Paper 2024/1421

Provable Security of Linux-DRBG in the Seedless Robustness Model

Woohyuk Chung, Korea Advanced Institute of Science and Technology
Hwigyeom Kim, Norma Inc., Seoul, Korea
Jooyoung Lee, Korea Advanced Institute of Science and Technology
Yeongmin Lee, DESILO Inc., Seoul, Korea
Abstract

This paper studies the provable security of the deterministic random bit generator~(DRBG) utilized in Linux 6.4.8, marking the first analysis of Linux-DRBG from a provable security perspective since its substantial structural changes in Linux 4 and Linux 5.17. Specifically, we prove its security up to $O(\min\{2^{\frac{n}{2}},2^{\frac{\lambda}{2}}\})$ queries in the seedless robustness model, where $n$ is the output size of the internal primitives and $\lambda$ is the min-entropy of the entropy source. Our result implies $128$-bit security given $n=256$ and $\lambda=256$ for Linux-DRBG. We also present two distinguishing attacks using $O(2^{\frac{n}{2}})$ and $O (2^{\frac{\lambda}{2}})$ queries, respectively, proving the tightness of our security bound.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2024
Keywords
Deterministic random bit generatorLinux-DRBGSeedless robustnessProvable security
Contact author(s)
hephaistus @ kaist ac kr
rlagnlrua4 @ gmail com
hicalf @ kaist ac kr
yeongmin lee @ desilo ai
History
2024-09-19: last of 2 revisions
2024-09-11: received
See all versions
Short URL
https://ia.cr/2024/1421
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1421,
      author = {Woohyuk Chung and Hwigyeom Kim and Jooyoung Lee and Yeongmin Lee},
      title = {Provable Security of Linux-{DRBG} in the Seedless Robustness Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1421},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1421}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.