objectives
play

Objectives Random Bit Generation Pseudorandom Bit Generation - PDF document

Nov 09, 2023 •199 likes •379 views

Pseudorandomness Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Random Bit Generation Pseudorandom Bit Generation

  1. Pseudorandomness Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives • Random Bit Generation • Pseudorandom Bit Generation • Statistical Tests • Crypto-Pseudorandom bit Generation Low Power Ajit Pal IIT Kharagpur 1

  2. Usefulness in Cryptography • Enormous • Key stream in One Time Pads • Secret key in block ciphers • primes p, q in the RSA algorithm • private key in Digital Signature Algorithms – all these quantities must be chosen from a large space – probability of a particular value being selected should be small to avoid optimized search Random Bit Generator • It is a device which outputs a sequence of statistically independent and unbiased bits. • A random integer in the range [0,n] can be obtained by generating a random bit sequence of length ceil(log n)+1, and converting into an integer • Ideally true random number generators should be used. • But they are costly and inefficient • The problem can be solved by substituting random bit generators with pseudorandom generators. Low Power Ajit Pal IIT Kharagpur 2

  3. Pseudorandom bit generators • It is a deterministic algorithm which given a truly random binary sequence of length k, outputs a binary sequence of length l>>k, which appears to be random. – input to the PRBG is called seed – output is called the PRB sequence. Random Tests • A linear congruential generator produces a PR sequence of numbers x 1 , x 2 , … according to the linear recurrence: x n =ax n-1 + b mod m, n ≥ 1 This generator passes statistical tests (tests built on the properties of random sequences) But given a partial sequence, they are predictable, even if a, b and m are unknown: like the LFSR Low Power Ajit Pal IIT Kharagpur 3

  4. Polynomial Statistical Tests • A PRBG is said to pass all polynomial time statistical tests if: – no polynomial time algorithm can correctly distinguish between • an output sequence of the generator • a truly random sequence of the same length with probability significant greater than ½. Next Bit Test • A PRBG is said to pass the next bit test if there is no polynomial time algorithm which on input of the first l bits of the sequence s can predict the (l+1) st bit of s with probability significantly greater than ½. Low Power Ajit Pal IIT Kharagpur 4

  5. Universality of the next bit test • A PRBG passes the next bit test if and only if it passes all polynomial time statistical tests. – A PRBG that passes the next bit test, possibly under some possibly unproven but well known mathematical assumptions is called Cryptographically Secure PRBG. Random Bit Generators • Hardware: – elapsed time between emission of particles during radioactive decay – thermal noise from a resistor – sounds from a microphone – gate delays in circuits Low Power Ajit Pal IIT Kharagpur 5

  6. Random Bit Generators • Software: – system clock – elapsed time between keystrokes or mouse movements – user input – system load in computers – network statistics De-skewing • A natural source of random bits is often defective – output bits are biased (probability of a 1 or 0 is not ½) – correlated (the probability of a source emitting 1 depends on the previous bit) • De-skewing techniques are employed to generate a truly random sequence. Low Power Ajit Pal IIT Kharagpur 6

  7. Example • Suppose a generator produces uncorrelated but biased bits – probability of 1 is p – probability of 0 is 1-p • p is unknown but fixed – Group the output sequence into pairs of bits – Replace output pairs 01 with 0 – Replace output pairs 10 with 1 – Discard the remaining possible pairs • This makes the sequence unbiased and also uncorrelated. A FIPS Pseudorandom bit generation • Input: a random, secret 64 bit seed, s, integer m, 3-DES key k • Output: m pseudorandom 64 bit strings, x 1 ,…, x m • Compute the intermediate value I=E k (D), where D is the date/time • For i from 1 to m, – x i =E k (s ^ I) – s=E k (x i ^ I) • Return (x 1 ,…,x m ) Low Power Ajit Pal IIT Kharagpur 7

  8. Five Basic Tests • Let s=s 0 , s 1 , …, s m be a binary sequence • Statistical tests to determine whether the binary sequence possesses specific characteristics that a truly random sequence is likely to have. Frequency Test • Also called monobit test • Determines whether the number of 0’s and 1’s are approximately same. Low Power Ajit Pal IIT Kharagpur 8

  9. Serial Tests • To determine whether the number of occurrences of 00, 01, 10, 11 as subsequences of s are approximately the same as that in a random sequence. Poker Test • Let m be a positive integer. • Divide the sequence s into k non- overlapping parts each of length m. • The Poker test determines whether the number of times of occurrence of each possible 2 m subsequence is the same as that in a random sequence. Low Power Ajit Pal IIT Kharagpur 9

  10. Runs Test • A run of s is a subsequence of s consisting of consecutive 0s or 1s, which is neither preceded nor succeeded by the same symbol. • A run of 0 is called a gap. • A run of 1 is called a block. • A runs test determines whether the number of runs of various lengths in the sequence s is as expected for a random sequence. Autocorrelation Test • The test checks for correlation between the sequence s and (non- cyclic) shifted versions of it. Low Power Ajit Pal IIT Kharagpur 10

  11. The Normal Distribution A random variable X has a normal distribution with μ σ 2 mean and variance if its probability density function is defined by: − μ 2 ( x ) − 1 = ∞ ∞ σ 2 2 ( ) f x e , - <x< σ π 2 μ σ 2 Notation N : ( , ) Standard Normal Distribution: N(0,1) The N(0,1) Distribution α 0.1 0.05 0.025 0.01 0.005 0.0025 0.001 0.0005 x 1.2816 1.6449 1.9600 2.3263 2.5758 2.8070 3.0902 3.2905 Low Power Ajit Pal IIT Kharagpur 11

  12. The Chi Square Distribution ≥ χ 2 Let v 1. A random variable X has a distribution if the probability density function is defined by: ⎧ 1 − − ≤ < ∞ ( /2) 1 v x /2 ⎪Γ x e , 0 x = ⎨ v /2 ( ) f x ( )2 v ⎪ < ⎩ 0, x 0 Γ w here is the gamma function defined by: ∞ ∫ Γ = − − > t 1 x ( ) t x e dx , for t 0. 0 The mean and variance are v and 2v respectively. Selected Percentiles v=5, α =0.025 x α =12.8325 =>Pr[x> x α ]= α Low Power Ajit Pal IIT Kharagpur 12

  13. Hypothesis Testing • Hypothesis: It is an assertion about a distribution of one or more random variables. • Testing of hypothesis is involved with probability. – Type I error: good samples are rejected. – Type II error: bad samples are accepted. • The significance level α is thus very important. – it is the probability of rejecting a hypothesis when it is good. – when it is high we have more Type I error – when it is low we have more Type II error Randomness Testing • Statistic: A function of the elements of a random sample, for example the number of 0’s in a sequence. • It is assumed that a random distribution is either a normal or chi-square for a value of v. • A significance level α is chosen, and a value of x α is fixed. • The statistic is computed. Low Power Ajit Pal IIT Kharagpur 13

  14. Randomness Testing • Statistic expected to take on smaller values for random sequences: – If the statistic X S >X α reject. – one sided test • Statistic expected to take intermediate values for random sequences: – If the statistic X S >X α or X S <-X α reject. – two sided test Tests and Statistic • All the 5 tests have a corresponding statistic – example for Frequency Test: X=(n 0 -n 1 ) 2 /n, where n 0 and n 1 are respectively the number of 0’s and 1’s in a sequence of size n. Expected value of the statistic is low for a random sequence, so we engage an one-sided test. Low Power Ajit Pal IIT Kharagpur 14

  15. The RSA bit PRBG • Setup: Generate two large primes p, q • Compute N=pq and Ф =(p-1)(q-1) • Select a random integer e, 1<e< Ф , such that gcd(e, Ф )=1 • Select a random integer x 0 in the interval [1,n-1] • For i=1 to l do e mod N – x i =x i-1 – z i =LSB(x i ) • The output sequence is z 1 , z 2 ,… Blum Blum Shub Generator • Generate two large secret random and distinct primes p and q each congruent to 3 mod 4. Compute N=pq. • Select a random integer in [1,N-1] st. gcd(s,N)=1. Compute x 0 =s 2 mod N. • For i from 1 to l, do: 2 mod N – x i =x i-1 – z i =LSB(x i ) • The output sequence is z 1 ,…,z l . Low Power Ajit Pal IIT Kharagpur 15

  16. Points to Ponder! • 1 round of Feistel Structure is not Pseudorandom. • 2 rounds of Feistel Structure is not pseudorandom. Further Reading • A. Menezes, P. Van Oorschot, Scott Vanstone, “Handbook of Applied Cryptography” (Available online) Low Power Ajit Pal IIT Kharagpur 16

  17. Next Days Topic • Cryptographic Hash Functions Low Power Ajit Pal IIT Kharagpur 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Objectives Objectives Objectives Objectives Learning Learning Learning Learning

Objectives Objectives Objectives Objectives Learning Learning Learning Learning

11/14/2016 Is Starting a Nonprofit Right for You? Objectives Objectives Objectives Objectives Learning Learning Learning Learning Understand what a Nonprofit Organization is and the Objectives Objectives Objectives Objectives

382 views • 11 slides
Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives

Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives

Changes to the policing model Tuesday 1 st September 2015 Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives Police the county as one Keep people safe from harm Foster doing things once

403 views • 16 slides
1. WE Objectives Overall Objectives : Contribute to reducing unemployment and poverty by enhancing

1. WE Objectives Overall Objectives : Contribute to reducing unemployment and poverty by enhancing

Enhancement of the Business Environment in the Southern Mediterranean (EBSEM) Women's Entrepreneurship &amp; SME Development in MED Countries A project funded by the European Union 1. WE Objectives Overall Objectives : Contribute to

689 views • 23 slides
Rounding out of objectives Aim To look at the draft objectives in a number of different

Rounding out of objectives Aim To look at the draft objectives in a number of different

Rounding out of objectives Aim To look at the draft objectives in a number of different ways to: Identify any inconsistencies/contradictions Identify any risks to the objectives being met from uncertainties in the modelling

389 views • 10 slides
Objectives The key objectives of this development work are to Have a contact cleaner which

Objectives The key objectives of this development work are to Have a contact cleaner which

Objectives The key objectives of this development work are to Have a contact cleaner which meets the requirements of ANSI ESD 20.20 Does not compromise of the cleaning effectiveness of the equipment Slide 1 Existing Technology Slide

440 views • 13 slides
Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr.

Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr.

Objectives Examples Objectives Examples Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr. Mattox Beckman Perform a beta-reduction. Detect -capture and use -renaming to avoid it.

518 views • 6 slides
Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike; satellite components ) Minimizing volume ( mobile phone; minidisk player ) Objectives Minimizing environmental impact ( packaging, cars ) Maximizing

450 views • 24 slides
STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the

STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the

STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the 1. CBP watershed model currently simulates phosphorus loads from cropland and whether the current simulation approach is consistent with the latest

251 views • 4 slides
Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management

Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management

Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management is all about achieving objectives Time, Cost and Quality are always the main objectives with different relative emphasis The plan for

792 views • 23 slides
1 Program Objectives Program Objectives Cont. Research: Explores new methods to grow and

1 Program Objectives Program Objectives Cont. Research: Explores new methods to grow and

The Why and What The Specialty Crop Program Objectives and Guidelines The Nevada Department of Agriculture opens a competitive solicitation process to award funds for Katie Jameson projects that enhance the competitiveness of Program Manager

426 views • 10 slides
Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

Steven Graff-Radford, DDS Co-Director, the Pain Center Cedars-Sinai Medical Center Clinical Professor USC School of Dentistry Los Angeles, CA Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

373 views • 23 slides
Objectives Objectives Define symptoms and risk factors for ovarian cancer Review the

Objectives Objectives Define symptoms and risk factors for ovarian cancer Review the

Ovarian Cancer Ovarian Cancer Valerie Waddell, MD Assistant Professor, Clinical General Division of Obstetrics and Gynecology The Ohio State University Wexner Medical Center Objectives Objectives Define symptoms and risk factors for

579 views • 23 slides
PO1 Smart Growth specific objectives In accordance with the policy objectives, the ERDF shall

PO1 Smart Growth specific objectives In accordance with the policy objectives, the ERDF shall

EU Budget for the future I nternational cooperation in future smart specialization Marek Przeor DG Regional and Urban Policy #CohesionPolicy #EUinmyRegion PO1 Smart Growth specific objectives In accordance with the policy objectives, the

359 views • 12 slides
Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives

Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives

The Birmingham Hand Centre Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives Midline incision over 4 th EC 1. 2. Elevate ER over EC3+4 3. Retract tendons, dissect onto dorsal ligs 4. Open proximal

235 views • 6 slides
Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality

Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality

Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality Objectives? 2. What have North West London (NWL) residents already told us? 3. What do our current Equality Objectives look like? 4. What do our

223 views • 11 slides
EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives

EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives

EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives 3. Members 4. Activities 5. Seminars 6. Working groups 7. Publications 8. Resolutions and statements 7. Financial

348 views • 18 slides
Chapter 1: Introduction to data OpenIntro Statistics, 2nd Edition Case study Case study 1 Data

Chapter 1: Introduction to data OpenIntro Statistics, 2nd Edition Case study Case study 1 Data

Chapter 1: Introduction to data OpenIntro Statistics, 2nd Edition Case study Case study 1 Data basics 2 Overview of data collection principles 3 Observational studies and sampling strategies 4 Experiments 5 Examining numerical data 6

2.25k views • 187 slides
Outline Significance Levels (8.2.4) z -Tests (8.2.5) ests (8 5) Summary (8.3) 1

Outline Significance Levels (8.2.4) z -Tests (8.2.5) ests (8 5) Summary (8.3) 1

1/18/2007 219323 Probability y and Statistics for Software and Knowledge Engineers Lecture 9: Hypothesis Testing (cont.) Monchai Sopitkamon, Ph.D. Outline Significance Levels (8.2.4) z -Tests (8.2.5) ests (8 5) Summary (8.3)

466 views • 14 slides
Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info

Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info

Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info Mohammed J. Zaki 1 Wagner Meira Jr. 2 1 Department of Computer Science Rensselaer Polytechnic Institute, Troy, NY, USA 2 Department of Computer Science

1.23k views • 78 slides
Selection Regions Assume we have a set of classifiers D = { D 1, D 2, ..., D L } Let R n be

Selection Regions Assume we have a set of classifiers D = { D 1, D 2, ..., D L } Let R n be

Selection Regions Assume we have a set of classifiers D = { D 1, D 2, ..., D L } Let R n be divided into K selection regions (also called regions of competence ) called {R 1, R 2, ..., R k } Let E map each input x to its corresponding Region R j E

466 views • 3 slides
For Wednesday Read chapter 12, section 2 Program 5 due Program 5 Any questions?

For Wednesday Read chapter 12, section 2 Program 5 due Program 5 Any questions?

For Wednesday Read chapter 12, section 2 Program 5 due Program 5 Any questions? Research Paper Any questions? Linear Congruential Generators Basic concept: x i +1 = A x i mod M First x must be given: cannot be 0.

398 views • 20 slides
R ANDOM NUMBER GENERATION ( SOFTWARE ) Two kind of software random number generators:

R ANDOM NUMBER GENERATION ( SOFTWARE ) Two kind of software random number generators:

A C OMPARISON OF P SEUDORANDOM N UMBER G ENERATORS Riivo Talviste 3 rd Conference on Advanced Topics in Telecommunication Aug 14 15, 2009 I NTRODUCTION Cryptography in everyday life E-banking Estonian ID-card 2 I SSUES

252 views • 23 slides
AMath 483/583 Lecture 26 Outline: Monte Carlo methods Random number generators

AMath 483/583 Lecture 26 Outline: Monte Carlo methods Random number generators

AMath 483/583 Lecture 26 Outline: Monte Carlo methods Random number generators Monte Carlo integrators Random walk solution of Poisson problem R.J. LeVeque, University of Washington AMath 483/583, Lecture 26 Announcements

587 views • 41 slides
Classical Ciphers Classical

Classical Ciphers Classical

Classical Ciphers Classical Cryptography Monoalphabetic ciphers: letters of the plaintext alphabet are mapped into unique ciphertext letters Polyalphabetic ciphers:

512 views • 49 slides

More recommend