sign in sign up
<<
Home , Random number generation

CSS441

Random Numbers

Principles

PRNGs

PRNG+Block Pseudo-Random Numbers and Stream Stream Ciphers RC4

CSS441: Security and

Sirindhorn International Institute of Technology Thammasat University

Prepared by Steven Gordon on 20 December 2015 css441y15s2l05, Steve/Courses/2015/s2/css441/lectures/pseudo-random-numbers-and-stream-ciphers.tex, r4295

1/24 CSS441 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

2/24 CSS441 Random Numbers Random Numbers

Principles Use of Random Numbers PRNGs distribution and authentication schemes PRNG+Block I Stream Ciphers I Generation of session keys or keys for RSA RC4 I Generation of bit stream for stream ciphers

Randomness

I Uniform distribution: frequency of occurrence of 1’s and 0’s approximately equal

I Independence: no sub-sequence can be inferred from others

Unpredictability

I Hard to predict next value in sequence

3/24 CSS441 TRNG, PRNG and PRF Random Numbers

Principles True Random Number Generator PRNGs I Non-deterministic source, physical environment PRNG+Block

Stream Ciphers I Detect ionizing radiation events, leaky capacitors,

RC4 thermal from resistors or audio inputs

I Mouse/keyboard activity, I/O operations, interrupts

I Inconvenient, small number of values

Pseudo Random Number Generator

I Deterministic to calculate numbers in “relatively random” sequence

I Seed is input

I Produces continuous stream of random bits

Pseudo Random Function

4/24 I Same as PRNG but produces string of bits of some fixed length CSS441 Random and Pseudo-Random Number Random Numbers Generators Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

5/24 CSS441 Requirements of PRNG Random Numbers Hard to determine pseudo-random stream if don’t know Principles

PRNGs (but know algorithm)

PRNG+Block I

Stream Ciphers I Test for uniformity, scalability, consistency RC4 I Examples: Frequency, runs, compressability I Unpredictability

I Forward and backward unpredictability I Seed must be secure

I Use TRNG to generate seed

6/24 CSS441 Generation of Seed Input to PRNG Random Numbers

Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

7/24 CSS441 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

8/24 CSS441 Linear Congruential Generator Random Numbers Parameters: Principles PRNGs I m, the modulus, m > 0

PRNG+Block I a, the multiplier, 0 < a < m Stream Ciphers I c, the increment, 0 ≤ c < m RC4 I X0, the seed, 0 ≤ X0 < m

Generate sequence of pseudo-random numbers, {Xn}:

Xn+1 = (aXn + c) mod m

Choice of a, c and m is important: 31 I m should be large, prime, e.g. 2 − 1 5 I If c=0, few good values of a, e.g. 7 = 16807 If attacker knows parameters and one number, can easily determine subsequent numbers

9/24 CSS441 Blum Blum Shub Generator Random Numbers Parameters: Principles PRNGs I p, : large prime numbers such that p ≡ q ≡ 3 (mod 4)

PRNG+Block I n = p × q Stream Ciphers I s, random number relatively prime to n RC4 Generate sequence of bits, Bi :

2 X0 = s mod n for i = 1 → ∞ 2 Xi = (Xi−1) mod n

Bi = Xi mod 2

Cryptographically secure pseudo-random bit generator

10/24 CSS441 Example Operation of BBS Generator Random Numbers n = 192649 = 383 × 503, s = 101355 Principles

PRNGs

PRNG+Block i Xi Bi i Xi Bi Stream Ciphers 0 20749 11 137922 0 RC4 1 143135 1 12 123175 1 2 177671 1 13 8630 0 3 97048 0 14 114386 0 4 89992 0 15 14863 1 5 174051 1 16 133015 1 6 80649 1 17 106065 1 7 45663 1 18 45870 0 8 69442 0 19 137171 1 9 186894 0 20 48060 0 10 177046 0

11/24 CSS441 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

12/24 CSS441 PRNG Mechanisms Based on Block Ciphers Random Numbers Use symmetric block ciphers (e.g. AES, DES) to produce Principles

PRNGs pseudo-random bits

PRNG+Block I Seed is key, K, and value V (which is

Stream Ciphers updated)

RC4

OFB Mode

13/24 Counter Mode CSS441 ANSI X9.17 PRNG Random Numbers Cryptographically secure PRNG using Triple DES Principles

PRNGs Parameters: PRNG+Block I 64-bit date/time representation, DTi Stream Ciphers I 64-bit seed value, Vi RC4 I Pair of 56-bit DES keys, K1 and K2 Operation:

I Uses Triple DES three times

I (see next slide) Output:

I 64-bit pseudo-random number, Ri

I 64-bit seed value, Vi+1

14/24 CSS441 ANSI X9.17 PRNG Random Numbers

Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

15/24 CSS441 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

16/24 CSS441 Stream Ciphers Random Numbers Encrypt one byte at a time by XOR with pseudo-random byte Principles

PRNGs

PRNG+Block

Stream Ciphers

RC4

Output of generator is called

17/24 CSS441 Design Criteria for Stream Ciphers Random Numbers

Principles Important Considerations PRNGs

PRNG+Block I Encryption sequence should have large period

Stream Ciphers I Keystream should approximate true random number RC4 stream

I Key must withstand brute force attacks

Comparison to Block Ciphers

I Stream ciphers often simpler to implement, faster

I Block ciphers can re-use keys

18/24 CSS441 Contents Random Numbers

Principles PRNGs Principles of Pseudo-Random Number Generation PRNG+Block

Stream Ciphers RC4 Pseudo-Random Number Generators

PRNGs using Block Ciphers

Stream Ciphers

RC4

19/24 CSS441 RC4 Random Numbers Designed by Ron Rivest in 1987 Principles I PRNGs I Used in secure web browsing and wireless LANs

PRNG+Block I Very simple and efficient implementation Stream Ciphers I Can use variable size key: 8 to 2048 bits RC4 I Several theoretical limitations of RC4

I No known attacks if use 128-bit key and discard initial values of stream I RC4 is used in WEP (shown to be weak security for wireless LANs)—problem with how keys are used, not RC4 algorithm

20/24 CSS441 RC4 Algorithm Random Numbers

Principles Parameters and Variables PRNGs Variable length key, K, from 1 to 256 Bytes PRNG+Block I Stream Ciphers I State vector, S, 256 Bytes RC4 I Temporary vector, T , 256 Bytes

I A byte from keystream, k, generated from S

Steps 1. Initialise S to values 0 to 255; initialise T with repeating values of key, K 2. Use T to create initial permutation of S 3. Permutate S and generate keystream, k from S 4. Encrypt a byte of plaintext, p, by XOR with k

21/24 CSS441 Initial State of S and T Random Numbers

Principles for i = 0 to 255 do

PRNGs S[i] = i; T[i] = K[i mod keylen]; PRNG+Block

Stream Ciphers

RC4

22/24 CSS441 Initial Permutation of S Random Numbers

Principles j = 0;

PRNGs for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; PRNG+Block Swap (S[i], S[j]); Stream Ciphers

RC4

23/24 CSS441 Stream Generation Random Numbers

Principles i, j = 0;

PRNGs while (true) i = (i + 1) mod 256; PRNG+Block j = (J + S[i]) mod 256; Stream Ciphers Swap (S[i], S[j]); RC4 t = (S[i] + S[j]) mod 256; k = S[t];

To encrypt: C = p XOR k To decrypt: p = C XOR k

24/24