Paper 2013/441
On Stochastic Security of Java Crypto and NIST DRBG Pseudorandom Sequences
Yongge Wang
Abstract
Cryptographic primitives such as secure hash functions (e.g., SHA1, SHA2, and SHA3) and symmetric key block ciphers (e.g., AES and TDES) have been commonly used to design pseudorandom generators with counter modes (e.g., in Java Crypto Library and in NIST SP800-90A standards). It is assumed that if these primitives are secure then the pseudorandom generators based on these primitives are also secure. However, no systematic research and analysis have been done to support this assumption. Based on complexity theoretic results for pseudorandom sequences, this paper analyzes stochastic properties of long sequences produced by hash function based pseudorandom generators DRBG from NIST SP800-90A and SHA1PRNG from Java Crypto Library. Our results show that none of these sequences satisfy the law of the iterated logarithm (LIL) which holds for polynomial time pseudorandom sequences. Our results also show that if the seeds and counters for pseudorandom generators are not appropriately chosen, then the generated sequences have strongly biased values for LIL-tests and could be distinguished from uniformly chosen sequences with a high probability. Based on these results, appropriate seeding and counter methods are proposed for pseudorandom generator designs. The results in this paper reveal some ``non-random'' behavior of SHA1, SHA2, and of the recently announced SHA3.
Metadata
- Available format(s)
- -- withdrawn --
- Publication info
- Published elsewhere. Unknown status
- Keywords
- pseudorandomness
- Contact author(s)
- yonwang @ uncc edu
- History
- 2014-07-27: withdrawn
- 2013-07-18: received
- See all versions
- Short URL
- https://ia.cr/2013/441
- License
-
CC BY