Cryptology ePrint Archive: Report 2013/441

On Stochastic Security of Java Crypto and NIST DRBG Pseudorandom Sequences

Yongge Wang

Abstract: Cryptographic primitives such as secure hash functions (e.g., SHA1, SHA2, and SHA3) and symmetric key block ciphers (e.g., AES and TDES) have been commonly used to design pseudorandom generators with counter modes (e.g., in Java Crypto Library and in NIST SP800-90A standards). It is assumed that if these primitives are secure then the pseudorandom generators based on these primitives are also secure. However, no systematic research and analysis have been done to support this assumption. Based on complexity theoretic results for pseudorandom sequences, this paper analyzes stochastic properties of long sequences produced by hash function based pseudorandom generators DRBG from NIST SP800-90A and SHA1PRNG from Java Crypto Library. Our results show that none of these sequences satisfy the law of the iterated logarithm (LIL) which holds for polynomial time pseudorandom sequences. Our results also show that if the seeds and counters for pseudorandom generators are not appropriately chosen, then the generated sequences have strongly biased values for LIL-tests and could be distinguished from uniformly chosen sequences with a high probability. Based on these results, appropriate seeding and counter methods are proposed for pseudorandom generator designs. The results in this paper reveal some ``non-random'' behavior of SHA1, SHA2, and of the recently announced SHA3.

Category / Keywords: pseudorandomness

Date: received 13 Jul 2013, withdrawn 27 Jul 2014

Contact author: yonwang at uncc edu

Available format(s): (-- withdrawn --)

Version: 20140727:120745 (All versions of this report)

Short URL: ia.cr/2013/441

Discussion forum: Show discussion | Start new discussion