CCF Labs · Published Standard
This document defines the statistical test battery, sampling requirements, decision rules, and certificate lifecycle governing RNG certification issued by CCF Labs.
This standard applies to the statistical evaluation of random number generator (RNG) output submitted to CCF Labs for certification, and to the ongoing validity conditions of certificates issued on the basis of that evaluation.
It covers: the test battery applied to submitted output (§ 4), minimum sampling requirements (§ 5), the pass/fail decision rule (§ 6), version locking of certificates to specific builds (§ 7), publication of test reports (§ 8), and revocation (§ 9).
It does not cover: legal gambling authorization in any jurisdiction, cryptographic security review of RNG implementations, server-side integrity of game operation, or return-to-player (RTP) simulation, which is scoped separately per engagement.
The CCF Labs core battery consists of the following eight tests from NIST SP 800-22 Rev 1a. Each test produces a p-value evaluated against α = 0.01.
| Ref | Test | Detects | Minimum input |
|---|---|---|---|
| T-01 | Frequency (Monobit) | Global bias toward 0 or 1 | 100 bits |
| T-02 | Block Frequency | Localized bias within blocks | 100 bits |
| T-03 | Runs | Abnormal oscillation rate between 0s and 1s | 100 bits |
| T-04 | Longest Run of Ones | Abnormal clustering of identical bits | 128 bits |
| T-05 | DFT (Spectral) | Periodic / repeating patterns | 1,000 bits |
| T-06 | Serial | Non-uniform frequency of m-bit patterns | 100 bits |
| T-07 | Approximate Entropy | Regularity / predictability of patterns | 100 bits |
| T-08 | Cumulative Sums (forward) | Drift â excess of 0s or 1s early or late in the stream | 100 bits |
Public reproducibility. This exact battery is runnable by anyone, against any bitstream, in the browser at the CCF Labs RNG Test Tool. The tool and this standard are maintained together: the battery described here is the battery the tool runs.
Planned extensions (full 15-test SP 800-22 battery, including Binary Matrix Rank, Non-overlapping/Overlapping Template Matching, Maurer's Universal, Linear Complexity, Random Excursions) are targeted for CCF-STD-001 v1.1 and will be published before use in any certification decision.
5.1 â Demonstration runs. The public tool accepts any input of at least 100 bits. Short inputs are suitable for demonstration only, and several tests will self-report as skipped below their minimum input size.
5.2 â Certification runs. A certification run must satisfy all of the following:
A certification run passes when every test in the § 4 battery yields p ⥠0.01. A single p-value below 0.01 constitutes a failed run.
Because a truly random source will occasionally produce a low p-value by chance (approximately 1 test in 100 at α = 0.01), a failed run may be repeated once on a freshly collected sample of at least equal size. Two consecutive failed runs constitute a failed certification; the submitter must remediate and re-enter the process from the beginning.
Pass results are reported per test, with exact p-values, in the published report (§ 8). CCF Labs does not publish aggregate "pass" claims without the underlying per-test values.
Every certificate is bound to the specific version or build hash of the software whose output was tested. The certificate covers only that build.
Any change that can affect RNG behavior â including changes to seeding, the generator algorithm, or outcome mapping â voids coverage for the changed build until revalidation. Revalidation is performed either as Hotfix Validation (diff-scoped, for changes not affecting core RNG logic) or as a full re-certification.
Operating a build other than the certified build while displaying the certificate badge is a violation of the certificate terms and grounds for revocation under § 9.
Each issued certificate links to a public test report containing, at minimum:
WC-YYYY-XXXX) and build lock identifier;A certificate page without a linked report indicates the certification run has not yet been completed and published; such certificates are marked accordingly on their verification page.
Certificate status is one of Active, Expired (validity period lapsed without renewal), or Revoked. Grounds for revocation include:
Status changes take effect on the public verification page immediately. Because badges resolve live against the registry, a revoked or expired certificate is visible as such wherever the badge is embedded.
Statistical testing demonstrates the absence of detected departures from randomness in the tested sample. It does not prove cryptographic security, does not guarantee the generator cannot be predicted given knowledge of its internal state, and does not attest to any property of software or samples that were not tested.
Certification under this standard is point-in-time with respect to the locked build. It is not a legal gambling license and does not constitute regulatory approval in any jurisdiction.
| Version | Date | Change |
|---|---|---|
| 1.0 | 2026-07-08 | Initial publication. |