350 rub
Journal Highly available systems №3 for 2013 г.
Article in number:
On some approaches to the construction of RNG in cryptographic software
Authors:
V.O. Popov - Ph.D. (Phys.-Math.), Scientific Director, Crypto-Pro. E-mail: vpopov@cryptopro.ru
S.V. Smyshlyaev - Ph.D. (Phys.-Math.), Lead Engineer Analyst, Crypto-Pro. E-mail: svs@cryptopro.ru
S.V. Smyshlyaev - Ph.D. (Phys.-Math.), Lead Engineer Analyst, Crypto-Pro. E-mail: svs@cryptopro.ru
Abstract:
In cryptographic software random numbers generators (RNGs) are used for production of keys and cryptographic parameters (initialization vectors etc.). To provide necessary performance software pseudo-random numbers generators (PRNGs) are used.
The proposed construction is based on random automaton with random choice of initial state and random transition function. Random choice of a state and random transition function is chosen using hardware RNG or BioRNG based on mouse and keyboard events and timer events.
One of the most important tasks of improving such PRNGs is the development of the system allowing not to use external entropy sources or human entropy sources.
A problem of construction of RNG in computer systems without hardware RNG and without access to user-generated entropy is considered. Such an RNG is constructed using entropy of time measurement processes in computer systems.
Consider a computer system containing two physically independent counters, CR and CT, such that the time period between ticks of CR is a certain number of orders less than the corresponding period of CT. The main cryptographic assumptions are related to properties of random variable defined as modification of CR in the period of time between certain number of ticks of CT.
We will consider an experiment which consists in taking the following values:
T1, the value of CT; c1, the value of CR; T2, the value of CT; c2, the value of CR.
If T2>T1, then it is natural to think that the value of c1 approximates the value of CR in the moment of the change of CT with best accuracy possible.
We will consider subsequent pairs of such experiments (assuming that in the second experiment values T3, c3, T4, c4 are collected), separated with waiting procedure calls and corresponding 8-tuples s(i)=(T1(i),c1(i),T2(i),c2(i),T3(i),c3(i),T4(i),c4(i)), i=1,2,? These 8-tuples are the source raw data for RNG.
8-tuples s(i) are transformed to scalar values g(i) with a certain deterministic function, after that the values g(i), i=1,2,?,n, are transformed to the output values of RNG: f(i), i=1,2,?,m(n). Random variables g(i) , i=1,2,?,n, must be independent and equally distributed.
The presented statements and the observed experimental data allow to make a conclusion about existence of invincible entropy related to the properties of operation of the system.
The entropy of g(i) consists of entropy of request time and response delay when taking the value of CT and instability of CT with respect of CR assuming separated experiments. Thus the entropy of g(i) is always not less than the entropy of request time and response delay when taking the value of CT, which is confirmed by experiments.
Pages: 24-28
References
- Sidorenko A. Design and analysis of provably secure pseudorandom generators. Ph.D. Thesis. Eindhoven. 2007.
- Barker E., Kelsey J. Recommendation for random number generation using deterministic random bit generators. December 2005. NIST Special Publication (SP) 800-90.
- Hstad, Impagliazzo R., Levin L. A., Luby M. Construction of a pseudo-random generator from any one-way function // SIAM Journal on Computing. 1999. V. 28. P. 1364-1396.
- Jun B., Kocher P. The Intel random number generator. White Paper Prepared for Intel Corporation. Cryptography Research Inc. 1999. http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf.
- Barak B., Shaltiel R., Tromer E. True Random Number Generators Secure in a Changing Environment. In Workshop on Cryptographic Hardware and Embedded Systems (CHES). 2003. LNCS no. 2779. P. 166.
- Gutterman Z., Pinkas B., Reinman T. Analysis of the linux random number generator // In IEEE Symposium on Security and Privacy. Oakland. CA. USA. May 2006.
- Barak B., Impagliazzo R., Wigderson A. Extracting randomness using few independent sources. In Proc. 45th FOCS. 2004. P. 384-393.