Randomness
bad case
- netscape secure socket layer(SSL)
good case (true random number generators)
- radioactive decay
- thermal noise
- polarization of photons
- timing of movements of a hard disk read/write head
...
🌻PRNGs : Psuedo Random Number Generators
Xn+1=(aXn+b) mod m
-> may look random, but predictable
- automatically create long runs of numbers with good random properties
- but eventually the sequence repeats
- because Xn+1 and Xn is leaner!
⚠️ Linear Complexity should be avoided!__
🌻 CSPRNG : Cryptographically Secure Pseudo Random Number Generators
based on existing cryptographic primitives
- Secure Block Cipher running a Counter
- Random Key + Counter (0, 1, 2, 3, ...)
- Secure Hash running a Counter
- Stream Cipher running a Counter
- Pseudorandom stream + Counter
- Shamir's PRNG
- suggested that RSA could be used as a PRNG, but slow
Cryptographic PRNG
- system use a complexity/number theory approach to PRNG
Standard Examples (practical PRNGs)
- ANSI X9.17
- Financial Inst. Key Management
- FIPS 186-4 Generator
- Digital Signature Standard v.4
- NIST SP800-90A
- Recommendation for Random Number Generator Using Deterministic Random Bit Generators
- ANSI X9.82
🦋 Blum-Micali Generator
🦋 Blum, Blum and Shub (BBS)
-
n = p * q 일때 오른쪽->왼쪽은 어렵고 왼쪽->오른쪽은 쉽다
-
based on difficulty of integer facotization
-
n = pq이고, seed integer 은 s일때
xi=xi−12 mod n
where x0=s2 mod n
-
can directly calculate xi via Euler's Theoerem
xi=(x02imodλ(n)) mod n
where λ(n)=λ(pq)=lcm(p−1,q−1)
-
output
- either the bit parity or the least significant bits of xi
-
ex