How to Encrypt with a Malicious Random Number Generator

  • Seny Kamara
  • Jonathan Katz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)


Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (e.g., using a faulty random number generator), or are under partial adversarial control (e.g., when encryption is done by lightweight devices that may be captured and tampered with).

We introduce new notions of security modeling such attacks, propose two concrete schemes meeting our definitions, and show generic transformations for achieving security in this context.


Private-key encryption random number generation 


  1. 1.
    Barak, B., Halevi, S.: A model and architecture for pseudorandom generation and applications to /dev/random. In: ACM Conf. on Computer and Communications Security (2005)Google Scholar
  2. 2.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science (FOCS) (1997)Google Scholar
  3. 3.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)Google Scholar
  4. 4.
    Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: RSA Cryptographers’ Track 2003 (2003)Google Scholar
  5. 5.
    Bosley, C., Dodis, Y.: Does privacy require true randomness? In: Theory of Cryptography Conference 2007 (2007)Google Scholar
  6. 6.
    Dodis, Y., Ong, S.J., Prabhakaran, M., Sahai, A.: On the (im)possibility of cryptography with imperfect randomness. In: 45th Annual Symposium on Foundations of Computer Science (FOCS) (2004)Google Scholar
  7. 7.
    Dodis, Y., Spencer, J.: On the (non)universality of the one-time pad. In: 43rd Annual Symposium on Foundations of Computer Science (FOCS) (2002)Google Scholar
  8. 8.
    Fu, K., Kamara, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: NDSS 2006 (2006)Google Scholar
  9. 9.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1984)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC Press (2007)Google Scholar
  12. 12.
    Katz, J., Yung, M.: Characterization of security notions for probabilistic private-key encryption. J. Cryptology 19(1), 67–96 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    McInnes, J., Pinkas, B.: On the impossibility of private-key cryptography with weakly random keys. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576. Springer, Heidelberg (1992)Google Scholar
  15. 15.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Seny Kamara
    • 1
  • Jonathan Katz
    • 2
  1. 1.Johns Hopkins University 
  2. 2.University of Maryland 

Personalised recommendations