Scribd
Upload
26 views12 pages

Cryptography Lecture 6 Notes

The document discusses random number generation for cryptography. It describes true random number generators (TRNGs) which take a random source like system clock timings as input. Pseudorandom number generators (PRNGs) deterministically generate numbers from a seed using algorithms like the linear congruential generator or block ciphers in counter mode or output feedback mode. PRNGs aim to produce numbers that appear random, are unpredictable, and uniform. Care must be taken to ensure the seed for a PRNG is truly random.

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views12 pages

Cryptography Lecture 6 Notes

The document discusses random number generation for cryptography. It describes true random number generators (TRNGs) which take a random source like system clock timings as input. Pseudorandom number generators (PRNGs) deterministically generate numbers from a seed using algorithms like the linear congruential generator or block ciphers in counter mode or output feedback mode. PRNGs aim to produce numbers that appear random, are unpredictable, and uniform. Care must be taken to ensure the seed for a PRNG is truly random.

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

RANDOM NUMBERS

— A number of network security algorithms and protocols based on cryptography make


use of random binary numbers:
o Generation of a bit stream for symmetric stream encryption
o Session key generation
o Generation of keys for the RSA public-key encryption algorithm
o Key distribution and reciprocal authentication schemes

RANDOMNESS
— The generation of a sequence of allegedly random numbers being random in some well-
defined statistical sense has been a concern.
— Two criteria are used to validate that a sequence of numbers is random:
o Uniform distribution:
 The frequency of occurrence of ones and zeros should be
approximately equal.
o Independence:
 No one subsequence in the sequence can be inferred from the others.

— Usually it can be tested but not proved.


UNPREDICTABILITY
— The requirement is not just that the sequence of numbers be statistically random, but
that the successive members of the sequence are unpredictable.
— With “true” random sequences each number is statistically independent of other
numbers in the sequence and therefore unpredictable
o True random numbers have their limitations, such as inefficiency, so it is more
common to implement algorithms that generate sequences of numbers that
appear to be random.
o Care must be taken that an opponent is not able to predict future elements of the
sequence on the basis of earlier elements.
TRUE RANDOM NUMBER GENERATOR (TRNG)
— Takes as input a source that is effectively random.
— The source is referred to as an entropy source and is drawn from the physical
environment of the computer.
o Includes things such as keystroke timing patterns, disk electrical activity,
mouse movements, and instantaneous values of the system clock.
o The source, or combination of sources, serve as input to an algorithm that
produces random binary output.
— The TRNG may simply involve conversion of an analog source to a binary output.
— The TRNG may involve additional processing to overcome any bias in the source.
PSEUDORANDOM NUMBER GENERATOR (PRNG)
— Takes as input a fixed value, called the seed, and produces a sequence of output bits
using a deterministic algorithm
o Quite often the seed is generated by a TRNG.
— The output bit stream is determined solely by the input value or values, so an adversary
who knows the algorithm and the seed can reproduce the entire bit stream
— Other than the number of bits produced there is no difference between a PRNG and a
PRF
— Two different forms of PRNG
o Pseudorandom number generator:
 An algorithm that is used to produce an open-ended sequence of bits.
 Input to a symmetric stream cipher is a common application for an
open-ended sequence of bits.
o Pseudorandom function (PRF):
 Used to produce a pseudorandom string of bits of some fixed length.
 Examples are symmetric encryption keys and nonces.

PSEUDORANDOM NUMBERS
— Cryptographic applications typically make use of algorithmic techniques for random
number generation.
— These algorithms are deterministic and therefore produce sequences of numbers that
are not statistically random.
— If the algorithm is good, the resulting sequences will pass many tests of randomness and
are referred to as pseudorandom numbers.
TRNG / PRNG / PRF

PRNG REQUIREMENTS
— The basic requirement when a PRNG or PRF is used for a cryptographic application is
that an adversary who does not know the seed is unable to determine the
pseudorandom string.
— The requirement for secrecy of the output of a PRNG or PRF leads to specific
requirements in the areas of:
o Randomness
o Unpredictability
o Characteristics of the seed

RANDOMNESS
— The generated bit stream needs to appear random even though it is deterministic.
— There is no single test that can determine if a PRNG generates numbers that have the
characteristic of randomness
o If the PRNG exhibits randomness on the basis of multiple tests, then it can be
assumed to satisfy the randomness requirement.
— NIST SP 800-22 specifies that the tests should seek to establish three characteristics:
o Uniformity: # 1= #0
o Scalability: sub-sequences are random as well
o Consistency: consistent across seeds

UNPREDICTABILITY
— A stream of pseudorandom numbers should exhibit two forms of unpredictability:
— Forward unpredictability:
o If the seed is unknown, the next output bit in the sequence should be
unpredictable in spite of any knowledge of previous bits in the sequence.
— Backward unpredictability:
o It should not be feasible to determine the seed from knowledge of any
generated values. No correlation between a seed and any value generated from
that seed should be evident; each element of the sequence should appear to be
the outcome of an independent random event whose probability is ½.
— The same set of tests for randomness also provides a test of unpredictability.
o A random sequence will have no correlation with a fixed value (the seed)

SEED REQUIREMENTS
— The seed that serves as input to the PRNG must be secure and unpredictable.
— The seed itself must be a random or pseudorandom number.
— Typically the seed is generated by TRNG.
GENERATION OF SEED INPUT TO PRNG
— PRN is much longer than TRN.
— TRNG may produce a binary string with some bias.
— TRNG may be not fast enough.

PRNG DESIGN
— Algorithms fall into two categories:
o Purpose-built algorithms:
 Algorithms designed specifically and solely for the purpose of
generating pseudorandom bit streams.
 Example RC4 in WEP
o Algorithms based on existing cryptographic algorithms:
 Have the effect of randomizing input data.
LINEAR CONGRUENTIAL GENERATOR
— An algorithm first proposed by Lehmer that is parameterized with four numbers:
o m the modulus m>0
o a the multiplier 0 < a< m
o c the increment 0≤ c < m
o X0 the starting value, or seed 0 ≤ X0 < m
— The sequence of random numbers {Xn} is obtained via the following iterative equation.
— Xn+1 = (aXn + c) mod m
— If m , a , c , and X0 are integers, then this technique will produce a sequence of integers
with each integer in the range 0 ≤ Xn < m
— The selection of values for a , c , and m is critical in developing a good random number
generator m is typically near to or equal to 231.

BLUM BLUM SHUB (BBS) GENERATOR


— Has perhaps the strongest public proof of its cryptographic strength of any purpose-
built algorithm
— Referred to as a cryptographically secure pseudorandom bit generator (CSPRBG)
o A CSPRBG is defined as one that passes the next-bit-test if there is not a
polynomial-time algorithm that, on input of the first k bits of an output
sequence, can predict the (k + 1)st bit with probability significantly greater than
½
— The security of BBS is based on the difficulty of factoring n.
EXAMPLE OPERATION OF BBS GENERATOR

PRNG USING BLOCK CIPHER MODES OF OPERATION


— Two approaches that use a block cipher to build a PRNG have gained widespread
acceptance:
o CTR mode:
 Recommended in NIST SP 800-90, ANSI standard X.82, and RFC
4086
o OFB mode:
 Recommended in X9.82 and RFC 4086
PRNG USING BLOCK CIPHER MODES OF OPERATION
— Seed consists of two parts
o Key K and a value V
— V is updated every round
o CTR V+1 >V
o OFB output > V
— Pseudorandom bits are produced one block at a time.
o E.g., 128 bits for AES

EXAMPLE RESULTS FOR PRNG USING OFB


EXAMPLE RESUTS FOR PRNG USING CTR

ANSI X9.17 PRNG


TRNG AND POSSIBLE SOURCES OF RANDOMNESS
— A true random number generator (TRNG) uses a nondeterministic source to produce
randomness
— Most operate by measuring unpredictable natural processes.
— RFC 4086 lists the following possible sources of randomness that can be used on a
computer to generate true random sequences:

SKEW
— A TRNG may produce an output that is biased in some way, such as having more ones
than zeros or vice versa.
o Deskewing algorithms
o Methods of modifying a bit stream to reduce or eliminate the bias.
o One approach is to pass the bit stream through a hash function such as MD5
or SHA-1
o RFC 4086 recommends collecting input from multiple hardware sources and
then mixing these using a hash function to produce random output.
— Operating systems typically provide a built-in mechanism for generating random
numbers:
o Linux uses four entropy sources: mouse and keyboard activity, disk I/O
operations, and specific interrupts.
o Bits are generated from these four sources and combined in a pooled buffer.
o When random bits are needed the appropriate number of bits are read from the
buffer and passed through the SHA-1 hash function
COMPARISON OF PRNGs AND TRNGs

STREAM CIPHERS

STREAM CIPHER DESIGN CONSIDERATIONS

RC4 (A STREAM CIPHER)


— Designed in 1987 by Ron Rivest for RSA Security
— Variable key size stream cipher with byte-oriented operations
— Based on the use of a random permutation
— Eight to sixteen machine operations are required per output byte and the cipher can be
expected to run very quickly in software
— Used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) standards
that have been defined for communication between Web browsers and servers.
— Is also used in the Wired Equivalent Privacy (WEP) protocol and the newer WiFi
Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN
standard

STRENGTH OF RC4

SUMMARY
— Principles of pseudorandom number generation
o The use of random numbers
o TRNGs, PRNGs, and PRFs
o PRNG requirements
o Algorithm design
— Pseudorandom number generators
o Linear congruential generators
o Blum Blum Shub generator
— Pseudorandom number generation using a block cipher.
o PRNG using block cipher modes of operation.
o ANSI X9.17 PRNG
— Stream ciphers
— RC4
o Initialization of S
o Stream generation
o Strength of RC4
— True random number generators
o Entropy sources
o Comparison of PRNGs and TRNGs
o Skew

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy