Generation of pseudo-random numbers

applications: The generation of random numbers or pseudo-random numbers is widely used in a large number of cryptographic functions.

Requirements: Randomness and unpredictability

1. Randomness has two evaluation criteria: distribution uniformity and independence

A) Distribution uniformity refers to the probability that 0 and 1 appear to be roughly equal

b) independence refers to the sequence in which any subsequence cannot be pushed and exported by other sub-sequences

Unfortunately, there is no reliable way to show that a sequence is independent, only that a sequence is not independent. So it has to be a lot of testing, back and forth many times still good words, let's say that independence is good.

2. Unpredictability means that each number is statistically independent of other numbers and therefore unpredictable. But the real random number sequence is seldom used, and the random number sequence, which appears random, is generated by the algorithm. It is therefore important to note that the attacker cannot deduce the subsequent random number from the previous random number.

TRNG,PRNG , and PRT

　　

The key of true random number generator TRNG is that its input source is very random, it is usually extracted from physical environment, such as keyboard strike time mode, disk electric activity, mouse movement, instantaneous value of system time, etc., this source is often called entropy source .

The pseudo-random number generator PRNG uses the seed as input. The attacker knows that the algorithm and the seed can reproduce the output stream.

The difference between the pseudo-random number function PRF and the PRNG is that the number of bits produced is different,thePRNG produces an unlimited bit stream, and PRT a fixed-length pseudo-random bit string is generated. also PRT usually adds some context as input, except for the seed. There is no essential difference between PRNG and PRT, and the same algorithm can be used.

The PRNG generates a pseudo-random bit stream for stream ciphers, while PRT can be used to generate a symmetric cipher key.

requirements for confidentiality of PRNG and PRT

1. Randomness

A) uniformity

b) Scalability: Any sub-sequence should be tested by randomness

c) Consistency: For all seeds, the resulting sequence and its subsequence should be tested by randomness.

2. Non-predictability

A) forward unpredictability: without knowing the seed, it is impossible to predict the next bit, no matter how many bits are known in the sequence.

b) Back-to-unpredictable: the seed value cannot be inferred from any value produced. That is, there is no correlation between the seed and any value produced by the seed

3, the requirements of the seed

To achieve the unpredictable purpose of the seeds, TRNG are usually used to produce seeds.

reasons for not using TRNG directly

1.TRNG cannot produce random digit stream of arbitrary length

2,TRNG may produce unbalanced two-yuan sequence, the randomization effect is not good, so even a limited number of bits, but also with TRNG to produce seeds to PRT to generate pseudo-random bit strings.

Algorithm design of pseudo-random number generator

　　The PRNG algorithm is broadly divided into two categories

1 . Specially constructed algorithm

These algorithms are specifically designed to generate pseudo-random bitstream, the most important example being RC4

2 . Algorithm based on existing cipher algorithm

Cryptography algorithms play a central role in PRNG, and three kinds of cryptography algorithms are commonly used to generate PRNG

symmetric block cipher , asymmetric password ,Hash function and message authentication code

Linear congruence generator and BBS Generator

1, linear congruence generator

A formula for generating a sequence of random numbers

Xn+1 = (aXn + c) mod m m,a,c,x0∈Z

parameter values need to meet three criteria: the function should produce all the numbers between 0-m before repetition, and the resulting sequence should appear random; the generating function can be conveniently implemented by the computer

The parameters that satisfy the criteria are selected as follows:

M generally take the prime number, and the requirements are very large, for the three-position machine is generally 231-1

A is not a desirable value, when a=75=16807 Meet the above criteria.

The disadvantage of this algorithm is that after the parameters are determined, the pseudo-random sequence is only associated with X0 and is easily cracked. One way to improve this is to generate new sequences with a clock value of m modulo as a new seed for every N number . Another way is to direct the random number plus the clock value and then modulo m .

2,BBS generator ( three designers name first letter collectively )

The resulting process is as follows:

First, select two large prime numbers p and Q, and require p ≡q≡3 (mod 4), so that n = P x Q

Then select a random number s, which requires s and n , and then produces a sequence of bit BI according to the following algorithm

X0 = s2 mod n

For i = 0 to ∞

Xi = (Xi-1) 2 mod n

Bi = Xi mod 2// Every cycle takes the least significant bit

BBS Generator is a universal algorithm for generating security pseudo-random numbers, and it is one of the strongest public proofs of password strength in the specially constructed algorithm, which is called password Security pseudo-random bit generator (CSPRBG).

BBS is called the security pseudo-random bit generator because it can withstand the continuation test. The continuation test refers to the first K -bit of the given sequence , and no valid algorithm can produce a probability of exceeding the k+1 to predict the position. Therefore, for practical applications, this sequence is unpredictable.

the security of BBS is based on the difficulty of factor decomposition of N.

Generation of pseudo-random numbers using grouped ciphers

The working mode with two block ciphers has been widely accepted in the construction of PRNG :CTR mode and OFB mode.

ANSI X9.17 pseudo-random number generator

This pseudo-random number generator is one of the strongest pseudo-random number generators in cryptography, and is applied to financial security and PGP .

It uses 3DES to encrypt and explains the algorithm flow

　　　　

　　　　

DTi: the date / time value at the beginning of the first round of the algorithm, and each round is updated.

Vi: The seed value at the beginning of the first round of the algorithm, and each round is updated.

Ri: The pseudo-random number generated by the first round of the algorithm.

K1,K2: The DES keys used in each phase of the algorithm , each of the various levels .

The algorithm can be described using the following expression:

Ri = EDE ([k1,k2],[vi⊕EDE ([k1,k2],dti)])

vi+1 = EDE ([k1,k2],[ri⊕EDE ([k1,k2],dti)])

The password strength of this method comes from several aspects , including the EDE key and 3 Total of 9 times DES encryption.

Generation of pseudo-random numbers