Paper 2018/1057

Limiting the impact of unreliable randomness in deployed security protocols

Liliya Akhmetzyanova, Cas Cremers, Luke Garratt, Stanislav V. Smyshlyaev, and Nick Sullivan


Many cryptographic mechanisms depend upon the availability of securely generated random numbers. In practice, the sources of random numbers can be unreliable for many reasons, including bugs, compromise or subversion of standards. While there exist ways to significantly reduce the impact of unreliable randomness, these typically do not work well with practical constraints, such as long-term keys stored in hardware security modules. In practice, even modern protocols like TLS 1.3 lack such mechanisms and are therefore highly vulnerable to unreliable randomness. We propose a wrapper construction that reduces the impact of untrusted randomness, and which is is compatible with, and effective in, existing deployments of protocols such as TLS. We provide a security analysis of the construction and elaborate on design choices and practical interpretations. Our findings show that it is possible to effectively harden deployed protocols against unreliable randomness.

Note: Full rewrite: expanded analysis and integrated description of the mechanism; title changed to reflect the added content.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
cremers @ cispa saarland
lah @ cryptopro ru
2019-10-16: last of 3 revisions
2018-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Liliya Akhmetzyanova and Cas Cremers and Luke Garratt and Stanislav V.  Smyshlyaev and Nick Sullivan},
      title = {Limiting the impact of unreliable randomness in deployed security protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1057},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.