Cryptology ePrint Archive: Report 2013/441
On Stochastic Security of Java Crypto and NIST DRBG Pseudorandom Sequences
Abstract: Cryptographic primitives such as secure hash functions
(e.g., SHA1, SHA2, and SHA3) and symmetric
key block ciphers (e.g., AES and TDES) have been commonly used
to design pseudorandom generators with counter modes
(e.g., in Java Crypto Library and in NIST SP800-90A standards).
It is assumed that if these primitives
are secure then the pseudorandom generators
based on these primitives are also secure. However,
no systematic research and analysis have been done
to support this assumption.
Based on complexity theoretic results for pseudorandom sequences,
this paper analyzes stochastic properties of long sequences
produced by hash function based pseudorandom generators DRBG from
NIST SP800-90A and SHA1PRNG from Java Crypto Library.
Our results show that none of these sequences satisfy the
law of the iterated logarithm (LIL) which holds
for polynomial time pseudorandom sequences. Our results also
show that if the seeds and counters for pseudorandom generators
are not appropriately chosen, then the generated sequences
have strongly biased values for LIL-tests
and could be distinguished from uniformly chosen sequences
with a high probability.
Based on these results, appropriate seeding and counter
methods are proposed for pseudorandom generator designs.
The results in this paper reveal some ``non-random'' behavior of
SHA1, SHA2, and of the recently announced SHA3.
Category / Keywords: pseudorandomness
Date: received 13 Jul 2013, withdrawn 27 Jul 2014
Contact author: yonwang at uncc edu
Available format(s): (-- withdrawn --)
Version: 20140727:120745 (All versions of this report)
Short URL: ia.cr/2013/441
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]