ABSTRACT
We present a formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source. Our model and architecture have the following properties:Resilience. The generator's output looks random to an observer with no knowledge of the internal state. This holds even if that observer has complete control over data that is used to refresh the internal state.Forward security. Past output of the generator looks random to an observer, even if the observer learns the internal state at a later time.Backward security/Break-in recovery. Future output of the generator looks random, even to an observer with knowledge of the current state, provided that the generator is refreshed with data of sufficient entropy.Architectures such as above were suggested before. This work differs from previous attempts in that we present a formal model for robust pseudo-random generation, and provide a formal proof within this model for the security of our architecture. To our knowledge, this is the first attempt at a rigorous model for this problem.Our formal modeling advocates the separation of the entropy extraction phase from the output generation phase. We argue that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography. On the other hand, we show that the latter can be implemented using any standard (non-robust) cryptographic PRG.We also discuss the applicability of our architecture for applications such as /dev/(u)random in Linux and pseudorandom generation on smartcards.
- B. Barak, R. Shaltiel, and E. Tromer. True random number generators secure in a changing environment. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 166--180, 2003. LNCS no. 2779.]]Google Scholar
Cross Ref
- M. Bellare and B. Yee. Forward-security in private-key cryptography. In Topics in Cryptology - CT-RSA'03, pages 1--18, 2003.]]Google Scholar
Cross Ref
- M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput., 13(4):850--864, Nov. 1984. Preliminary version in FOCS '82.]] Google Scholar
Digital Library
- R. Canetti and A. Herzberg. Maintaining security in the presence of transient faults. In Crypto '94, pages 425--438, 1994. LNCS No. 839.]] Google Scholar
Digital Library
- Y. Dodis, R. Gennaro, J. Håstad, H. Krawczyk, and T. Rabin. Randomness extraction and key derivation using the CBC, Cascade and HMAC modes. In Crypto '04, pages 494--510, 2004. LNCS No. 3152]]Google Scholar
Cross Ref
- Y. Dodis and A. Smith. Entropic security and the encryption of high entropy messages. In Theory of Cryptography Conference (TCC) '05, pages 556--577, 2005.]] Google Scholar
Digital Library
- N. Ferguson and B. Schneier. Practical Cryptography. Wiley, New York, NY, USA, 2003.]] Google Scholar
Digital Library
- I. Goldberg and D. Wagner. Randomness and the Netscape browser. Dr. Dobb's Journal, pages 66--70, 1996.]]Google Scholar
- O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In Proc. 21st STOC, pages 25--32. ACM, 1989.]] Google Scholar
Digital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proc. 19th STOC, pages 218--229. ACM, 25--27 May 1987.]] Google Scholar
Digital Library
- P. Gutmann. Software generation of practically strong random numbers. In Proceedings of the 7th USENIX Security Symposium, 1998. Available from http://www.cs.auckland.ac.nz/~pgut001/.]] Google Scholar
Digital Library
- J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby. A pseudorandom generator from any one-way function. SIAM J. Comput., 28(4):1364--1396, 1999. Preliminary versions appeared in STOC' 89 and STOC' 90.]] Google Scholar
Digital Library
- J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Cryptanalytic attacks on pseudorandom number generators. In FSE '98, pages 168--188, 1998. LNCS No. 1372.]] Google Scholar
Digital Library
- R. Shaltiel. Recent developments in extractors. In G. Paun, R. I. Virgili, G. Rozenberg, and A. Salomaa, editors, Current trends in theoretical computer science., volume 1. World Scientific, 2004. Preliminary version in bulletin of the EATCS, 2002. Available on http://www.cs.haifa.ac.il/~ronen/.]]Google Scholar
Index Terms
A model and architecture for pseudo-random generation with applications to /dev/random
Recommendations
Security analysis of pseudo-random number generators with input: /dev/random is not robust
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityA pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and Halevi (BH). This model ...
A note on Yao's theorem about pseudo-random generators
Yao's theorem gives an equivalence between the indistinguishability of a pseudo-random generator and the unpredictability of the next bit from an asymptotic point of view. In this paper we present with detailed proofs, modified versions of Yao's theorem ...
Pseudo Random Bit Generation Using Arithematic Progression
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication TechnologiesIn our day-today life, we performs a lot of tasks that involves direct or indirect use of random numbers e.g. Games, lotteries, simulations and most important cryptography and data communication security. Although, the field of pseudo random number ...






Comments