RandomNumber

advertisement
Random Number Generation
INTRODUCTION .................................................................................................................................. 2
USAGE ................................................................................................................................................ 2
THE REQUIREMENT FROM DIFFERENT ALGORITHM ........................................................................... 3
(DESIRABLE) PROPERTIES OF PSEUDORANDOM NUMBERS ................................................................ 6
PSEUDORANDOM NUMBERS ............................................................................................................. 6
MULTIPLICATIVE CONGRUENTIAL METHOD........................................................................................ 7
LINEAR CONGRUENTIAL METHOD ...................................................................................................... 7
BLUM BLUM SHUB CRYPTOGRAPHIC PSEUDORANDOM NUMBER GENERATOR ................................. 8
TEST FOR RANDOM NUMBERS ........................................................................................................... 8
Introduction
Truly random - is defined as exhibiting ``true'' randomness, such as the time between ``tics'' from
a Geiger counter exposed to a radioactive element
Pseudorandom - is defined as having the appearance of randomness, but nevertheless exhibiting
a specific, repeatable pattern.
numbers calculated by a computer through a deterministic process, cannot, by definition, be
random
Truly Random
Pseudorandom
Quasi-Random
Usage
Almost all network security protocols rely on the randomness of certain parameters
Nonce - used to avoid replay
session key
Unique parameters in digital signatures
Almost all cryptographic protocols require the generation and use of secret values that must be
unknown to attackers. Random number generator (RNG) is required. For example
RNGs are required to generate public/private key pairs for asymmetric (public key) algorithms
including RSA, DSA, and Diffie-Hellman.
Keys for symmetric and hybrid cryptosystems are also generated randomly.
RNGs are also used to create challenges, nonces (salts), padding bytes, and blinding values. The
one time pad – the only provably-secure encryption system – uses as much key material as
cipher-text and requires that the key-stream be generated from a truly random process.
Randomness in Cryptography
•Generation of:
–Nonce (only once used number)
–Key
–Challenge
–Initialization vector
–Padding byte
–Blinding value
The requirement from different algorithm
The frequency and volume of require for random is different:
RSA
Required when key pair is generated,
Thereafter, any number of messages can be signed without any further need for randomness.
DSA
Requires good random numbers for each signature .
One time pad
Requires a volume of randomness equal to all the messages to be processed.
Encryption
mi
Key
stream
k
generator
zi
ci
g

Decryption
ci
Key
k
stream
generator
zi

mi
(Desirable) Properties of Pseudorandom
Numbers
Desirable Attributes:
Uniformity
Independence
Efficiency
Replicability
Long Cycle Length
Uncorrelated Sequences - The sequences of random numbers should be serially uncorrelated
Long Period - The generator should be of long period (ideally, the generator should not repeat;
practically, the repetition should occur only after the generation of a very large set of random
numbers).
Uniformity - The sequence of random numbers should be uniform, and unbiased. That is, equal
fractions of random numbers should fall into equal ``areas'' in space. Eg. if random numbers on
[0,1) are to be generated, it would be poor practice were more than half to fall into [0, 0.1),
presuming the sample size is sufficiently large.
Efficiency - The generator should be efficient. Low overhead for massively parallel
computations.
Pseudorandom Numbers
Randomly chosen numbers are needed for many purposes, including computer simulations.
Pseudorandom numbers are not truly random since they are generated by systematic methods.
The linear congruential method is one commonly used procedure for generating pseudorandom
numbers.
Four integers are needed: the modulus m, the multiplier a, the increment c, and seed x0, with
2 ≤ a < m, 0 ≤ c < m, 0 ≤ x0 < m.
We generate a sequence of pseudorandom numbers {xn}, with
0 ≤ xn < m for all n, by successively using the recursively defined function
Multiplicative Congruential Method
Basic Relationship
Xi+1 = a Xi (mod m), where a ³ 0 and m ³ 0
Most natural choice for m is one that equals to the capacity of a computer word.
m = 2b (binary machine), where b is the number of bits in the computer word.
m = 10d (decimal machine), where d is the number of digits in the computer word.
Linear Congruential Method
Xi+1 = (aXi + c) mod m, i = 0, 1, 2....
(Example)
let X0 = 27, a = 17, c = 43, and m = 100, then
X1 = (17*27 + 43) mod 100 = 2
R1 = 2 / 100 = 0.02
X2 = (17*2 + 43) mod 100 = 77
R2 = 77 / 100 = 0.77
LCGs are not recommended to be used in computer simulations, nor any other purposes which
require higher degrees of randomness.
Blum
Blum
Shub
cryptographic
pseudorandom number generator
Test for Random Numbers
1. Frequency test. Uses the Kolmogorov-Smirnov or the chi-square test to compare the
distribution of the set of numbers generated to a uniform distribution.
2. Runs test. Tests the runs up and down or the runs above and below the mean by comparing
the actual values to expected values. The statistic for comparison is the chi-square.
3. Autocorrelation test. Tests the correlation between numbers and compares the sample
correlation to the expected correlation of zero.
4. Gap test. Counts the number of digits that appear between repetitions of a particular digit and
then uses the Kolmogorov-Smirnov test to compare with the expected number of gaps.
5. Poker test. Treats numbers grouped together as a poker hand. Then the hands obtained are
compared to what is expected using the chi-square test.
Entropy
Information density of the content of a sequence
High density usually means random
Arithmetic Mean
Chi-square Test
Provides a probability for the randomness for a sequence
Download