal IID sources derived directly from system jitter. Cross-platform analyses spanning x86_64 and ARM64 architectures further demonstrate that the extracted jitter fingerprint–and consequently the generated randomness–exhibits remarkable statistical consistency, irrespective of the underlying hardware or operating system. QPP-RNG’s entropy density compares favorably with leading commercial entropy sources. It matches or slightly exceeds the NIST IID-certified min-entropy of ID Quantique’s Quantis QRNG (7.8744 bits/byte), and significantly outperforms both Red Hat’s CPU Time Jitter RNG (7.4528 bits/byte) and Quside’s PCIe One quantum entropy source (6.5136 bits/byte). Even against specialized hardware RNGs like Microchip’s ECC608 (4.0568 bits/byte), QPP-RNG demonstrates superior performance using only general-purpose processors. By effectively transforming otherwise discarded system noise into a reliable and high-quality entropy stream, QPP-RNG establishes a novel paradigm for embedded security, providing a robust entropy source on general-purpose devices without specialized hardware. This makes it especially well-suited for resource-constrained Internet of Things (IoT) and edge computing applications where strong entropy sources are paramount.