Paper 2013/441

On Stochastic Security of Java Crypto and NIST DRBG Pseudorandom Sequences

Yongge Wang

Abstract

Cryptographic primitives such as secure hash functions (e.g., SHA1, SHA2, and SHA3) and symmetric key block ciphers (e.g., AES and TDES) have been commonly used to design pseudorandom generators with counter modes (e.g., in Java Crypto Library and in NIST SP800-90A standards). It is assumed that if these primitives are secure then the pseudorandom generators based on these primitives are also secure. However, no systematic research and analysis have been done to support this assumption. Based on complexity theoretic results for pseudorandom sequences, this paper analyzes stochastic properties of long sequences produced by hash function based pseudorandom generators DRBG from NIST SP800-90A and SHA1PRNG from Java Crypto Library. Our results show that none of these sequences satisfy the law of the iterated logarithm (LIL) which holds for polynomial time pseudorandom sequences. Our results also show that if the seeds and counters for pseudorandom generators are not appropriately chosen, then the generated sequences have strongly biased values for LIL-tests and could be distinguished from uniformly chosen sequences with a high probability. Based on these results, appropriate seeding and counter methods are proposed for pseudorandom generator designs. The results in this paper reveal some ``non-random'' behavior of SHA1, SHA2, and of the recently announced SHA3.

Metadata
Available format(s)
-- withdrawn --
Publication info
Published elsewhere. Unknown status
Keywords
pseudorandomness
Contact author(s)
yonwang @ uncc edu
History
2014-07-27: withdrawn
2013-07-18: received
See all versions
Short URL
https://ia.cr/2013/441
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.