6. Basic Mathmatics for Cryptography - randomness

Yona·2021년 10월 31일
0

🌙 CS_security

목록 보기
12/24

Randomness

bad case

  • netscape secure socket layer(SSL)
    • predictable 하다

good case (true random number generators)

  • radioactive decay
  • thermal noise
  • polarization of photons
  • timing of movements of a hard disk read/write head
    ...

🌻PRNGs : Psuedo Random Number Generators

Xn+1=(aXn+b)X_{n+1} = (aX_n+b) mod mm
-> may look random, but predictable

  • automatically create long runs of numbers with good random properties
  • but eventually the sequence repeats
  • because Xn+1X_{n+1} and XnX_{n} is leaner!

⚠️ Linear Complexity should be avoided!__

  • Xn+1=f(Xn)X_{n+1}=f(X_n) 의 경우 linear 하다

  • 평가방법

    • Berlekamp-Massey Algorithm
      • 이 알고리즘은 minimal polynomial of linearliy recurrent sequence in an arbitary field!
    • Maurer's Universal Test
      • test a sequence or system for strength
      • it should not be possible to significantly compress the output sequence
    • Next bit Test
      • 첫 output의 x bits dms (+1) bit절반 이상이 바뀌어야한다.

🌻 CSPRNG : Cryptographically Secure Pseudo Random Number Generators

based on existing cryptographic primitives

  • Secure Block Cipher running a Counter
    • Random Key + Counter (0, 1, 2, 3, ...)
  • Secure Hash running a Counter
    • Random Key + Counter
  • Stream Cipher running a Counter
    • Pseudorandom stream + Counter
  • Shamir's PRNG
    • suggested that RSA could be used as a PRNG, but slow

Cryptographic PRNG

  • system use a complexity/number theory approach to PRNG

Standard Examples (practical PRNGs)

  • ANSI X9.17
    • Financial Inst. Key Management
  • FIPS 186-4 Generator
    • Digital Signature Standard v.4
  • NIST SP800-90A
    • Recommendation for Random Number Generator Using Deterministic Random Bit Generators
  • ANSI X9.82
    • Dual_EC_DRBG

🦋 Blum-Micali Generator

  • has unconditional security prrof

  • Based on discrete logarithm problem(NP)

    • Xi+1=gXiX_{i+1} = g^{X_i} mod pp
      where p is a prime, g is a primitive root modulo p , and x0x_0 is a seed
  • output of generator is

    • '1' if xix_i is less than (p-1)/2
    • '0' otherwise
  • primitive root modulo

    • gg is primitive root modulo nn if every number a coprime to nn is congruent to a power of gg modulo nn
    • ex) 3 is a primitive root modulo 6

🦋 Blum, Blum and Shub (BBS)

  • n = p * q 일때 오른쪽->왼쪽은 어렵고 왼쪽->오른쪽은 쉽다

  • based on difficulty of integer facotization

  • n = pq이고, seed integer 은 s일때
    xi=xi12x_i=x^2_{i-1} mod nn
    where x0=s2x_0 = s^2 mod nn

  • can directly calculate xix_i via Euler's Theoerem
    xi=(x02imodλ(n))x_i=(x^{2^imod\lambda(n)}_0) mod nn
    where λ(n)=λ(pq)=lcm(p1,q1)\lambda(n)=\lambda(pq)=lcm(p-1, q-1)

  • output

    • either the bit parity or the least significant bits of xix_i
  • ex

profile
Sometimes you win, sometimes you learn 🏃‍♀️

0개의 댓글