Cryptology ePrint Archive: Report 2019/078

Testing the Randomness of Cryptographic Function Mappings

Alan Kaminsky

Abstract: A cryptographic function with a fixed-length output, such as a block cipher, hash function, or message authentication code (MAC), should behave as a random mapping. The mapping's randomness can be evaluated with statistical tests. Statistical test suites typically used to evaluate cryptographic functions, such as the NIST test suite, are not well-suited for testing fixed-output-length cryptographic functions. Also, these test suites employ a frequentist approach, making it difficult to obtain an overall evaluation of the mapping's randomness. This paper describes CryptoStat, a test suite that overcomes the aforementioned deficiencies. CryptoStat is specifically designed to test the mappings of fixed-output-length cryptographic functions, and CryptoStat employs a Bayesian approach that quite naturally yields an overall evaluation of the mappings' randomness. Results of applying CryptoStat to reduced-round and full-round versions of the AES block ciphers and the SHA-1 and SHA-2 hash functions are reported; the results are analyzed to determine the algorithms' randomness margins.

Category / Keywords: foundations / Statistical tests, Bayesian model selection, AES block cipher, SHA-1 hash function, SHA-2 hash function

Date: received 23 Jan 2019

Contact author: ark at cs rit edu

Available format(s): PDF | BibTeX Citation

Version: 20190128:153426 (All versions of this report)

Short URL: ia.cr/2019/078


[ Cryptology ePrint archive ]