Compliance 24 April 2026 · 8 min read

PractRand 0.96 at 32 GB: 157 Tests, Zero Anomalies

Last week we pushed TrueEntropy hybrid output through PractRand 0.96 - one of the most demanding statistical test suites for random number generators. The result: 157 tests passed, zero anomalies, across 32 gigabytes of data. This post explains what we tested, how we did it, and why the result matters.

What Is PractRand?

PractRand (Practically Random) is an open-source C++ statistical testing suite written by Chris Doty-Humphrey. Unlike NIST SP800-22, which tests a fixed-size sample (typically around 1 MB), PractRand is designed to scale. It tests at every power-of-two boundary - 128 MB, 256 MB, 512 MB, 1 GB, 2 GB, and so on - running progressively more tests as the data grows. A weak PRNG will typically fail somewhere between 1 MB and 16 MB. A strong one survives much longer.

PractRand is the test suite that has exposed weaknesses in generators that previously appeared sound, including several popular PRNGs used in game engines and simulation tools. It is the standard reference when developers want to know whether a generator is genuinely usable at scale.

What We Tested

TrueEntropy operates a quantum-seeded hybrid architecture. Raw quantum entropy is generated on IBM Quantum hardware (ibm_fez, 156-qubit system) using 8-qubit Hadamard circuits. That quantum entropy seeds a ChaCha20 stream cipher, which expands the seed into a full-scale byte stream for API delivery. This is the same architecture that powers every API response.

For this test, we used 10,485,760 bytes (10 MB) of real IBM Quantum hardware output - the same data that passes our NIST SP800-22 7/7 verification - as the ChaCha20 key and nonce material. The quantum bytes were prepended to the keystream to produce the final test stream. The entire stream was then piped into PractRand's stdin8 mode, which treats the input as a stream of 8-bit values.

# Entropy source: 10 MB IBM Quantum ibm_fez hardware
# Key = quantum[0:32], Nonce = quantum[32:44]
# Stream = quantum bytes + ChaCha20 keystream to 32 GB

./RNG_test stdin8 -tlmax 32G < raw_hybrid_32g.bin

The Results

PractRand tested the stream at every doubling checkpoint from 128 MB to 32 GB. At each point it ran an expanding battery of core tests. Every single one passed.

RNG_test using PractRand version 0.96
RNG = RNG_stdin8, seed = unknown
test set = core, folding = standard (8 bit)

length= 128 megabytes (2^27 bytes), time= 2.0 seconds
  no anomalies in 102 test result(s)

length= 256 megabytes (2^28 bytes), time= 4.0 seconds
  no anomalies in 110 test result(s)

length= 512 megabytes (2^29 bytes), time= 7.5 seconds
  no anomalies in 118 test result(s)

length= 1 gigabyte (2^30 bytes), time= 14.6 seconds
  no anomalies in 125 test result(s)

length= 2 gigabytes (2^31 bytes), time= 29.8 seconds
  no anomalies in 132 test result(s)

length= 4 gigabytes (2^32 bytes), time= 59.8 seconds
  no anomalies in 139 test result(s)

length= 8 gigabytes (2^33 bytes), time= 119 seconds
  no anomalies in 145 test result(s)

length= 16 gigabytes (2^34 bytes), time= 246 seconds
  no anomalies in 151 test result(s)

length= 32 gigabytes (2^35 bytes), time= 471 seconds
  no anomalies in 157 test result(s)

157 tests. Zero anomalies. The full run completed in 471 seconds (under 8 minutes) on a standard Linux server.

How This Compares

To put these numbers in context:

  • NIST SP800-22 tests ~1 MB across 15 tests. We pass 7/7 of our implemented tests on every batch.
  • Typical commercial CSPRNG validation targets 1-4 GB with PractRand. We tested to 32 GB.
  • Weak PRNGs such as basic LCGs or Mersenne Twister variants fail PractRand before 16 MB.
  • ChaCha20, the cipher used in our hybrid, is the same stream cipher used in TLS 1.3, WireGuard, and OpenSSH. Its statistical properties are well established.

The result is not surprising - ChaCha20 keyed with genuine quantum entropy is designed to be indistinguishable from a truly random stream. But running the test gives us a documented, reproducible result we can share with customers and auditors.

An Honest Caveat

Statistical tests measure one thing: whether an output stream contains detectable patterns. Passing PractRand at 32 GB means the stream has no statistically detectable structure at this scale. It does not constitute a cryptographic proof of security, and it does not replace key management, secure transmission, or application-layer security practices.

The quantum seed (IBM Fez hardware) is the irreducible source of entropy. ChaCha20 is computationally secure - an adversary without the key cannot distinguish its output from random - but it is not information-theoretically secure in the way that raw quantum measurement is. For applications requiring the strongest possible guarantees, our pure entropy mode delivers raw quantum bytes directly.

What This Means for You

Every API response you receive from TrueEntropy in hybrid or auto mode is drawn from a quantum-seeded ChaCha20 stream - the same stream we just validated to 32 GB. The quantum origin is real. The statistical quality is documented. And the full methodology and raw PractRand output is published in our compliance documentation for anyone to review.

If you have questions about our testing methodology or want to reproduce the results yourself, the PractRand validation page includes the exact commands used. PractRand is free, open-source, and takes about 8 minutes to run on this dataset.

← Back to Blog

Ready for True Quantum Entropy?

Start generating quantum random numbers in under 3 minutes.

Get Started Free →

Powered by QuBitLang & IBM Quantum