Finding distinguishers for pseudorandom number generators based on permutations

Abstract

In this paper, we consider properties of a pseudorandom number generator (PRNG) based on two random permutations. We investigate the possibility to distinguish this PRNG from a true random number generator. A black-box setting is used when a generator is put in the box, the output sequences from that box are available to the adversary, and also she can restart the box as many times as needed not changing the generator in it. The adversary tries to find out which generator is in the box. We built two statistical distinguishers. One of them is based on the probabilities to observe some particular types of output sequences of finite lengths. The other one checks all output sequences of small fixed lengths. For both distinguishers exact probabilities to observe particular outputs were computed. It was found that both distinguishers require a very large amount of the PRNG output to analyze before they can tell the difference with high certainty. In particular the best distinguisher found requires no less than \(O\left( (2^n)^2\right) \) restarts and altogether at least \(O\left( (2^n)^3\right) \) symbols for analysis in case of n-bit permutations. This indicates that PRNGs on two permutations exhibit very good probabilistic properties close to those of a true RNG.