Paper 2024/1421
Provable Security of Linux-DRBG in the Seedless Robustness Model
, Korea Advanced Institute of Science and Technology, Norma Inc., Seoul, Korea, Korea Advanced Institute of Science and Technology, DESILO Inc., Seoul, KoreaAbstract
This paper studies the provable security of the deterministic random bit generator~(DRBG) utilized in Linux 6.4.8, marking the first analysis of Linux-DRBG from a provable security perspective since its substantial structural changes in Linux 4 and Linux 5.17. Specifically, we prove its security up to $O(\min\{2^{\frac{n}{2}},2^{\frac{\lambda}{2}}\})$ queries in the seedless robustness model, where $n$ is the output size of the internal primitives and $\lambda$ is the min-entropy of the entropy source. Our result implies $128$-bit security given $n=256$ and $\lambda=256$ for Linux-DRBG. We also present two distinguishing attacks using $O(2^{\frac{n}{2}})$ and $O (2^{\frac{\lambda}{2}})$ queries, respectively, proving the tightness of our security bound.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2024
- Keywords
- Deterministic random bit generatorLinux-DRBGSeedless robustnessProvable security
- Contact author(s)
-
hephaistus @ kaist ac kr
rlagnlrua4 @ gmail com
hicalf @ kaist ac kr
yeongmin lee @ desilo ai - History
- 2024-09-12: revised
- 2024-09-11: received
- See all versions
- Short URL
- https://ia.cr/2024/1421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1421,
author = {Woohyuk Chung and Hwigyeom Kim and Jooyoung Lee and Yeongmin Lee},
title = {Provable Security of Linux-{DRBG} in the Seedless Robustness Model},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1421},
year = {2024},
url = {https://eprint.iacr.org/2024/1421}
}
