The Pseudo Random Number Generation

Published Date: 02 Nov 2017

Dipesh Gupta

School of Computer Applications, Lovely Professional University, Chehru

[email protected]

Abstract---- Random numbers are very useful they are useful for encrypting the data. With the pseudo numbers we can encrypt the plain text to cipher text. With the random number the encryption to data is provided by generating some random numbers. The random numbers are the key for the data which is going to be encrypted.

I. INTRODUCTION

Random numbers are very useful they are useful for encrypting the data. With the pseudo numbers we can encrypt the plain text to cipher text. With the random number the encryption to data is provided by generating some random numbers. The random numbers are the key for the data which is going to be encrypted. Normally the random numbers generation is of the two type Pseudo Random number generation and true random number generation but here we discuss Pseudo random number generation. In the pseudo random number generation the numbers are not the random at which we expect. Basically PRNG is the linear method to make encryption. THE PRNGs are based on the mathematical formulae.e.g assume we are playing game with a Dice and we attempts several attempts hen we throw a dice and we get different numbers every time as like that we got different numbers.

The PRNGs are very efficient way to encrypt the data. With this the numbers are generated in short time and are very effective result.

II. OVERVIEW

With the Efficient term it means if u need numbers periodically the PRNGs repeat the numbers periodically. Pseudo random number are the algorithm that create long run of numbers with random properties.

The string values are generated by a fixed number known as the seed.

Xn+1= (aXn+b)modn.

The above formula can produce maximum modulus m values.

III.NIST

According to Author Andrew Rukhin Mark, Vangel, Elaine, Baker Limes Smid, Donna Dodson and Lwarance Bassham provides cooments on paper.

According to authors the random number generators are the important link in the computer security. With their paper they propose that the new metrics which were investigated to randomness of cryptography. They describe the source for statistical test as per their evaluation techniques.

The NIST Statistical Tests

Though much attention could be given in fully describing each of the statistical tests, we will focus strictly on the types of defects that this battery of statistical tests was designed to detect. Table 1 describes the general characteristics of each of the statistical tests.

Characteristics of the NIST Statistical Tests Statistical Test

Defect Detected

1. Frequency

Too many zeroes or ones.

2. Cumulative Sums

Number of zeros

3. Longest Runs Of Ones

Deviation of the distribution of long runs of ones.

4. Runs

Large (small) total number of runs indicates that the oscillation5 in the bit stream is too fast (too slow).

5. Rank

Deviation of the rank distribution from a corresponding random sequence, due to periodicity .

6. Spectral

Periodic features in the bit stream.

7. Non-overlapping Template Matchings

Too many occurrences of non-periodic templates.

8. Overlapping Template Matchings

Too many occurrences of m-bit runs of ones.

9. Universal Statistical

Compressibility7 (regularity).

10. Random Excursions

Deviation from the distribution of the number of visits of a random walk8 to a certain state.

11. Random Excursion Variant

Deviation from the distribution of the total number of visits (across many random walks) to a certain state.

12. Approximate Entropy

Non-uniform distribution of m-length words. Small values of ApEn(m) imply strong regularity.

13. Serial

Non-uniform distribution of m-length words. Similar to Approximate Entropy.

14. Lempel-Ziv Complexity

More compressed than a truly random sequence.

15. Linear Complexity

Deviation from the distribution of the linear complexity9 for finite length (sub)strings.

New statistical tests need to continuously be developed to gather evidence that RNGs are of high quality. The NIST Statistical Test Suite is applicable to both software and hardware based RNGs. In addition, the usage of statistical testing can be employed to gain assurance in the proper implementation of cryptographic algorithms in software.

IV PSEUDORANDOM NUMBER GENERATION WITH DSS ALGORITHM

The DSS algorithm requires signer to generate the new random numbers with every aspect of signature.

It is already show that random numbers with DSS are generated with the linear equation then the secret key can be quickly m recovered after analyzing with few signatures.

They also confirm that a sequence produced. Recall that the DSS has public parameters p; q; g where p; q are primes, of 512 bits and 160 bits respectively, and g is a generator of an order q subgroup of Z p . The signer has a public key

y = g

x; where x 2 Zq. To sign a message m 2 Zq, the signer picks at random a number k 2 f1; : : : ; q 1g and computes a signature (r; s), where r = (g k mod p) mod q and s = (xr + m)k 1 mod q.

Here the \nonce" k is chosen at random, anew for each message. In practice, a sequence of 3 nonces will be produced by a generator G which, given some initial seed k0, produces a sequence of values k1; k2::::: ki will be the nonce for the i-th signature.

The adversary (cryptanalyst) sees the public key y, and triples (mi; ri; si) where (ri; si) is a signature of mi. Notice that the secrecy of the nonces is crucial. If ever a single nonce ki is revealed to the adversary, then the latter can recover the secret key x, because x = (siki ô€€€ mi)r 1

i mod q. However, the nonces appear to be very well protected, making it hard to exploit any such weakness. The cryptanalyst only sees ri = (g ki mod p) mod q from which he cannot recover ki short of computing discrete logarithms, and in fact not even then, due to the second mod operation. So even if G is a predictable generator, meaning, say, that given k1; k2 we can nd k3, there is no a priori reason to think DSS is vulnerable with this generator, because how can the cryptanalyst ever get to know k1; k2 anyway?

This might encourage a user to think that even a weak (predictable) generator is OK for DSS. This view would be wrong. We indicate that in fact DSS is vulnerable, because without a sufficiently good pseudorandom number generation process, the \masking" of the nonce provided by the algorithm is not sucient to protect the nonces, even though recovering them seems a priori to require solving the discrete logarithm problem. In fact we prove a quite general lemma showing why this masking is essentially in active for pretty much any pseudorandom generator, and show specially how to recover the keys when the generator is an LCG or truncated LCG. Thus one should not succumb to the temptation of using a weak generator for DSS.

ZIGGURAT ALGORITHM

The ziggurat algorithm is an algorithm for pseudo-random number sampling. Belonging to the class of rejection sampling algorithms, it relies on an underlying source of uniformly-distributed random numbers, typically from a pseudo-random number generator, as well as precomputed tables. The algorithm is used to generate values from a monotone decreasing probability distribution. It can also be applied to symmetric unimodal distributions, such as the normal distribution, by choosing a value from one half of the distribution and then randomly choosing which half the value is considered to have been drawn from. It randomly generates a point in a distribution slightly larger than the desired distribution, then tests whether the generated point is inside the desired distribution. If not, it tries again. Given a random point underneath a probability distribution curve, its x coordinate is a random number with the desired distribution.

The distribution the ziggurat algorithm chooses from is made up of n equal-area regions; n − 1 rectangles that cover the bulk of the desired distribution, on top of a non-rectangular base that includes the tail of the distribution.

Given a monotone decreasing probability distribution function f(x), defined for all x≥0, the base of the ziggurat is defined as all points inside the distribution and below y1 = f(x1). This consists of a rectangular region from (0, 0) to (x1, y1), and the (typically infinite) tail of the distribution, where x > x1 (and y < y1).

This layer (call it layer 0) has area A. On top of this, add a rectangular layer of width x1 and height A/x1, so it also has area A. The top of this layer is at height y2 = y1 + A/x1, and intersects the distribution function at a point (x2, y2), where y2 = f(x2). This layer includes every point in the distribution function between y1 and y2, but (unlike the base layer) also includes points such as (x1, y2) which are not in the desired distribution.

Further layers are then stacked on top. To use a precompiled table of size n (n = 256 is typical), one chooses x1 such that xn=0, meaning that the top box, layer n−1, reaches the distribution's peak at (0, f(0)) exactly.

Layer i extends vertically from yi to yi+1, and can be divided into two regions horizontally: the (generally larger) portion from 0 to xi+1 which is entirely contained within the desired distribution, and the (small) portion from xi+1 to xi, which is only partially contained.

Ignoring for a moment the problem of layer 0, and given uniform random variables U0 and U1 ∈ [0,1), the ziggurat algorithm can be described as:

Choose a random layer 0 ≤ i < n.

Let x = U0xi.

If x < xi+1, return x.

Let y = yi + U1(yi+1−yi).

Compute f(x). If y < f(x), return x.

Otherwise, choose new random numbers and go back to step 1.

Step 1 amounts to choosing a low-resolution y coordinate. Step 3 tests if the x coordinate is clearly within the desired distribution function without knowing more about the y coordinate. If it is not, step 4 chooses a high-resolution y coordinate and step 5 does the rejection test.

With closely spaced layers, the algorithm terminates at step 3 a very large fraction of the time. Note that for the top layer n−1, however, this test always fails, because xn = 0.

V. BLOCK CIPHER BASED PSEUDO RANDOM NUMBER GENERATION

According to author Christophe Petit, François-Xavier Standaert, Olivier Pereira, Tal G. Malkin, and Moti Yung.

The block cipher bases pseudorandom number generation is in the black box and physical world. The author shows that construction is secure in pseudorandom number generation and the success rate of the adversary does not increase the number of physical observations They analyses that under common assumption on channel side increasing he the security parameter by a polynomial factor increase the side channel attack.

A pseudorandom generator is a deterministic algorithm G that maps elements of a domain K on elements of a larger domain ^K with the property that it is hard to distinguish

The uniform distribution on ^K from the distribution on ^K defined as the image through G of the uniform distribution on K.

Our analysis is based on a hybrid approach, considering the black box computational security and the physical security (modelled by the notion of side-channel key recovery) separately. Our construction allows bounding the success rate of side-channel adversaries when a divide-and-conquer strategy is used to target specific parts of the key. As a result, we obtain that the physical security against side-channel ad versary can be increased exponentially, by polynomially increasing the PRNG security parameter, making the probability of a successful attack a negligible function. We believe this analysis technique is not specific to our construction but could be re-used on schemes where the analyzed leakages are associated to rekeying through a XOR operation.

V. CRYPTANALYTIC ATTACKS ON PSEUDORANDOM NUMBER GENERATORS

PRNGs: In this the concept use is real-world secures machines to generate encrypted data (cryptographic keys), initialization vectors, random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of the model (and our attacks) to four real-world PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions.

Application Results

1. A PRNG is its own kind of cryptographic primitive, which has not so far been examined in the literature. In particular, there doesn't seem to be any idea spread understanding of the possible attacks on PRNGs, or of the limitations on the uses of different PRNG designs. A better understanding of these primitives will make it easier to

2. A PRNG is a single point of failure for many real-world cryptosystems. An attack on the PRNG can make irrelevant the careful selection of good algorithms and protocols.

3. Many systems use badly-designed PRNGs, or use them in ways that make various attacks easier than they need be. We are aware of very little in the literature to help system designers choose and use these PRNGs wisely.

4. We present results on real-world PRNGs, which may have implications for the security of added cryptographic systems.

CONCLUSION

Psedurandom number generator is an algorithm for generating sequence of numbers that satisfies the properties of random numbers. It is also known as ‘Deterministic random bit generator’. It is evaluated with a relatively small set of initial values called ‘PRNG’s state’ which includes a random seed (initial value to start generating random numbers). They are very fast in their speed to generate random numbers & therefore they are in practice in applications such as ‘Simulations’, ‘Cryptography’ & ‘Procedural generation’. Some classes of algorithms are used to generate random numbers, one of the most widely used is ‘Linear Congruential Generator’.