RNG Testing

  • About RNG Testing
  • Process
  • Requirements
  • Deliverables

InfySEC has certified a lot of RNG (Random Number Generator) testing for different software/hardware generators over the period of time, we have done RNG audits on most platform including of C,C++,Java,PHP,Python,Perl,Ruby,Swift,R,C#,Delhi,Lua,Go,etc , we have the industry best standard practices followed for auditing a Random Number Generator.

infySEC’s Random Number Generator (RNG) evaluation consists of verification of the following:

  • Randomness conformity with large sampling
  • Internal state of the RNG
  • Predictability tests
  • Non-repeatability
  • Cycling and Reseeding

RNG simply ensures that cards, die numbers, slot game symbols, feature game outputs, jackpot triggers etc. are statistically random and unpredictable whereby giving trust for the end users who play that the system is not rigged. A correctly operating RNG gives players confidence in the gaming system and insures against unjustified player complaints. 


For Query & Registration


For Queries, Contact - 044-39 572 572


Participant Feedback



When a random number generator is devised, one needs to test its property. The two properties we are concerned most are uniformity and independence. A list of tests will be discussed. The first one tests for uniformity and the second to fifth ones test independence.
  • Frequency test
  • Runs test
  • Autocorrelation test
  • Gap test
  • Poker test

The algorithms of testing a random number generator are based on some statistics theory, i.e. testing the hypotheses. The basic ideas are the following, using testing of uniformity as an example.

RNG testing is conducted with the following stages :

  1. Examination of Source Code & Compilation
    • Identification of RNG algorithm and researching known weaknesses
    • Verify internal state of RNG
    • Verify RNG implementation caters for unpredictability and non-repeatability requirements
    • Verify seeding, background cycling and minimal re-seeding
    • Verify use of the random numbers, including scaling
    • Compile the RNG code (after all code issues are resolved)
  2. Raw numbers generated by the RNG algorithm are subjected to "diehard" tests.
  3. Generate sample scaled output and apply “Chi-square” tests e.g., if RNG is used to shuffle a deck of cards, then we would apply Chi-square tests to a wide range of shuffled decks.

The second and third stage tests determine statistical randomness, unpredictability and non-repeatability of the RNG. Our RNG evaluation fully complies with the requirements of the applicable gaming jurisdiction such as Australia, Alderney, Denmark, Gibraltar, Isle of Man, Italy,Kahnawake, Malta, Spain or UK.

RNG for testing should be submitted with the following:

  • Game parameters and rules including the number of selections within one game or draw, range and if the numbers are drawn with or without replacement, for example Keno, 20 numbers drawn from 1 through 80 without replacement
  • Application used to generate the random data as close to the final production application as possible with regard to the RNG implementation. Therefore, it should use the identical function(s), calls, variables, scaling methodology, etc. as the production software
  • An explanation of any differences between how the data is drawn for the test application and the production application
  • RNG Final Outcome Collection Tool - A data collection tool that allows collection of data in a manner similar to how the game data that is produced in the final release version of the production application;
  • Raw Output Collection Tool - If required by the scope of work, a binary data collection tool to allow collection of output from the RNG prior to scaling, shuffling, etc.
  • Key files and their respective checksums (SHA1, MD5, or SHA256)
  • Hardware requirements and specifications
  • Testing expectations
  • Intended RNG report recipients
  • Source Code Description and Documentation
  • Primary contact(s) and contact information for all questions
  • It is also recommended to submit a small data sample ahead of the primary submission to verify the format of the data

For Pseudo RNG the source code is required for the evaluation. For hardware RNG, information about the hardware device and output from the device are required. In order to test the scaling, code fragments that call the RNG are required (examples: scaling code for slot games, shuffling code for card games) for both Pseudo and hardware RNG implementations.

  • A certification report outlining the evaluation conducted and the results of that evaluation
  • Test results for Diehard and Chi-square tests
  • A certification seal/logo to be placed on your gaming site, and
  • A linked certificate indicating compliance of the RNG with the tests carried out. The original certificate is maintained at the infySEC web site so authenticity can be verified.