BITS F463

CRYPTOGRAPHY
2nd sem 2024-2025
Lecture 10
Pseudo random numbers

BITS Pilani, Hyderabad Campus

Introduction to random
numbers
❖ Random numbers play an important role in the use of encryption for various
network security applications
❖ sequence of numbers be random in some well-defined statistical sense
(with uniform distribution & independent)
❖ In applications such as reciprocal authentication, session key generation,
and stream ciphers, the requirement is not just that the sequence of
numbers be statistically random but that the successive members of the
sequence are unpredictable (so that it is not possible to predict future
values having observed previous values)
❖ With "true" random sequences, each number is statistically independent of
other numbers in the sequence and therefore unpredictable
❖ However, true random numbers are seldom used; rather, sequences of
numbers that appear to be random are generated by some algorithm.

BITS Pilani, Hyderabad Campus

 Random Numbers
• many uses of random numbers in cryptography
– nonces in authentication protocols to prevent replay
– session keys
– public key generation
– keystream for a one-time pad
• in all cases it is critical that these values be
– statistically random, uniform distribution, independent
– unpredictability of future values from previous values
• true random numbers provide this
• care needed with generated random numbers
BITS Pilani, Hyderabad Campus
 Pseudorandom Number Generators
(PRNGs)
Cryptographic applications typically make use of deterministic algorithmic techniques for
random number generation, producing sequences of numbers that are not statistically random,
but if the algorithm is good, the resulting sequences will pass many reasonable tests of
randomness. Such numbers are referred to as pseudorandom numbers, created by
“Pseudorandom Number Generators (PRNGs)”.

• often use deterministic algorithmic techniques

to create “random numbers”
– although are not truly random
– It can pass many tests of “randomness”
• known as “pseudorandom numbers”
• created by “Pseudorandom Number Generators
(PRNGs)”
BITS Pilani, Hyderabad Campus
Designing PRNGs
Contrasts of a true random number generator (TRNG) with two forms of
pseudorandom number generators.
❑ A TRNG takes as input a source that is effectively random; the source is often
referred to as an entropy source.
❑ In contrast, a PRNG takes as input a fixed value, called the seed, and produces a
sequence of output bits using a deterministic algorithm.
Two different forms of PRNGs, based on application
• Pseudorandom number generator: An algorithm that is used to produce an open-
ended sequence of bits is referred to as a PRNG. A common application for an open-
ended sequence of bits is as input to a symmetric stream cipher
• Pseudorandom function (PRF): A PRF is used to produce a pseudorandom string of
bits of some fixed length. Examples are the symmetric encryption keys and nonces.
Typically, the PRF takes as input a seed plus some context specific values, such as a
user ID or an application ID

BITS Pilani, Hyderabad Campus

True Random Numbers

❖ A true random number generator (TRNG) uses a

nondeterministic source to produce randomness
❖ Most operate by measuring unpredictable natural
processes, such as pulse detectors of ionizing radiation
events, gas discharge tubes, and leaky capacitors.
Special hardware is usually needed for this

❖Entropy sources
❖Sound/video input
❖Disk drives

BITS Pilani, Hyderabad Campus

 Natural Random Noise
❖best source is natural randomness in real world
❖find a regular but random event and monitor
❖do generally need special h/w to do this
❖eg. radiation counters, radio noise, audio noise, thermal
noise in diodes, leaky capacitors, mercury discharge tubes
etc
❖starting to see such h/w in new CPUs
❖problems of bias or uneven distribution in signal
❖have to compensate for this when sample, often by
passing bits through a hash function
❖best to only use a few noisiest bits from each sample
❖RFC4086 recommends using multiple sources + hash
BITS Pilani, Hyderabad Campus
deskewing algorithms
❖ A true random number generator may produce an output
that is biased in some way
❖ Various methods of modifying a bit stream to reduce or
eliminate the bias have been developed. These are
referred to as deskewing algorithms.
❖ One approach to deskew is to pass the bit stream
through a hash function such as MD5 or SHA-1
❖ RFC 4086 recommends collecting input from multiple
hardware sources and then mixing these using a hash
function to produce random output.

BITS Pilani, Hyderabad Campus

Random & Pseudorandom Number
Generators

BITS Pilani, Hyderabad Campus

 PRNG Requirements
• randomness
– uniformity, scalability, consistency
• unpredictability
– forward & backward unpredictability
– use same tests to check
• characteristics of the seed
– secure
– if known adversary can determine output
– so must be random or pseudorandom number
BITS Pilani, Hyderabad Campus
More on PRNG requirements
– When a PRNG or PRF is used for a cryptographic application, then the basic
requirement is that an adversary who does not know the seed is unable to determine the
pseudorandom string. This general requirement for secrecy of the output of a PRNG or
PRF leads to specific requirements in the areas of randomness, unpredictability, and the
characteristics of the seed.
– In terms of randomness, the requirement for a PRNG is that the generated bit stream
appear random even though it is deterministic.
– A stream of pseudorandom numbers should exhibit two forms of unpredictability:
forward unpredictability, backward unpredictability.
– The same set of tests for randomness also provide a test of unpredictability. If the
generated bit stream appears random, then it is not possible to predict some bit or bit
sequence from knowledge of any previous bits.
– Similarly, if the bit sequence appears random, then there is no feasible way to deduce
the seed based on the bit sequence. That is, a random sequence will have no correlation
with a fixed value (the seed).
– For cryptographic applications, the seed that serves as input to the PRNG must be
secure. Because the PRNG is a deterministic algorithm, if the adversary can deduce the
seed, then the output can also be determined. Therefore, the seed must be
unpredictable. In fact, the seed itself must be a random or pseudorandom number.

BITS Pilani, Hyderabad Campus

Technique for pseudo random number
generation
➢ By far the most widely used technique for pseudorandom
number generation is the “Linear Congruential
Generator”, first proposed by Lehmer
➢ It uses successive values from an iterative equation.
Given suitable values of parameters can produce a long
random-like sequence, but there are only a small
number of such good choices
➢ The sequence, whilst looking random, is highly
predictable, and an attacker can reconstruct the
sequence knowing only a small number of values
➢ There are some approaches to making this harder to do
in practice by modifying the numbers in some way

BITS Pilani, Hyderabad Campus

 Linear Congruential
Generator
• common iterative technique using:
Xn+1 = (aXn + c) mod m
• given suitable values of parameters it can produce a
long random-like sequence
• suitable criteria to have are:
– function generates a full-period
– generated sequence should appear random
– efficient implementation with 32-bit arithmetic
• note that an attacker can reconstruct sequence given
a small number of values
• have possibilities for making this harder
BITS Pilani, Hyderabad Campus
LCG

This functional initializes a linear congruential RNG state.

This state is a list of four integers: [a, c, m, X]
a,c,m are the parameters of the linear congruential
instantiation X is the current state of the PRNG.
INPUT:
a - The coefficient
c - The offset
m - The modulus
X0 - The initial state
OUTPUT:
state - The initial internal state of the RNG
BITS Pilani, Hyderabad Campus
 Blum Blum Shub (BBS) Generator
• based on public key algorithms
• use least significant bit from iterative equation:
– xi = xi-12 mod n
– where n=p.q, and primes
– First, choose two large prime numbers p and q
such that both have a remainder of r when
divided by n
• unpredictable, passes next-bit test
• security rests on difficulty of factoring N
• is unpredictable given any run of bits
• slow, since very large numbers must be used
• too slow for cipher use, good for key generation
BITS Pilani, Hyderabad Campus
BBS

BlumBlumShub_Initialize(bitlen, seed):
Initializes a Blum-Blum-Shub RNG State.
A BBS-RNG State is a list with two elements: [N, X]
N is a 2*bitlen modulus (product of two primes)
X is the current state of the PRNG.
INPUT:
bitlen - the bit length of each of the prime factors of n
seed - a large random integer to start out the prng
OUTPUT:
state - a BBS-RNG internal state

BITS Pilani, Hyderabad Campus

 CSPRBG
❖ Let n = p x q. Next, choose a random number s , such
that s is relatively prime to n
❖ this is equivalent to saying that neither p nor q is a factor
of s
❖ Then the BBS generator produces a sequence of bits
according to the following algorithm:

The BBS is referred to as a

cryptographically secure
pseudorandom bit
generator (CSPRBG)
BITS Pilani, Hyderabad Campus
“Cryptographically secure”

❖Cryptographically secure" means that a

method or algorithm is designed to withstand
known attacks in the field of cryptography,
ensuring that sensitive information remains
protected and cannot be easily deciphered by
unauthorized parties; essentially, it signifies a
high level of security against attempts to crack
the encryption used to protect data.

BITS Pilani, Hyderabad Campus

“Cryptographically secure”

❖ Strong encryption:
A cryptographically secure method uses complex mathematical
algorithms to encrypt data, making it very difficult to decrypt
without the correct key.
❖ Resistance to attacks:
It is designed to resist various types of attacks like brute force,
known plaintext attacks, and chosen ciphertext attacks.
❖ Standard practices:

Cryptographically secure algorithms are usually well-established and

widely accepted within the security community.

BITS Pilani, Hyderabad Campus

"Cryptographically secure random number
generator":
➢"Cryptographically secure random number
generator":
➢This refers to a random number generator that
produces truly random numbers, crucial for
generating encryption keys that cannot be
easily guessed

BITS Pilani, Hyderabad Campus

 Using Block Ciphers as PRNGs
• for cryptographic applications, we can use a block
cipher to generate random numbers
• often for creating session keys from master key
• CTR
Xi = EK[Vi]
• OFB
Xi = EK[Xi-1]

BITS Pilani, Hyderabad Campus