Cryptology ePrint Archive: Report 2014/504

A Provable Security Analysis of Intel's Secure Key RNG

Thomas Shrimpton and R. Seth Terashima

Abstract: We provide the first provable-security analysis of the Intel Secure Key hardware RNG (ISK-RNG), versions of which have appeared in Intel processors since late 2011. To model the ISK-RNG, we generalize the PRNG-with-inputs primitive, introduced Dodis et al. introduced at CCS'13 for their /dev/[u]random analysis. The concrete security bounds we uncover tell a mixed story. We find that ISK-RNG lacks backward-security altogether, and that the forward-security bound for the ``truly random'' bits fetched by the RDSEED instruction is potentially worrisome. On the other hand, we are able to prove stronger forward-security bounds for the pseudorandom bits fetched by the RDRAND instruction. En route to these results, our main technical efforts focus on the way in which ISK-RNG employs CBCMAC as an entropy extractor.

Category / Keywords: implementation / provable security, random-number generator, entropy extraction

Original Publication (with major differences): IACR-EUROCRYPT-2015

Date: received 26 Jun 2014, last revised 17 Feb 2015

Contact author: sethterashima at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150218:003026 (All versions of this report)

Short URL: ia.cr/2014/504

Discussion forum: Show discussion | Start new discussion