Download Pseudo-random Bit Generator Desired Properties Desired

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts
no text concepts found
Transcript 
Pseudo-random Bit Generator
Cryptography and Network Security
Pseudo-random Number
?
Several applications
? Key
generation
encryption algorithms, or one-time pad
? Some
?
Let l>k be integers
f: Z2 k? Z2 l computable in poly-time
f called (k,l)-pseudo-random bit generator
? The input s0? Z2 k is called the seed
? Output f(s0 ) is called the pseudo-random string
Xiang-Yang Li
? Function
? Then
?
CS595-Cryptography and Network Security
CS595-Cryptography and Network Security
Desired Properties
Desired Properties
Three important properties:
?
?
Unbiased (uniform distribution):
?A
? All
values of whatever sample size is collected are
equiprobable
?
?A
Unpredictable (independence):
?
Unreproducible:
?
mean it's unpredictable
rarely they mean it's all threes
CS595-Cryptography and Network Security
More Properties
Security
generator should be of long period
Fast computation
generator should be reasonably fast
Security
? The
? Very
CS595-Cryptography and Network Security
Long period
? The
usually mean it's irreproducible
"cryptographically strong" PRNG
? they
Two of the same generators, given the same starting
conditions, will produce different outputs.
? The
?
?A
mean it is unbiased.
"true" PRNG
? they
all the previous outputs, but not the internal "hidden" state.
?
"good" pseudo-random number generator
? they
? It is impossible to predict what the next output will be, given
?
Usually when a person says
?
A pseudo-random generator is secure
? If
there is no polynomial-time algorithm that on
the first m output-sequences can predict the
m+1 th bit with probability greater than 0.5
? It is also called the next-bit test
generator should be secure
is security level of PRNG?
? What
CS595-Cryptography and Network Security
CS595-Cryptography and Network Security
1
Linear Congruential Generator
?
Protocol
?
Not all a, b are good and m should be large
For example, m is a large prime number
For fast computation, usually m=2 31-1
?
For this m, there are less than 100 integers a
?
? Let
M be an integer and a, b less than M
? Let k be number of bits of M
? Integer l is between k+1 and M-1
? Let s0 be a seed less than M
? Define si=asi-1 +b mod M
? Then the ith random bit is si mod 2
? It is not proved to be secure
?
Parameter Setting
?
?
?
?
?
It generates all numbers less than m
The generated sequences appear to be random
One such a=7 5=16807
?
Used in IBM 360 family of computers
CS595-Cryptography and Network Security
CS595-Cryptography and Network Security
RSA Generator
BBS Generator
Protocol
?
? Let
p, q be two k/2 bits primes and define n=pq
? Integer b: gcd(b, ? (n))=1
? Public: n, b; Private p,q
? A seed s0 with k bits
? Sequence si+1 =sib mod n
? Then the ith random bit is si mod 2
? It is proved to be secure!
?
And b is set to 0 often
Blum-Blum-Shub Generator
?
Let p, q be two k/2 bits primes and define n=pq
?
Here p=q=3 mod 4
Let QR(n) be all quadratic residues modulo n
?
?
?
Public: n; Private p,q
A seed s 0 with k bits from QR(n)
?
Sequence s i+1=s i 2 mod n
Then the ith random bit is si mod 2
?
It is proved to be secure!
?
CS595-Cryptography and Network Security
CS595-Cryptography and Network Security
Discrete Logarithm Generator
DES Based Generator
Protocol
? Let
?
p be a k-bit prime,
? be primitive element modulo p
? A seed s0 is any non-zero integer less than p
? Let
? Define si+1 = ? s i mod p
? Then the ith random bit is
? 1 if s i
is larger than p/2
? 0 if s i
is less than p/2
CS595-Cryptography and Network Security
ANSI X9.17 PRNG (used by PGP,..)
? Inputs: two pseudo-random
inputs
? one
is a 64-bit representation of date and time
? The other is 64-bit seed values
? Keys:
three 3DES encryptions using same keys
? Output:
?a
64-bit pseudorandom number and
64-bit seed value for next -round use
?A
CS595-Cryptography and Network Security
2
ANSI X9.17
K 1,K 2
DT
EDE
EDE
Si+1
Si
EDE
Ri
CS595-Cryptography and Network Security
3
Related documents
MAS144 – Computational Mathematics and Statistics A (Statistics)
MAS144 – Computational Mathematics and Statistics A (Statistics)
Chapter 8: Random-Variant Generation
Chapter 8: Random-Variant Generation
dc generators - ElkEngineers
dc generators - ElkEngineers
Pseudo-Random Numbers
Pseudo-Random Numbers
Random Number Generation
Random Number Generation
Chapter 14. More Fortran Elements: Random Number Generators
Chapter 14. More Fortran Elements: Random Number Generators
UNIFORM RANDOM NUMBER GENERATION Chapter 7 (first half)
UNIFORM RANDOM NUMBER GENERATION Chapter 7 (first half)
WindEnergy - 02zeglenneng12
WindEnergy - 02zeglenneng12
Random numbers in simulation
Random numbers in simulation
3 - NUS Physics
3 - NUS Physics
cytoplasm cell wall mitochondria chloroplast vacuole
cytoplasm cell wall mitochondria chloroplast vacuole
M19-Lom-CHD2204 - Powertech Engines Inc
M19-Lom-CHD2204 - Powertech Engines Inc
Uniform pseudo-random number generators
Uniform pseudo-random number generators
Graphics – Class Demo
Graphics – Class Demo
Document
Document
ON THE INITIAL SEED OF THE RANDOM NUMBER GENERATORS
ON THE INITIAL SEED OF THE RANDOM NUMBER GENERATORS
Random Number Generation - Department of Industrial
Random Number Generation - Department of Industrial
Pseudo Random Number Generation and Random Event Validation
Pseudo Random Number Generation and Random Event Validation
Lecture 6: Computational Security 1 Vernam Cipher (1917)
Lecture 6: Computational Security 1 Vernam Cipher (1917)
Pseudorandom_number_generation_QiuliangTang_revision
Pseudorandom_number_generation_QiuliangTang_revision
an algorithm for generating binary pseudo
an algorithm for generating binary pseudo
ISyE 6644 — Fall 2014
ISyE 6644 — Fall 2014