Cryptographically secure pseudorandom number generator

A cryptographically secure random number generator ( also cryptographically suitable random number generator, or English cryptographically secure pseudo- random number generator ( CSPRNG ) ) is a suitable for cryptology generator for pseudo-random numbers. Such random numbers are used in many areas of cryptology required such as:

  • In the key generation
  • Once used numbers nonces
  • Stream encryption
  • Salt

The quality requirements for the randomness of these numbers are very different. For nonces, it is sufficient to guarantee the uniqueness of the number in the random experiment to create a master key, or even a one- time pads, the requirements on the number are much higher. Thus, a one -time pad is unbreakable in theory only if it was created from natural random numbers.

In principle, the same requirements as for a normal pseudo-random number generator are required for a CSPRNG, except that for the safety of some additional conditions must be met. The sequence of numbers generated by it should be indistinguishable from a true random number sequence for an observer. Moreover, it should not be possible, based on the output of the generator to connect to its internal state even if the exact mode of operation is known.

  • 3.1 FIPS 140
  • 3.2 Maurer 's Universal Test
  • 3.3 Marsaglias Diehard test suite

Nondeterministic CSRNG

Ideally, the creation of random numbers by a non-deterministic entropy is fed. This can for example be a hardware-based random number generator or a hybrid generator. For cryptographic applications, non- deterministic generators should be used, because only these can be guaranteed that they are not reproducible or predictable.

Deterministic CS (P) RNG

In general, the use of a non-deterministic generator is not possible or too slow. In this case one falls back on a deterministic cryptologically secure pseudo- random number generator. Cryptologically secure pseudorandom number generators are based on either a cryptographic primitive, such as a block or stream cipher, or a secure hash function, or mathematically hard problems.

On cryptographic primitives based generators

An encryption or hash - function can be operated in the so-called counter or output feedback mode. This is critical that it is not possible to find out the initial state. To determine the internal state of the generator is then tantamount to break the encryption itself.

The case generated number is cryptologically safe and pseudo-randomly (as far as it guarantees the function used ). Generators that are based on proven features such as AES or SHA -1, there are all the usual statistical tests for randomness.

Based on number theoretic problems Generators

The security of the Blum -Blum- Shub generator is based on the assumption that the factorization of integers is a difficult problem that can not be solved in polynomial time.

Tests for randomness

FIPS 140

In this standard, a test suite for CSPRNG is listed. These 20000 output bits are subjected to various statistical tests:

  • Monobit test
  • Poker test
  • Run Test
  • Long - run test ( a run with > 34 bits falls through )

Maurer 's Universal Test

The idea behind this test is that it is not possible to compress a random number sequence significantly.

Marsaglias Diehard test suite

Extensive test suite, including:

Standards

Many designs of CSPRNGs have been standardized and are documented in:

  • FIPS 186-2 (deprecated)
  • ANSI X9.17 - 1985 Appendix C
  • ANSI X9.31 - 1998 Appendix A.2.4
  • ANSI X9.62 - 1998 Annex A.4
Cryptographic nonce Entropy (information theory) CTR mode Advanced Encryption Standard Time complexity#Polynomial time Wald–Wolfowitz runs test Exponential distribution Urn problem Craps Federal Information Processing Standards American National Standards Institute List of random number generators
205756
de