skip to main content
10.1145/1102120.1102148acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

A model and architecture for pseudo-random generation with applications to /dev/random

Published:07 November 2005Publication History

ABSTRACT

We present a formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source. Our model and architecture have the following properties:Resilience. The generator's output looks random to an observer with no knowledge of the internal state. This holds even if that observer has complete control over data that is used to refresh the internal state.Forward security. Past output of the generator looks random to an observer, even if the observer learns the internal state at a later time.Backward security/Break-in recovery. Future output of the generator looks random, even to an observer with knowledge of the current state, provided that the generator is refreshed with data of sufficient entropy.Architectures such as above were suggested before. This work differs from previous attempts in that we present a formal model for robust pseudo-random generation, and provide a formal proof within this model for the security of our architecture. To our knowledge, this is the first attempt at a rigorous model for this problem.Our formal modeling advocates the separation of the entropy extraction phase from the output generation phase. We argue that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography. On the other hand, we show that the latter can be implemented using any standard (non-robust) cryptographic PRG.We also discuss the applicability of our architecture for applications such as /dev/(u)random in Linux and pseudorandom generation on smartcards.

References

  1. B. Barak, R. Shaltiel, and E. Tromer. True random number generators secure in a changing environment. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 166--180, 2003. LNCS no. 2779.]]Google ScholarGoogle ScholarCross RefCross Ref
  2. M. Bellare and B. Yee. Forward-security in private-key cryptography. In Topics in Cryptology - CT-RSA'03, pages 1--18, 2003.]]Google ScholarGoogle ScholarCross RefCross Ref
  3. M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput., 13(4):850--864, Nov. 1984. Preliminary version in FOCS '82.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. R. Canetti and A. Herzberg. Maintaining security in the presence of transient faults. In Crypto '94, pages 425--438, 1994. LNCS No. 839.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Y. Dodis, R. Gennaro, J. Håstad, H. Krawczyk, and T. Rabin. Randomness extraction and key derivation using the CBC, Cascade and HMAC modes. In Crypto '04, pages 494--510, 2004. LNCS No. 3152]]Google ScholarGoogle ScholarCross RefCross Ref
  6. Y. Dodis and A. Smith. Entropic security and the encryption of high entropy messages. In Theory of Cryptography Conference (TCC) '05, pages 556--577, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. N. Ferguson and B. Schneier. Practical Cryptography. Wiley, New York, NY, USA, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. I. Goldberg and D. Wagner. Randomness and the Netscape browser. Dr. Dobb's Journal, pages 66--70, 1996.]]Google ScholarGoogle Scholar
  9. O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In Proc. 21st STOC, pages 25--32. ACM, 1989.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proc. 19th STOC, pages 218--229. ACM, 25--27 May 1987.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Gutmann. Software generation of practically strong random numbers. In Proceedings of the 7th USENIX Security Symposium, 1998. Available from http://www.cs.auckland.ac.nz/~pgut001/.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby. A pseudorandom generator from any one-way function. SIAM J. Comput., 28(4):1364--1396, 1999. Preliminary versions appeared in STOC' 89 and STOC' 90.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Cryptanalytic attacks on pseudorandom number generators. In FSE '98, pages 168--188, 1998. LNCS No. 1372.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Shaltiel. Recent developments in extractors. In G. Paun, R. I. Virgili, G. Rozenberg, and A. Salomaa, editors, Current trends in theoretical computer science., volume 1. World Scientific, 2004. Preliminary version in bulletin of the EATCS, 2002. Available on http://www.cs.haifa.ac.il/~ronen/.]]Google ScholarGoogle Scholar

Index Terms

  1. A model and architecture for pseudo-random generation with applications to /dev/random

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!