Cryptanalytic Attacks on Pseudorandom Number Generators

Kelsey, John; Schneier, Bruce; Wagner, David; Hall, Chris

doi:10.1007/3-540-69710-1_12

Cryptanalytic Attacks on Pseudorandom Number Generators

John Kelsey⁵,
Bruce Schneier⁵,
David Wagner⁶ &
…
Chris Hall⁵

Conference paper
First Online: 16 October 1998

2565 Accesses
102 Citations
3 Altmetric

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1372)

Abstract

In this paper we discuss PRNGs: the mechanisms used by real-world secure systems to generate cryptographic keys, initialization vectors, “random” nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of the model (and our attacks) to four real-world PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions.

Keywords

Hash Function
Block Cipher
Stream Cipher
Pseudorandom Number Generator
Entropy Sample

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

References

G.B. Agnew, “Random Source for Cryptographic Systems,” Advances in Cryptology — EUROCRYPT’ 87 Proceedings, Springer-Verlag, 1988, pp. 77–81.
Google Scholar
ANSI X 9.17 (Revised), “American National Standard for Financial Institution Key Management (Wholesale),” American Bankers Association, 1985.
Google Scholar
R.W. Baldwin, “Proper Initialization for the BSAFE Random Number Generator,” RSA Laboratories Bulletin, n. 3, 25 Jan 1996.
Google Scholar
W. Dai, Crypto++ library, http://www.eskimo.com/~weidai/cryptlib.html.
D. Davis, R. Ihaka, and P. Fenstermacher, “Cryptographic Randomness from Air Turbulience in Disk Drives,” Advances in Cryptology — CRYPTO’ 94 Proceedings, Springer-Verlag, 1994, pp. 114–120.
Google Scholar
D. Eastlake, S.D. Crocker, and J.I. Schiller, “Randomness Requirements for Security,” RFC 1750, Internet Engineering Task Force, Dec. 1994.
Google Scholar
R.C. Fairchild, R.L. Mortenson, and K.B. Koulthart, “An LSI Random Number Generator (RNG),” Advances in Cryptology: Proceedings of CRYPTO’ 84, Springer-Verlag, 1985, pp. 203–230.
Google Scholar
M. Gude, “Concept for a High-Performance Random Number Generator Based on Physical Random Noise,” Frequenz, v. 39, 1985, pp. 187–190.
Google Scholar
P. Gutmann, “Software Generation of Random Numbers for Cryptographic Purposes,” Proceedings of the 1998 Usenix Security Symposium, 1998, to appear.
Google Scholar
P. Kocher, post to sci.crypt Internet newsgroup (message-IDpckDIr4Ar.L4z@netcom.com), 4 Dec 1995.
Google Scholar
J.B. Lacy, D.P. Mitchell, and W.M. Schell, “CryptoLib: Cryptography in Software,” USENIX Security Symposium IV Proceedings, USENIX Association, 1993, pp. 237–246.
Google Scholar
National Institute for Standards and Technology, “Key Management Using X9.17,” NIST FIPS PUB 171, U.S. Department of Commerce, 1992.
Google Scholar
National Institute for Standards and Technology, “Secure Hash Standard,” NIST FIPS PUB 180, U.S. Department of Commerce, 1993.
Google Scholar
National Institute for Standards and Technology, “Digital Signature Standard,” NIST FIPS PUB 186, U.S. Department of Commerce, 1994.
Google Scholar
P.C. van Oorschot and M.J. Wiener, “Parallel collision search with application to hash function and discrete logarithms,” 2nd ACM Conf. on Computer and Communications Security, New York, NY, ACM, 1994.
Google Scholar
P.C. van Oorschot and M.J. Wiener, “Improving implementable meet-in-the-middle attacks by orders of magnitude,” CRYPTO’ 96, Springer-Verlag, 1996.
Google Scholar
C. Plumb, “Truly Random Numbers, Dr. Dobbs Journal, v. 19, n. 13, Nov 1994, pp. 113–115.
Google Scholar
M. Richterm “Ein Rauschgenerator zur Gweinnung won quasi-idealen Zufallszahlen fur die stochastische Simulation,” Ph.D. dissertation, Aachen University of Technology, 1992. (In German.)
Google Scholar
RSA Laboratories, RSAREF cryptographic library, Mar 1994, ftp://ftp.funet.fi/pub/crypt/cryptography/asymmetric/rsa/rsaref2.tar.gz.
M. Santha and U.V. Vazirani, “Generating Quasi-Random Sequences from Slightly Random Sources,” Journal of Computer and System Sciences, v. 33, 1986, pp. 75–87.
CrossRef MATH MathSciNet Google Scholar
B. Schneier, Applied Cryptrography, John Wiley & Sons, 1996.
Google Scholar
P. Zimmermann, The Official PGP User’s Guide, MIT Press, 1995.
Google Scholar

Download references

Author information

Authors and Affiliations

Counterpane Systems, USA
John Kelsey, Bruce Schneier & Chris Hall
University of California Berkeley, Berkeley
David Wagner

Authors

John Kelsey
View author publications
You can also search for this author in PubMed Google Scholar
Bruce Schneier
View author publications
You can also search for this author in PubMed Google Scholar
David Wagner
View author publications
You can also search for this author in PubMed Google Scholar
Chris Hall
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Ecole Normale Supérieure, DMI, 45, rue d’Ulm, F-75230, Paris Cedex 05, France
Serge Vaudenay

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Kelsey, J., Schneier, B., Wagner, D., Hall, C. (1998). Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (eds) Fast Software Encryption. FSE 1998. Lecture Notes in Computer Science, vol 1372. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69710-1_12

Download citation

DOI: https://doi.org/10.1007/3-540-69710-1_12
Published: 16 October 1998
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64265-7
Online ISBN: 978-3-540-69710-7
eBook Packages: Springer Book Archive