Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pseudorandom Bit Generation Artur Gadomski Piero Giammarino Henrik Goldman Massimo Giulio Caterino.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Pseudorandom Bit Generation Artur Gadomski Piero Giammarino Henrik Goldman Massimo Giulio Caterino."— Presentation transcript:

1 Pseudorandom Bit Generation Artur Gadomski Piero Giammarino Henrik Goldman Massimo Giulio Caterino

2 Definitions A random bit generator is a device or algorithm which outputs a sequence of statistically independent and unbiased binary digits. A pseudorandom bit generator(PRBG) is a deterministic algorithm which, given a truly random binary sequence of length k, outputs a binary sequence of length l»k which “appears” to be random. The input to the PRBG is called the seed, while the output of the PRBG is called a pseudorandom bit sequence.

3 Definitions A pseudorandom bit generator is said to pass all polynomial-time statistical tests if no polynomial-time algorithm can correctly distinguish between an output sequence of the generator and a truly random sequence of the same length with probability significantly greater that 1/2. A pseudorandom bit generator is said to pass the next-bit test if there is no polynomial time algorithm which, on input of the first l bits of an output sequences, can predict the l+1 bit of s with probability significantly greater than 1/2

4 Definitions A PRBG that passes the next-bit test is called a cryptographically secure pseudorandom bit generator (CSPRBG)

5 Random bit generation

6 Hardware based generators elapsed time between emission of particles during radioactive decay; thermal noise from a semiconductor diode or resistor; the frequency instability of a free running oscilator; the amount a metal insulator semiconductor capacitor is charged during a fixed period of time; air turbulence within a sealed disk drive which causes random fluctuations in disk drive sector read latency times; sound from a microphone or video input from a camera.

7 Software based generators the system clock; elapsed time between kaystrokes or mouse movement; content of input/output buffers; user/system/hardware/network serial numbers and/or addresses; user input; operating system values such as system load and network statistics.

8 Mixing functions A strong mixing function is one which combines two or more inputs and produces an output where each output bit is a different complex non-linearfunction of all the input bits.

9 Example A trivial example for single bit inputs is the Exclusive Or function. DES is an example of a strong mixing function for multiple bit quantities. Cryptographic hash function such as SHA-1 or MD5. Diffie-Hellman expotential key exchange is another example. If initial values are random, then the shared secret contains the combined randomness of them both, assuming they are uncorelated.

10 De-skewing Suppose in an output sequence the probability of 1 is p. Then lets group the output bits into pairs and lets treat each 01 as 1 and 10 as 0. We discard 00 and 11 pairs. The resulting sequence is both unbiased and uncorelated.

11 Pseudo Random Bit Generators

12 Matematics Model Of PRBG INPUT  X0= seed X i+1 =f(i,X 0,X 1, X 2,X 3,...) i=0,1,2,3,... OUTPUT  X 1 X 2 X 3 X 4... Pseudorandom sequence

13 Pseudorandom Generators -Linear Congruential Generator -J-Bit Output Feedback -Ansi X9.17 -Blum Blum Shub Pseudorandom Bit Generator -RSA Pseudorandom Bit Generator

14 Linear Congruential Generator Nowadays the most used technique for Pseudorandom generator [Lehmer 1951] X 0 =Seed m>0 0≤a<m X i+1 =a∙(X i +b) mod m 0≤b<m

15 Example of LCG a = 7 b = 0 m = 32 X i+1 = 7 X i mod 32 7, 17, 23, 1, 7, 17, 23, … X 0 = 1 period 4 a = 5 b = 0 m = 32 X i+1 = 5 X i mod 32 5, 25, 29, 17, 21, 9, 13, 1, … X 0 = 1 period 8

16 Linear Congruential Generator X i+1 = 7 5 · X i mod 231-1 a= 7 5 b= 0 m=2 31 -1 (Prime number convient for 32 bits) Used for IBM 360[1969]

17 J-Bit Output Feedback

18 ANSI X9.17 Generator Ad-hoc construction which is not proved to be cryptographicly secure, though it should be sufficient for most applications U.S. Federal Information Processing Standard (FIPS) approved method Makes use of 2 key tripple DES algorithm

19 Algorithm Input: s – 64 bit secret seed m – interger (counter) k – 3DES key 1. Get 64 bit representation of computer date/time, D Def: E k is 3DES encryption under key k ^ is XOR 2. Calc I = E k (D) 3. for (i = 0; i < m; i++) { x i = E k (I ^ s); // Calc next 64 bit string s = E k (x i ^ I); // Update seed } 4. Return X i ’s

20 Blum blum shub PRBG 1.Generate p and q:two big blum primes 2.N=p∙q 3.Choose sє[1,n-1] : The Seed 4.X 0 =s 2 (mod n) 5.The sequence is defined as x i =x i-1 2 (mod n) and z i =parity(x i ) 6.The output is z 1,z 2,z 3.....

21 Example Let n=p∙q=7∙19=133 S=100 X 0 =100 2 (mod 133)=25 X 1 =25 2 (mod 133)=93 X 2 =93 2 (mod 133)=42 X 3 =42 2 (mod 133)=16 X 4 =16 2 (mod 133)=123 The OUTPUT:1,0,0,1

22 RSA generator It is a pseudorandom bit generation and is cryptographically secure pseudorandom bit generation under the assumption that factoring a large number n composed of two large prime p and q is intractable!

23 RSA generator Z i ->z i-1 e (mod n) LSB z0z0 zizi xixi i=i+1 p and q ->prime n->p∙q e=integer in [3,Ф(n)[:gcd(e,Ф(n))=1

24 Algorithm 1.Generate p and q 2.n=p∙q 3.Pich a random integer e : 1<e<φ and gcd(e, φ)=1 4.Select a random integer x 0 (the seed) in the interval [1,n-1] 5.For i=1 to l 6.X i = x i-1 e mod n 7.Z i =LSB of x i 8.Return z 1,...,z l

25 RSA generator Z i ->z i-1 e (mod n) C log log n bit less significative z0z0 zizi xixi i=i+1 p and q ->prime n->p∙q e=integer in [3,Ф(n)[:gcd(e,Ф(n))=1

26 Statistical tests

27 Frequency test (monobit test) The purpose of this test is to determine whether the number of 0’s and 1’s in a genrator output sequence are approximately the same, as would be expected for a random sequence.

28 Serial test (two-bit test) The purpose of this test is to determine whether the number of occurrences of 00, 01, 10, and 11 as subsequences of s are approximately the same, as would be expected for a random sequence.

29 Poker test Let’s divide s into k non-overlaping parts each of length m. The poker test determines whether the sequences of length m each appear approximately the same number of times in s, as would be expected for a random sequence. Note that this test is a generalization of the frequency test: setting m= = 1 in the poker test yields the frequency test.

30 Runs test The purpose of the runs test is to determine whether the number of runs (of either zeros or ones) of various lengths in the sequence s is as expected for a random sequence.

31 Autocorrelation test The purpose of this test is to check for correlations between the sequence s and (noncyclic) shifted versions of it.

32 References Handbook Of Applied Cryptography A. Menezes P. van Oorschot S. Vanstone www.cacr.math.uwaterloo.ca/hac www.ietf.org/rfc/rfc1750.txt

33 Thats all folks...

Download ppt "Pseudorandom Bit Generation Artur Gadomski Piero Giammarino Henrik Goldman Massimo Giulio Caterino."

Similar presentations

Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.

Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Generating Random Numbers

Generating Random Numbers
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Session 2: Secret key cryptography – stream ciphers – part 2.

Session 2: Secret key cryptography – stream ciphers – part 2.
Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.

Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Random Numbers. Two Types of Random Numbers 1.True random numbers: True random numbers are generated in non- deterministic ways. They are not predictable.

Random Numbers. Two Types of Random Numbers 1.True random numbers: True random numbers are generated in non- deterministic ways. They are not predictable.
Cryptography and Network Security

Cryptography and Network Security
Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.

Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,

ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,
Simulation.

Simulation.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Random Number Generation

Random Number Generation

Similar presentations

Ads by Google