sign in sign up
<<
Home , Random number generation

CSS322

Random Numbers

Principles

PRNGs

PRNG+Block Pseudo-Random Numbers and Stream Stream Ciphers RC4

CSS322: Security and

Sirindhorn International Institute of Technology Thammasat University

Prepared by Steven Gordon on 28 October 2013 css322y13s2l05, Steve/Courses/2013/s2/css322/lectures/random.tex, r2965

1 CSS322 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

2 CSS322 Random Numbers Random Numbers

Principles Use of Random Numbers PRNGs I distribution and authentication schemes PRNG+Block Stream Ciphers I Generation of session keys or keys for RSA

RC4 I Generation of bit stream for stream ciphers

Randomness

I Uniform distribution: frequency of occurrence of 1’s and 0’s approximately equal

I Independence: no sub-sequence can be inferred from others

Unpredictability

I Hard to predict next value in sequence

3 CSS322 TRNG, PRNG and PRF Random Numbers

Principles True Random Number Generator

PRNGs I Non-deterministic source, physical environment PRNG+Block

Stream Ciphers I Detect ionizing radiation events, leaky capacitors,

RC4 thermal from resistors or audio inputs

I Mouse/keyboard activity, I/O operations, interrupts

I Inconvenient, small number of values

Pseudo Random Number Generator

I Deterministic to calculate numbers in “relatively random” sequence

I Seed is input

I Produces continuous stream of random bits

Pseudo Random Function

I Same as PRNG but produces string of bits of some 4 fixed length CSS322 Random and Pseudo-Random Number Random Numbers Generators Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

5 CSS322 Requirements of PRNG Random Numbers Hard to determine pseudo-random stream if don’t know Principles

PRNGs (but know algorithm)

PRNG+Block I

Stream Ciphers I Test for uniformity, scalability, consistency RC4 I Examples: Frequency, runs, compressability I Unpredictability

I Forward and backward unpredictability I Seed must be secure

I Use TRNG to generate seed

6 CSS322 Generation of Seed Input to PRNG Random Numbers

Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

7 CSS322 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

8 CSS322 Linear Congruential Generator Random Numbers Parameters: Principles

PRNGs I m, the modulus, m > 0

PRNG+Block I a, the multiplier, 0 < a < m Stream Ciphers I c, the increment, 0 ≤ c < m RC4 I X0, the seed, 0 ≤ X0 < m

Generate sequence of pseudo-random numbers, {Xn}:

Xn+1 = (aXn + c) mod m

Choice of a, c and m is important: 31 I m should be large, prime, e.g. 2 − 1 5 I If c=0, few good values of a, e.g. 7 = 16807 If attacker knows parameters and one number, can easily determine subsequent numbers

9 CSS322 Blum Blum Shub Generator Random Numbers Parameters: Principles

PRNGs I p, : large prime numbers such that p ≡ q ≡ 3 (mod 4)

PRNG+Block I n = p × q Stream Ciphers I s, random number relatively prime to n RC4 Generate sequence of bits, Bi :

2 X0 = s mod n for i = 1 → ∞ 2 Xi = (Xi−1) mod n

Bi = Xi mod 2

Cryptographically secure pseudo-random bit generator

10 CSS322 Example Operation of BBS Generator Random Numbers n = 192649 = 383 × 503, s = 101355 Principles

PRNGs

PRNG+Block i Xi Bi i Xi Bi Stream Ciphers 0 20749 11 137922 0 RC4 1 143135 1 12 123175 1 2 177671 1 13 8630 0 3 97048 0 14 114386 0 4 89992 0 15 14863 1 5 174051 1 16 133015 1 6 80649 1 17 106065 1 7 45663 1 18 45870 0 8 69442 0 19 137171 1 9 186894 0 20 48060 0 10 177046 0

11 CSS322 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

12 CSS322 PRNG Mechanisms Based on Block Ciphers Random Numbers Use symmetric block ciphers (e.g. AES, DES) to produce Principles

PRNGs pseudo-random bits

PRNG+Block I Seed is key, K, and value V (which is

Stream Ciphers updated)

RC4

OFB Mode

Counter Mode 13 CSS322 ANSI X9.17 PRNG Random Numbers Cryptographically secure PRNG using Triple DES Principles

PRNGs Parameters: PRNG+Block I 64-bit date/time representation, DTi Stream Ciphers I 64-bit seed value, Vi RC4 I Pair of 56-bit DES keys, K1 and K2 Operation:

I Uses Triple DES three times

I (see next slide) Output:

I 64-bit pseudo-random number, Ri

I 64-bit seed value, Vi+1

14 CSS322 ANSI X9.17 PRNG Random Numbers

Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

15 CSS322 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

16 CSS322 Stream Ciphers Random Numbers Encrypt one byte at a time by XOR with pseudo-random byte Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

Output of generator is called

17 CSS322 Design Criteria for Stream Ciphers Random Numbers

Principles Important Considerations PRNGs

PRNG+Block I Encryption sequence should have large period Stream Ciphers I Keystream should approximate true random number RC4 stream

I Key must withstand brute force attacks

Comparison to Block Ciphers

I Stream ciphers often simpler to implement, faster

I Block ciphers can re-use keys

18 CSS322 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

19 CSS322 RC4 Random Numbers I Designed by Ron Rivest in 1987 Principles

PRNGs I Used in secure web browsing and wireless LANs

PRNG+Block I Very simple and efficient implementation Stream Ciphers I Can use variable size key: 8 to 2048 bits RC4 I Several theoretical limitations of RC4

I No known attacks if use 128-bit key and discard initial values of stream I RC4 is used in WEP (shown to be weak security for wireless LANs)—problem with how keys are used, not RC4 algorithm

20 CSS322 RC4 Algorithm Random Numbers

Principles Parameters and Variables PRNGs I Variable length key, K, from 1 to 256 Bytes PRNG+Block Stream Ciphers I State vector, S, 256 Bytes

RC4 I Temporary vector, T , 256 Bytes

I A byte from keystream, k, generated from S

Steps 1. Initialise S to values 0 to 255; initialise T with repeating values of key, K 2. Use T to create initial permutation of S 3. Permutate S and generate keystream, k from S 4. Encrypt a byte of plaintext, p, by XOR with k

21 CSS322 Initial State of S and T Random Numbers

Principles for i = 0 to 255 do

PRNGs S[i] = i; T[i] = K[i mod keylen]; PRNG+Block

Stream Ciphers

RC4

22 CSS322 Initial Permutation of S Random Numbers

Principles j = 0;

PRNGs for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; PRNG+Block Swap (S[i], S[j]); Stream Ciphers

RC4

23 CSS322 Stream Generation Random Numbers

Principles i, j = 0;

PRNGs while (true) i = (i + 1) mod 256; PRNG+Block j = (J + S[i]) mod 256; Stream Ciphers Swap (S[i], S[j]); RC4 t = (S[i] + S[j]) mod 256; k = S[t];

To encrypt: C = p XOR k To decrypt: p = C XOR k

24