Pseudorandom Bit Generation - PowerPoint PPT Presentation

About This Presentation
Title:

Pseudorandom Bit Generation

Description:

elapsed time between emission of particles during radioactive decay; ... elapsed time between kaystrokes or mouse movement; content of input/output buffers; ... – PowerPoint PPT presentation

Number of Views:288
Avg rating:3.0/5.0
Slides: 34
Provided by: Giamm
Category:

less

Transcript and Presenter's Notes

Title: Pseudorandom Bit Generation


1
Pseudorandom Bit Generation
  • Artur Gadomski
  • Piero Giammarino
  • Henrik Goldman
  • Massimo Giulio Caterino

2
Definitions
  • A random bit generator is a device or algorithm
    which outputs a sequence of statistically
    independent and unbiased binary digits.
  • A pseudorandom bit generator(PRBG) is a
    deterministic algorithm which, given a truly
    random binary sequence of length k, outputs a
    binary sequence of length lk which appears to
    be random. The input to the PRBG is called the
    seed, while the output of the PRBG is called a
    pseudorandom bit sequence.

3
Definitions
  • A pseudorandom bit generator is said to pass all
    polynomial-time statistical tests if no
    polynomial-time algorithm can correctly
    distinguish between an output sequence of the
    generator and a truly random sequence of the same
    length with probability significantly greater
    that 1/2.
  • A pseudorandom bit generator is said to pass the
    next-bit test if there is no polynomial time
    algorithm which, on input of the first l bits of
    an output sequences, can predict the l1 bit of s
    with probability significantly greater than 1/2

4
Definitions
  • A PRBG that passes the next-bit test is called a
    cryptographically secure pseudorandom bit
    generator (CSPRBG)

5
Random bit generation
6
Hardware based generators
  • elapsed time between emission of particles during
    radioactive decay
  • thermal noise from a semiconductor diode or
    resistor
  • the frequency instability of a free running
    oscilator
  • the amount a metal insulator semiconductor
    capacitor is charged during a fixed period of
    time
  • air turbulence within a sealed disk drive which
    causes random fluctuations in disk drive sector
    read latency times
  • sound from a microphone or video input from a
    camera.

7
Software based generators
  • the system clock
  • elapsed time between kaystrokes or mouse
    movement
  • content of input/output buffers
  • user/system/hardware/network serial numbers
    and/or addresses
  • user input
  • operating system values such as system load and
    network statistics.

8
Mixing functions
  • A strong mixing function is one which combines
    two or more inputs and produces an output where
    each output bit is a different complex
    non-linearfunction of all the input bits.

9
Example
  • A trivial example for single bit inputs is the
    Exclusive Or function.
  • DES is an example of a strong mixing function for
    multiple bit quantities.
  • Cryptographic hash function such as SHA-1 or MD5.
  • Diffie-Hellman expotential key exchange is
    another example. If initial values are random,
    then the shared secret contains the combined
    randomness of them both, assuming they are
    uncorelated.

10
De-skewing
  • Suppose in an output sequence the probability of
    1 is p. Then lets group the output bits into
    pairs and lets treat each 01 as 1 and 10 as 0. We
    discard 00 and 11 pairs. The resulting sequence
    is both unbiased and uncorelated.

11
Pseudo Random Bit Generators
12
Matematics Model Of PRBG
  • INPUT?X0 seed
  • Xi1f(i,X0,X1,X2,X3,...) i0,1,2,3,...
  • OUTPUT? X1 X2 X3 X4 ... Pseudorandom sequence

13
Pseudorandom Generators
  • Linear Congruential Generator
  • J-Bit Output Feedback
  • Ansi X9.17
  • Blum Blum Shub Pseudorandom Bit Generator
  • RSA Pseudorandom Bit Generator

14
Linear Congruential Generator
  • Nowadays the most used technique for
  • Pseudorandom generator
  • Lehmer 1951
  • X0Seed
    mgt0

  • 0altm
  • Xi1a(Xib) mod m
    0bltm

15
Example of LCG
  • a 7
  • b 0
  • m 32
  • Xi1 7 Xi mod 32 7, 17, 23, 1, 7,
    17, 23, X0 1
  • period 4
  • a 5
  • b 0
  • m 32
  • Xi1 5 Xi mod 32 5, 25, 29, 17, 21, 9,
    13, 1, X0 1
  • period 8

16
Linear Congruential Generator
  • Xi1 75 Xi mod 231-1
  • a 75
  • b 0
  • m231-1 (Prime number convient for 32 bits)
  • Used for IBM 3601969

17
J-Bit Output Feedback
18
ANSI X9.17 Generator
  • Ad-hoc construction which is not proved to be
    cryptographicly secure,
  • though it should be sufficient for most
    applications
  • U.S. Federal Information Processing Standard
    (FIPS) approved method
  • Makes use of 2 key tripple DES algorithm

19
Algorithm
Def Ek is 3DES encryption under key k is XOR
Input s 64 bit secret seed m interger
(counter) k 3DES key
1. Get 64 bit representation of computer
date/time, D
2. Calc I Ek(D)
3. for (i 0 i lt m i) xi Ek(I s)
// Calc next 64 bit string s Ek(xi I) //
Update seed
4. Return Xis
20
Blum blum shub PRBG
  • Generate p and qtwo big blum primes
  • Npq
  • Choose s?1,n-1 The Seed
  • X0s2(mod n)
  • The sequence is defined as xixi-12(mod n) and
    ziparity(xi)
  • The output is z1,z2,z3.....

21
Example
  • Let npq719133
  • S100
  • X01002(mod 133)25
  • X1252(mod 133)93
  • X2932(mod 133)42
  • X3422(mod 133)16
  • X4162(mod 133)123
  • The OUTPUT1,0,0,1

22
RSA generator
  • It is a pseudorandom bit generation and is
    cryptographically secure pseudorandom bit
    generation under the assumption that factoring a
    large number n composed of two large prime p and
    q is intractable!

23
RSA generator
24
Algorithm
  1. Generate p and q
  2. npq
  3. Pich a random integer e 1lteltf and gcd(e, f)1
  4. Select a random integer x0 (the seed) in the
    interval 1,n-1
  5. For i1 to l
  6. Xi xi-1e mod n
  7. ZiLSB of xi
  8. Return z1,...,zl

25
RSA generator
  • p and q -gtprime
  • n-gtpq
  • einteger in 3,?(n)gcd(e,?(n))1

Z i -gtz i-1 e (mod n)
z0
zi
xi
C log log n bit less significative
ii1
26
Statistical tests
27
Frequency test (monobit test)
  • The purpose of this test is to determine whether
    the number of 0s and 1s in a genrator output
    sequence are approximately the same, as would be
    expected for a random sequence.

28
Serial test (two-bit test)
  • The purpose of this test is to determine whether
    the number of occurrences of 00, 01, 10, and 11
    as subsequences of s are approximately the same,
    as would be expected for a random sequence.

29
Poker test
  • Lets divide s into k non-overlaping parts each
    of length m. The poker test determines whether
    the sequences of length m each appear
    approximately the same number of times in s, as
    would be expected for a random sequence. Note
    that this test is a generalization of the
    frequency test setting m 1 in the poker test
    yields the frequency test.

30
Runs test
  • The purpose of the runs test is to determine
    whether the number of runs (of either zeros or
    ones) of various lengths in the sequence s is as
    expected for a random sequence.

31
Autocorrelation test
  • The purpose of this test is to check for
    correlations between the sequence s and
    (noncyclic) shifted versions of it.

32
References
  • Handbook Of Applied Cryptography
  • A. Menezes
  • P. van Oorschot
  • S. Vanstone
  • www.cacr.math.uwaterloo.ca/hac
  • www.ietf.org/rfc/rfc1750.txt

33
Thats all folks...
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pseudorandom Bit Generation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!