So the question is what is the True application of True Randomness in Cryptography?

You need “true randomness”—that is, a physical process whose outcome is hard enough to predict—to seed the pseudorandom generators that you use to generate keys for cryptography. Otherwise, you would have no secrets unknown to the adversary—you could try to keep your algorithms secret but that has been known since Kerckhoffs in the 19th century to be a fool's errand.

This is why essentially all modern application CPUs contain a hardware random source, such as Intel RDRAND/RDSEED or Arm RNDR/RNDRRS, backed by metastable flip-flops or jitter between parallel ring oscillators—to efficiently get an initial seed for the rest of your cryptography. But you can also seed your pseudorandom generators with die rolls or coin tosses, even if you don't have the patience of a 19th century professor of biology—100 d6 rolls is enough for 256 bits of entropy which is enough to defeat any adversary in the universe at a guessing game even in a multi-target attack. And then all your cryptography after that can be done with the PRG output.

Of course, if your PRG state leaks to the adversary, you need to draw an independent seed afresh from a physical process to prevent the adversary from breaking all your subsequent cryptography. (But, under reasonable designs like NIST SP 800-90Ar1 or anything else with backtracking resistance, past outputs are still safe from the adversary.)

So the question is what is the True application of True Randomness in Cryptography?

You need “true randomness”—that is, a physical process whose outcome is hard enough to predict—to seed the pseudorandom generators that you use to generate keys for cryptography. Otherwise, you would have no secrets unknown to the adversary—you could try to keep your algorithms secret but that has been known since Kerckhoffs in the 19th century to be a fool's errand.

This is why essentially all modern application CPUs contain a hardware random source, such as Intel RDRAND/RDSEED or Arm RNDR/RNDRRS, backed by metastable flip-flops or jitter between parallel ring oscillators—to efficiently get an initial seed for the rest of your cryptography. But you can also seed your pseudorandom generators with die rolls or coin tosses, even if you don't have the patience of a 19th century professor of biology—100 d6 rolls is enough for 256 bits of entropy which is enough to defeat any adversary in the universe at a guessing game even in a multi-target attack. And then all your cryptography after that can be done with the PRG output.

Of course, if your PRG state leaks to the adversary, you need to draw an independent seed afresh from a physical process to prevent the adversary from breaking all your subsequent cryptography. (But, under reasonable designs like NIST SP 800-90Ar1 or anything else with backtracking resistance, past outputs are still safe from the adversary.)

For key stream generation the IVs or the seed keys are similarly expected to be chosen uniformly randomly.

That's right—and it is often hard to concoct a uniform distribution out of a physical process without feeding it through some mathematical cryptographic algorithm like SHA-256 to smooth out the distribution.

For example, even if you try to sample one bit at a time directly with uniform distribution by flipping a coin (and you do so honestly, for your own sake), it is biased to come up the way it started about 51% of the time—which may seem small, but it's likely plenty to admit a lattice attack like Howgrave–Graham on ECDSA signatures.

This is why modern hardware random sources are—in serious real-world applications (in contrast to kooks selling one-time pads to chumps)—fed through a conditioning component like AES-CMAC or SHA-256 or a Keccak sponge to generate kegs with indistinguishable-from-uniform distribution for cryptography.

But you still need to seed it all with an unpredictable physical process.

So the question is what is the True application of True Randomness in Cryptography?

You need “true randomness”—that is, a physical process whose outcome is hard enough to predict—to seed the pseudorandom generators that you use to generate keys for cryptography. Otherwise, you would have no secrets unknown to the adversary—you could try to keep your algorithms secret but that has been known since Kerckhoffs in the 19th century to be a fool's errand.

This is why essentially all modern application CPUs contain a hardware random source, such as Intel RDRAND/RDSEED or Arm RNDR/RNDRRS, backed by metastable flip-flops or jitter between parallel ring oscillators—to efficiently get an initial seed for the rest of your cryptography. But you can also seed your pseudorandom generators with die rolls or coin tosses, even if you don't have the patience of a 19th century professor of biology—100 d6 rolls is enough for 256 bits of entropy which is enough to defeat any adversary in the universe at a guessing game even in a multi-target attack. And then all your cryptography after that can be done with the PRG output.

So the question is what is the True application of True Randomness in Cryptography?

You need “true randomness”—that is, a physical process whose outcome is hard enough to predict—to seed the pseudorandom generators that you use to generate keys for cryptography. Otherwise, you would have no secrets unknown to the adversary—you could try to keep your algorithms secret but that has been known since Kerckhoffs in the 19th century to be a fool's errand.

This is why essentially all modern application CPUs contain a hardware random source, such as Intel RDRAND/RDSEED or Arm RNDR/RNDRRS, backed by metastable flip-flops or jitter between parallel ring oscillators—to efficiently get an initial seed for the rest of your cryptography. But you can also seed your pseudorandom generators with die rolls or coin tosses, even if you don't have the patience of a 19th century professor of biology—100 d6 rolls is enough for 256 bits of entropy which is enough to defeat any adversary in the universe at a guessing game even in a multi-target attack. And then all your cryptography after that can be done with the PRG output.

Of course, if your PRG state leaks to the adversary, you need to draw an independent seed afresh from a physical process to prevent the adversary from breaking all your subsequent cryptography. (But, under reasonable designs like NIST SP 800-90Ar1 or anything else with backtracking resistance, past outputs are still safe from the adversary.)