Skip to main content
SpringerLink
Log in

Security of Pseudo-Random Number Generators with Input

(Invited Talk)

  • Conference paper
  • First Online:
Book cover Innovative Security Solutions for Information Technology and Communications (SecITC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10543))

Included in the following conference series:

  • 603 Accesses

Abstract

A pseudo-random number generator is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for pseudo-random number generator with input was proposed in 2005 by Barak and Halevi. This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the internal state. We briefly discuss the Barak-Halevi model and its extension proposed in 2013 by Dodis, Pointcheval, Ruhault, Wichs and Vergnaud to include a new security property capturing how a pseudo-random number generator should accumulate the entropy of the input data into the internal state. This property states that a pseudo-random number generator with input should be able to eventually recover from compromise even if the entropy is injected into the system at a very slow pace, and expresses the real-life expected behavior of existing designs. We also outline some variants of this model that were proposed recently.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9.

  2. 2.

    In a similar setting, Koshiba [Kos02] proved that the linear congruential generator can be used to generate randomness in the ElGamal encryption scheme (based on some plausible assumption). Fouque, Tibouchi, and Zapalowicz [FTZ13] analyzed the security of public-key schemes when the secret keys are constructed by concatenating the outputs of a linear congruential generator. Benhamouda, Chevalier, Thillard and Vergnaud [BCTV16] proposed attacks when the RSA prime factors are constructed in this way and against the RSA encryption padding described in PKCS #1 v.1.5 when a linear congruential generator is used to generate random values.

  3. 3.

    Gazi and Tessaro proposed a variant of a construction proposed by Bertoni, Daemen, Peeters and Van Assche in [BDPV10] and proved that it achieves robustness in a variant of the security framework of Dodis et al. in the ideal permutation model.

References

  1. Abdalla, M., Belaïd, S., Pointcheval, D., Ruhault, S., Vergnaud, D.: Robust pseudo-random number generators with input secure against side-channel attacks. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 635–654. Springer, Cham (2015). doi:10.1007/978-3-319-28166-7_31

    Chapter  Google Scholar 

  2. Benhamouda, F., Chevalier, C., Thillard, A., Vergnaud, D.: Easing coppersmith methods using analytic combinatorics: applications to public-key cryptography with weak pseudorandomness. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 36–66. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_3

    Chapter  Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge-based pseudo-random number generators. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 33–47. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_3

    Chapter  Google Scholar 

  4. Bellare, M., Goldwasser, S., Micciancio, D.: “Pseudo-random” number generation within cryptographic algorithms: the DDS case. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 277–291. Springer, Heidelberg (1997). doi:10.1007/BFb0052242

    Chapter  Google Scholar 

  5. Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM CCS 05: 12th Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 203–212, 7–11 November 2005. ACM Press (2005)

    Google Scholar 

  6. Bleichenbacher, D.: On the generation of one-time keys in DL signature schemes. In: Presentation at IEEE P1363 Working Group meeting, November 2000

    Google Scholar 

  7. Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits. In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, 3–5 November 1982, pp. 112–117. IEEE Computer Society Press (1982)

    Google Scholar 

  8. Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13, 850–864 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  9. Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_14

    Chapter  Google Scholar 

  10. Cornejo, M., Ruhault, S.: Characterization of real-life PRNGs under partial state corruption. In: Ahn, G.-J., Yung, M., Li, N. (eds.) ACM CCS 14: 21st Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 1004–1015. ACM Press (2014)

    Google Scholar 

  11. CVE-2008-0166. Common Vulnerabilities and Exposures (2008)

    Google Scholar 

  12. Desai, A., Hevia, A., Yin, Y.L.: A practice-oriented treatment of pseudorandom number generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002). doi:10.1007/3-540-46035-7_24

    Chapter  Google Scholar 

  13. Dodis, Y., Pointcheval, D., Ruhault, S., Vergnaud, D., Wichs, D.: Security analysis of pseudo-random number generators with input: /dev/random is not robust. In: Sadeghi, D., Gligor, V.D., Yung, M. (eds.) ACM CCS 13: 20th Conference on Computer and Communications Security, Berlin, Germany, 4–8 November 2013, pp. 647–658. ACM Press (2013)

    Google Scholar 

  14. Degabriele, J.P., Paterson, K.G., Schuldt, J.C.N., Woodage, J.: Backdoors in pseudorandom number generators: possibility and impossibility results. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 403–432. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53018-4_15

    Chapter  Google Scholar 

  15. Dodis, Y., Shamir, A., Stephens-Davidowitz, N., Wichs, D.: How to eat your entropy and have it too – optimal recovery strategies for compromised RNGs. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 37–54. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44381-1_3

    Chapter  Google Scholar 

  16. Eastlake, D., Scoreder, J., Crocker, S.: RFC 4086 - Randomness Requirements for Security, June 2005

    Google Scholar 

  17. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley, New York (2003)

    MATH  Google Scholar 

  18. Fouque, P.-A., Tibouchi, M., Zapalowicz, J.-C.: Recovering private keys generated with weak PRNGs. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 158–172. Springer, Heidelberg (2013). doi:10.1007/978-3-642-45239-0_10

    Chapter  Google Scholar 

  19. Gaži, P., Tessaro, S.: Provably robust sponge-based PRNGs and KDFs. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 87–116. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_4

    Chapter  Google Scholar 

  20. Gutmann, P.: Software generation of practically strong random numbers. In: Proceedings of the 7th USENIX Security Symposium (1998). http://www.cypherpunks.to/peter/06_random.pdf

  21. Goldberg, I., Wagner, D.: Randomness and the netscape browser. Dr. Dobb’s J. 2(1), 66–70 (1996)

    Google Scholar 

  22. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your PS and QS: detection of widespread weak keys in network devices. In: Kohno, T. (ed.) Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, 8–10 August 2012, pp. 205–220. USENIX Association (2012). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger

  23. Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28, 12–24 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  24. Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  25. Information technology - Security techniques - Random bit generation. ISO/IEC18031:2011 (2011)

    Google Scholar 

  26. Kim, S.H., Han, D., Lee, D.H.: Predictability of android OpenSSL’s pseudo random number generator. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 13: 20th Conference on Computer and Communications Security, Berlin, Germany, 4–8 November 2013, pp. 659–668. ACM Press (2013)

    Google Scholar 

  27. Killmann, W., Schindler, W.: A proposal for: Functionality classes for random number generators. AIS 20/AIS31 (2011)

    Google Scholar 

  28. Koshiba, T.: On sufficient randomness for secure public-key cryptosystems. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 34–47. Springer, Heidelberg (2002). doi:10.1007/3-540-45664-3_3

    Chapter  Google Scholar 

  29. Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000). doi:10.1007/3-540-46513-8_2

    Chapter  Google Scholar 

  30. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic attacks on pseudorandom number generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998). doi:10.1007/3-540-69710-1_12

    Chapter  Google Scholar 

  31. Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 626–642. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_37

    Chapter  Google Scholar 

  32. Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited. Cryptology ePrint Archive, Report 2012/251 (2012). http://eprint.iacr.org/2012/251

  33. De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-Bit ECDSA. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435–452. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_25

    Chapter  Google Scholar 

  34. Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151–176 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  35. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptogr. 30(2), 201–217 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  36. Ruhault, S.: Security analysis for pseudo-random numbers generators. (Analyse de Sécurité des Générateurs Pseudo-Aléatoires). Ph.D. thesis, École Normale Supérieure, Paris, France (2015). https://tel.archives-ouvertes.fr/tel-01236602

  37. Ruhault, S.: Sok: security models for pseudo-random number generators. IACR Trans. Symmetric Cryptol. 2017(1), 506–544 (2017)

    Google Scholar 

  38. Shrimpton, T., Terashima, R.S.: A provable-security analysis of intel’s secure key RNG. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 77–100. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_4

    Google Scholar 

  39. Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, 3–5 November 1982, pp. 80–91. IEEE Computer Society Press (1982)

    Google Scholar 

Download references

Acknowledgments

The author would like to thank his co-authors on this active and interesting research area: Michel Abdalla, Sonia Belaïd, Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault and Daniel Wichs.

Author information

Authors and Affiliations

  1. Département d’informatique de l’ENS, École normale supérieure, CNRS, PSL Research University, 75005, Paris, France

    Damien Vergnaud

Authors
  1. Damien Vergnaud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Damien Vergnaud .

Editor information

Editors and Affiliations

  1. École Normale Supérieure, Paris, France

    Pooya Farshim

  2. Polytechnic University of Bucharest, Bucharest, Romania

    Emil Simion

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vergnaud, D. (2017). Security of Pseudo-Random Number Generators with Input. In: Farshim, P., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2017. Lecture Notes in Computer Science(), vol 10543. Springer, Cham. https://doi.org/10.1007/978-3-319-69284-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69284-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69283-8

  • Online ISBN: 978-3-319-69284-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation