One type of exploit which has always fascinated me are those on random number generators. This article is broken up into three sections. The first section will present background information about the random walk hypothesis and compares the statistical definition of randomness to the algorithmic definition. The second section will outline my Python implementation of the NIST test suite, including a brief explanation and source code for each test. On another note I am thrilled to report that this Python implementation passes all of the unit tests specified in the NIST C documentation and, as a bonus, includes tonnes of comments.

Given this fact, I hope that the code will be useful to real security researchers as well as as quantitative analysts and traders. This section introduces the random walk hypothesis and it’s importance to quantitative finance. It also discusses the two definitions of randomness namely, statistical and algorithmic. The following extract is take from the Wikipedia page on the random walk hypothesis.

It very succinctly describes the test that Professor Malkiel performed and the conclusions he drew from this test. Have a go with the following three images. This observation lead early quantitative researchers to investigate whether or not stock market returns evolve randomly. The theory that market returns so evolve randomly is called the random walk hypothesis. 1800’s when Jules Regnault and Louis Bachelier observed the characteristics of randomness in the returns of stock options.

The theory was later formalized by Maurice Kendall and popularized in 1965 by Eugene Fama in his seminal paper, Random Walks In Stock Market Prices. Despite the entertainment value of these tests, they really don’t prove that markets are random at all. This conclusion does not, in and of itself, provide any useful information about the random characteristics of markets. It cannot explain many empirical examples of people who have consistently beaten the market. It does not distinguish between local and global randomness.