Add to collection(s) Add to saved
  1. Science
  2. Astronomy
  3. Particle Physics

random

advertisement 
Random Number Generation
CSCI 5857: Encoding and Encryption
Outline
• Desired properties of a random number
generator
• True random number generators
• Pseudo-random number generators (PRNGs)
– Linear Congruential PRNG
– DES-based PRNG (ANSI X9.17 )
– AES/CTR-based PRNG
– RSA-based PRNG (ANSI X9.62)
– Hash and MAC-based PRNG
Random Number Generation
• Crucial to key generation
• Crucial to many other applications (games, etc.)
• Desired properties:
– 1 or 0 equally likely to be generated
– Impossible to compute value of next random
number based on previous values intercepted
– Takes as long as possible before repeating cycle of
values (inevitable in long run)
• Key: Good encryption/hashing functions have these
properties!
True Random Number Generators
• Based on some random physical process
– Coin flip, particle physics, etc.
• Generally based on some physical process read in
through peripherals
–
–
–
–
–
PGP: random user keystrokes
TrueCrypt: random mouse movement
Linux: mouse and keyboard activity, disk I/O operations
Intel: chip samples thermal noise across resistors
Other ideas: samples of sound/video input
• Usually run through hash algorithm to insure good
distribution of values
Pseudo Random Numbers
• Based on some mathematical formula /
computer algorithm
• Iterative: Next value based on previous value
xi = f(xi-1)
• Usually require initial seed IV
x0 = f(IV)
• Often include time/date for some true randomness
Linear Congruential PRNG
• Simple modular arithmetic: xi +1 = (axi + b) mod n
– Commonly built into programming languages
– Common values:
• n = 231-1, a = 27, b = 0
• Generate all positive 32-bit integers with no repetition
Linear Congruential PRNG
• Not secure
– Common values of n, a, and b are well known
– Given a few xi, can easily compute where you are
in sequence
“I know what hand
is coming next!”
ANSI X9.17 PRNG
• Based on Triple DES
– Initial Vector IV
(initially seed)
– Current date/time
– 112 key bits
• Cipher block
chaining mode used
– Next IV based on
previous result
• Cracking sequence
requires cracking
3DES to compute
initial IV
CTR-Based PRNG
• Based on stream of bits created by CTR mode
• Can use any block cipher
(AES, DES, etc.)
– v = seed
– while (bits still needed)
• block = E(k, v)
• v = (v + 1) mod 2128
• output = output + block
ANSI X9.62 PRNG (Micali-Schnorr)
• PRNG based on RSA
– Generate p, q, n, and e as in
RSA
• Current random number
= k least significant bits
of encrypting xi
• Remaining bits r fed into
next state
– Start with seed x0 (r bits)
ANSI X9.62 PRNG (Micali-Schnorr)
• Security similar to RSA
– Adversary would have to solve modular logarithm
problem to find xi
– Adversary must find to determine next random
number generated
Hash-based PRNG
• ISO 18031 PRNG
–
–
–
–
Initial vector V
Each cycle V += 1
Hash V
Take n least
significant bits
• Secure if hash
function secure
– Can’t determine V
from current random
number
MAC-based PRNG
• IEEE 802.11 PRNG
– Initial vector V
– Hashed with
MAC using key K
– Result is also
next V
• Adversary would need to know K in order to duplicate
sequence
Related documents
BVD-14.VPeriod Extension and Randomness Enhancement Using
BVD-14.VPeriod Extension and Randomness Enhancement Using
Stelly
Stelly
On the Possibility of a Back Door in the NIST SP800
On the Possibility of a Back Door in the NIST SP800
Lecture 19
Lecture 19
The ability to generate random numbers can be
The ability to generate random numbers can be
PRNG ANSI Altera FPGA core datasheet
PRNG ANSI Altera FPGA core datasheet
SI 486H, Unit 2: Architecture () Spring 2016
SI 486H, Unit 2: Architecture () Spring 2016
PRNG ANSI Xilinx FPGA core datasheet
PRNG ANSI Xilinx FPGA core datasheet
pseudorandom numbers
pseudorandom numbers
CH07 Testbank Crypto6e
CH07 Testbank Crypto6e
Parallel Random Numbers: As Easy as 1, 2, 3 ABSTRACT
Parallel Random Numbers: As Easy as 1, 2, 3 ABSTRACT
Download
advertisement