200 likes | 242 Views
Psuedorandom number generators. Key Generation. Pseudo-random generators.
E N D
Psuedorandomnumber generators Key Generation
Pseudo-random generators A true totally random number is not possible to generate from a computer algorithm. It is possible to generate a truly random number using other means including hardware, but not strictly in a software algorithm. So what is used are pseudo random number generators. Pseudo-random number generators (PRNGs) are algorithms that can create long runs of numbers with good random properties but eventually the sequence repeats .
Introduction • Properties of Pseudorandom Numbers • Uncorrelated Sequences - The sequences of random numbers should be serially uncorrelated • Long Period - The generator should be of long period (ideally, the generator should not repeat; practically, the repetition should occur only after the generation of a very large set of random numbers). • Uniformity - The sequence of random numbers should be uniform, and unbiased. That is, equal fractions of random numbers should fall into equal ``areas'' in space. Eg. if random numbers on [0,1) are to be generated, it would be poor practice were more than half to fall into [0, 0.1), presuming the sample size is sufficiently large. • Efficiency - The generator should be efficient. Low overhead for massively parallel computations.
Random Number Generating There are three types of generators • table look-up generators • hardware generators • algorithmic (software) generators The third category is the one most often used in cryptography. It does not produce a truly random number but rather a pseudo random number.
Historical Generator Midsquare method: • Start with an initial seed (e.g. a 4-digit integer). • Square the number. • Take the middle 4 digits. • This value becomes the new seed. Divide the number by 10,000. This becomes the random number. Go to 2.
Midsquare Method, example x0 = 5497 x1: 54972 = 30217009 x1 = 2170, R1 = 0.2170 x2: 21702 = 04708900 x2 = 7089, R2 = 0.7089 x3: 70892 = 50253921 x3 = 2539, R3 = 0.2539 Drawback: Hard to state conditions for picking initial seed that will generate a “good” sequence.
Midsquare Generator, examples “Bad” sequences: • x0 = 5197x1: 51972 = 27008809 x1 = 0088, R1 = 0.0088x2: 00882 = 00007744 x2 = 0077, R2 = 0.0077x3: 00772 = 00005929 x3 = 0059, R3 = 0.0059 • xi = 6500xi+1: 65002=42250000 xi+1=2500, Ri+1= 0.0088xi+2: 25002=06250000 xi+2=2500, Ri+1= 0.0088
Is a given PRNG good enough? • The German Federal Office for Information Security (BSI) has established four criteria for quality of random number generators: • K1 A sequence of random numbers with a low probability of containing identical consecutive elements. • K2 A sequence of numbers which is indistinguishable from 'true random' numbers according to specified statistical tests.. • K3 It should be impossible for any attacker to calculate, or otherwise guess, from any given sub-sequence, any previous or future values in the sequence. • K4 It should be impossible for an attacker to calculate, or guess from an inner state of the generator, any previous numbers in the sequence or any previous inner generator states. • To be suitable for cryptography any PRNG should meet K3 and K4 standards
Mersenne Twister The original is not suitable for cryptographic purposes but permutations of it are. This PRNG was invented by Makoto Matsumoto and Takuji Nishimura. It has a very large period, 219937-1, which is greater than the many other generators.
Linear congruential generator A linear congruential generator is determined by the following four integer values • m the modulus m > 0 • a the multiplier 0 , 0 < a < m • c the increment 0, 0 < c< m • X0the starting value 0, 0 <X0< m The algorithm is Xn + 1 = (aXn + c)mod m Where n>0
Lehmer random number generator This PRNG is named after D. H. Lehmer, sometimes also referred to as the Park–Miller random number generator, after S. K. Park and K. W. Miller. This PRNG is of a class of PRNG’s referred to as twisted generalized feedback shift registers. It is the classic example of a Linear congruential generator.
Lehmer random number generator The basic algorithm is Xi + 1 = (aXi + c) mod m , with 0 ≤ Xi ≤ m X0, a, and c are known as the seed, multiplier, and the increment respectively M is 2p-1 where p is the CPU bits (32 bit, 64 bit, etc.) If we pick small numbers to make the math easy like this For example, consider m = 31, a = 7, c = 0 and begin with X0 = 19. The next integers in the sequence are 9, 1, 7, 18, 2, 14, 5, 4, 28, 10, 8, 25, 20, 16 If the multiplier and seed are chosen properly, a Lehmer generator is statistically indistinguishable from drawing from with replacement. You can see a code implementation of this PRNG at http://www.seas.gwu.edu/~simhaweb/java/lectures/appendix/random.html
Lagged Fibonacci Generator A Lagged Fibonacci generator (LFG) is a type of pseudorandom number generator. If addition is used then it is Additive Lagged Fibonacci Generator or ALFG. If multiplication is used it is a Multiplicative Lagged Fibonacci Generator or MLFG. If the XOR operation is used, it is called a Two-tap generalized feedback shift register or GFS. The basic formula is y = xk + xj + 1 Which could of course be y = xk * xj + 1 (multiplicative lagged fibonacci generator)
Naor-Reingold Pseudorandom Function This was created in 1997 by Moni Naor and Omer Reingold. The mathematics of this function (and other PRNG’s) can be a bit complex to the non mathematician.
Blum BlumShub • Proposed in 1986 by Lenore Blum, Manuel Blum and Michael Shub • Xn+1 = Xn2 Mod M • where M=pq is the product of two large primes p and q. At each step of the algorithm, some output is derived from xn+1; the output is commonly either the bit parity of xn+1 or one or more of the least significant bits of xn+1. • and the output is the least significant bit of or the parity of The main difficulty of predicting BBS's output lies in the intractability of ``quadratic residuosity'' problem , which is: Given a composite number n, find whether x is a perfect square modulo n. It has been proven that this is as hard as cracking the RSA public-key cryptosystem which involves the factoring of a large composite.
Some Tests For Random Number Generators • The basic idea behind the statistical tests is that the rabdom number streams obtained from a generator should have the properties of a random sample drawn from the uniform distribution. • Tests are designed so that the expected value of some test statistic is known for uniform distribution. • The empirically generated random number stream is then subject to the same test, and the statistic obtained is compared against the expected value.
Frequency Test • The focus of the test is the proportion of zeroes and ones for the entire sequence. • Example: • (input) E=1100100100001111110110101010001000100001011010001100001000110100110001001100011001100010100010111000 • (input) n = 100 • (output) P-value = 0.109599 • (conclusion) Since P-value >= 0.01, accept the sequence as random.
Runs Test • A run is an uninterrupted sequence of identical bits. • The focus of this test is the total number of runs in the sequence. • A run of length k consists of exactly k identical bits and is bounded before and after with a bit of the opposite value. • The purpose of the runs test is to determine whether the number of runs of ones and zeros of various lengths is as expected for a random sequence. • Determines whether the oscillation between such zeros and ones is too fast or too slow.
Runs Test • A fast oscillation occurs when there are a lot of changes, e.g., 010101010 oscillates with every bit. • (input) E = 1100100100001111110110101010001000100001011010001100001000110100110001001100011001100010100010111000 • (input) n = 100 • (output) P-value = 0.500798 • (conclusion) Since P-value >= 0.01, accept the sequence as random.