Abstract
Randomness plays an important role in multiple applications in cryptography. It is required in fundamental tasks such as key generation, masking and hiding values, nonces and initialization vectors generation. Pseudo-random number generators have been studied by numerous authors, either to propose clear security notions and associated constructions or to point out potential vulnerabilities. In this systematization of knowledge paper, we present the three notions of generators that have been successively formalized: standard generators, stateful generators and generators with input. For each notion, we present expected security properties, where adversaries have increasing capabilities (including access to partial information on the internal variables) and we propose secure and efficient constructions, all based on the block cipher AES. In our description of generators with input, we revisit the notions of accumulator and extractor and we point out that security crucially relies on the independence between the randomness source and the seeds of the accumulator and the extractor. To illustrate this requirement, we identify a potential vulnerability of the NIST standard CTR_DRBG.
Highlights
1.1 Security NotionsThe first simple notion is for a standard pseudo-random number generator
Barak and Halevi [BH05] proposed a security model for pseudo-random number generators with input that clearly states that the entropy extraction process and the output generation process are completely different in nature, where entropy extraction is information-theoretic and generation is cryptographic
The idea is that the inputs that are accumulated in the internal state of the generator shall be generated by the sampler D, while the inputs that are controlled by the adversary can be correlated and use the second sampler D. They proved that the original construction of [DPR+13] can be extended in this model with the same parameters. In this systematization of knowledge, we presented the main security models that have been formalized to define and assess the security of pseudo-random number generators
Summary
The first simple notion is for a standard pseudo-random number generator (standard PRNG). A second solution to amortize the use of a random seed is to allow the algorithm to continuously collect new inputs in addition to the seed and produce outputs that depend on the previous inputs. This class of algorithm is referred to as a pseudo-random number generator with input. In this situation, the idea is to use the largest amount of possible events from the environment of the generator, gather them together in the internal state S of the generator and produce outputs that are indistinguishable from random. We present an extension related to leakage security, which contrary to memory attacks leads to leakage of sensitive information because measurements can be made during generator operations
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
