Paper 2017/208

SoK: Security Models for Pseudo-Random Number Generators

Sylvain Ruhault

Abstract

Randomness plays an important role in multiple applications in cryptography. It is required in fundamental tasks such as key generation, masking and hiding values, nonces and initialization vectors generation. Pseudo-random number generators have been studied by numerous authors, either to propose clear security notions and associated constructions or to point out potential vulnerabilities. In this systematization of knowledge paper, we present the three notions of generators that have been successively formalized: standard generators, stateful generators and generators with input. For each notion, we present expected security properties, where adversaries have increasing capabilities (including access to partial information on the internal variables) and we propose secure and efficient constructions, all based on the block cipher AES. In our description of generators with input, we revisit the notions of accumulator and extractor and we point out that security crucially relies on the independence between the randomness source and the seeds of the accumulator and the extractor. To illustrate this requirement, we identify a potential vulnerability of the NIST standard CTR_DRBG.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in TOSC 2017
Keywords
Pseudo-random number generationsecurity modelsentropy
Contact author(s)
sylvain ruhault @ ens fr
History
2017-03-01: received
Short URL
https://ia.cr/2017/208
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/208,
      author = {Sylvain Ruhault},
      title = {SoK: Security Models for Pseudo-Random Number Generators},
      howpublished = {Cryptology ePrint Archive, Paper 2017/208},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/208}},
      url = {https://eprint.iacr.org/2017/208}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.