Statistical Properties of Pseudo Random Sequences and Experiments with PHP and Debian OpenSSL
NIST SP800-22 (2010) proposed the state of the art statistical testing techniques for testing the quality of (pseudo) random generators. However, it is easy to construct natural functions that are considered as GOOD pseudorandom generators by the NIST SP800-22 test suite though the output of these functions is easily distinguishable from the uniform distribution. This paper proposes solutions to address this challenge by using statistical distance based testing techniques. We carried out both NIST tests and LIL based tests on the following pseudorandom generators by generating more than 200TB of data in total: (1) the standard C linear congruential generator, (2) Mersenne Twister pseudorandom generator, (3) PHP random generators (including Mersenne Twister and Linear Congruential based), and (4) Debian Linux (CVE-2008-0166) pseudorandom generator with OpenSSL 0.9.8c-1. As a first important result, our experiments show that, PHP pseudorandom generator implementation (both linear congruential generators and Mersenne Twister generators) outputs completely insecure bits if the output is not further processed. As a second result, we illustrate the advantages of our LIL based testing over NIST testing. It is known that Debian Linux (CVE-2008-0166) pseudorandom generator based on OpenSSL 0.9.8c-1 is flawed and the output sequences are predictable. Our LIL tests on these sequences discovered the flaws in Debian Linux implementation. However, NIST SP800-22 test suite is not able to detect this flaw using the NIST recommended parameters. It is concluded that NIST SP800-22 test suite is not sufficient and distance based LIL test techniques be included in statistical testing practice. It is also recommended that all pseudorandom generator implementations be comprehensively tested using state-of-the-art statistically robust testing tools.
Keywordspseudorandom generators statistical testing OpenSSL the law of the iterated logarithm
Unable to display preview. Download preview PDF.
- 3.Debian. Debian security advisory dsa-1571-1, http://www.debian.org/security/2008/dsa-1571
- 6.Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your ps and qs: Detection of widespread weak keys in network devices. In: Proc. 21st USENIX Security Symposium, vol. 2 (2012)Google Scholar
- 7.Khinchin, A.: Über einen satz der wahrscheinlichkeitsrechnung. Fund. Math. 6, 9–20 (1924)Google Scholar
- 9.NIST. Test suite (2010), http://csrc.nist.gov/groups/ST/toolkit/rng/
- 10.OpenSSL. Openssl implementation from http://www.openssl.com/
- 11.RANDOM.ORG. Random.org, http://www.random.org/
- 12.Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST SP 800-22 (2010)Google Scholar