1 / 13

Pseudo-Random Number Generation

Pseudo-Random Number Generation. CSIS 5857: Encoding and Encryption. Random Number Generation. Crucial to key generation Crucial to many other applications (games, etc.) Desired properties: 1 or 0 equally likely to be generated

chars
Télécharger la présentation

Pseudo-Random Number Generation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pseudo-Random Number Generation CSIS 5857: Encoding and Encryption

  2. Random Number Generation • Crucial to key generation • Crucial to many other applications (games, etc.) • Desired properties: • 1 or 0 equally likely to be generated • Impossible to compute value of next random number based on previous values intercepted • Takes as long as possible before repeating cycle of values (inevitable in long run) • Can be based on an encryption algorithm

  3. True Random Numbers • Based on some random physical process • Coin flip • Particle physics • Difficult to build into computer!

  4. True Random Number Generators • Generally based on some physical process read in through peripherals • PGP: random user keystrokes • TrueCrypt: random mouse movement • Linux: mouse and keyboard activity, disk I/O operations • Intel: chip samples thermal noise across resistors • Other ideas: samples of sound/video input • Usually run through hash algorithm to insure good distribution of values

  5. Pseudo Random Numbers • Based on some mathematical formula / computer algorithm • Iterative: Next value based on previous valuexi= f(xi-1) • Usually require initial seedIVx0= f(IV) • Often include time/date for some true randomness

  6. Linear Congruential PRNG • Simple modular arithmetic: xi +1 = (axi + b) mod n • Commonly built into programming languages • Common values: • n= 231-1, a = 27,b = 0 • Generate all positive 32-bit integers with no repetition

  7. Linear Congruential PRNG • Not secure • Common values of n, a, and b are well known • Given a few xi, can easily compute where you are in sequence “I know what hand is coming next!”

  8. CTR-Based PRNG • Based on stream of bits created by CTR mode • Can use any block cipher (AES, DES, etc.) • v = seed • while (bits still needed) • block = E(k, v) • v = (v + 1) mod 2128 • output = output + block

  9. ANSI X9.17 PRNG • Based on Triple DES • Initial Vector IV (initially seed) • Current date/time • Cipher block chaining mode used • Next IV based onprevious result • Cracking sequence requires cracking 3DES to compute initial IV 112-bit key

  10. ANSI X9.62 PRNG (Micali-Schnorr) • PRNG based on RSA • Generate p, q, n, and e as in RSA • Choose bits k to generate each step • N = number of bits in n (N = log2(n)) • Remaining bits r = N – k • Choose seed x0(r bits)

  11. ANSI X9.62 PRNG (Micali-Schnorr) • To generate pseudorandom sequence of size km: • For i= 1 to m • yi=xei-1mod n (like RSA encryption) • xi= rmost significant bits of yi • output kleast significant bits of yi

  12. Hash-based PRNG • ISO 18031 PRNG • Initial vector V • Each cycle V += 1 • Hash V • Take n least significant bits • Secure if hash function secure • Can’t determine V from current random number

  13. MAC-based PRNG • IEEE 802.11 PRNG • Initial vector V • Hashed with MACusing key K • Result is also next V • Adversary would need to know K in order to duplicate sequence

More Related