Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream...
Transcript of Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream...
![Page 1: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/1.jpg)
Random Number Generation andStream Cipher
GOUTAM PAUL
Asst. ProfessorDepartment of Computer Science & Engineering
Jadavpur University, Kolkata.
July 16, 2011
Tutorial Workshop on Cryptology(Jointly organized by: CU & Centre of Excellence in Cryptology, ISI)Rajabazar Science College Campus, University of Calcutta, India.
![Page 2: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/2.jpg)
Outline
1 RandomnessDefining RandomnessTesting RandomnessCryptographic Randomness
2 Random Number GenerationNatural Random Number GeneratorsPseudo-Random Number Generators
3 Stream CiphersHardware Stream CiphersSoftware Stream CiphersDistinguisher
![Page 3: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/3.jpg)
Roadmap
1 RandomnessDefining RandomnessTesting RandomnessCryptographic Randomness
2 Random Number GenerationNatural Random Number GeneratorsPseudo-Random Number Generators
3 Stream CiphersHardware Stream CiphersSoftware Stream CiphersDistinguisher
![Page 4: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/4.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.Examples:
Sequence of Head and Tail in an unbiased coin toss.Results of an ideal die roll.Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 5: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/5.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.
Examples:Sequence of Head and Tail in an unbiased coin toss.Results of an ideal die roll.Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 6: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/6.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.Examples:
Sequence of Head and Tail in an unbiased coin toss.Results of an ideal die roll.Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 7: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/7.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.Examples:
Sequence of Head and Tail in an unbiased coin toss.
Results of an ideal die roll.Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 8: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/8.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.Examples:
Sequence of Head and Tail in an unbiased coin toss.Results of an ideal die roll.
Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 9: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/9.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Notion of Randomness
A numeric sequence is said to be statistically randomwhen it contains no recognizable patterns orregularities.Examples:
Sequence of Head and Tail in an unbiased coin toss.Results of an ideal die roll.Digits of π.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 4 of 51
![Page 10: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/10.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Test of (Non-)Randomness
It is not possible to mathematically prove that asequence is random.It is possible to test whether a sequence isnon-random.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 5 of 51
![Page 11: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/11.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Test of (Non-)Randomness
It is not possible to mathematically prove that asequence is random.
It is possible to test whether a sequence isnon-random.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 5 of 51
![Page 12: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/12.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Test of (Non-)Randomness
It is not possible to mathematically prove that asequence is random.It is possible to test whether a sequence isnon-random.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 5 of 51
![Page 13: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/13.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Frequency Test
Checking that each symbol occurs with equalfrequency.For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
![Page 14: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/14.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Frequency Test
Checking that each symbol occurs with equalfrequency.
For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
![Page 15: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/15.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Frequency Test
Checking that each symbol occurs with equalfrequency.For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.
Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
![Page 16: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/16.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Frequency Test
Checking that each symbol occurs with equalfrequency.For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
![Page 17: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/17.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Gap Test
Look at the distances between a particular symbol.For example, for the symbol 0,
00 would be a distance of 0.030 would be a distance of 1.02250 would be a distance of 3, etc.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 7 of 51
![Page 18: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/18.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Gap Test
Look at the distances between a particular symbol.
For example, for the symbol 0,00 would be a distance of 0.030 would be a distance of 1.02250 would be a distance of 3, etc.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 7 of 51
![Page 19: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/19.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Gap Test
Look at the distances between a particular symbol.For example, for the symbol 0,
00 would be a distance of 0.030 would be a distance of 1.02250 would be a distance of 3, etc.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 7 of 51
![Page 20: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/20.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Gap Test
Look at the distances between a particular symbol.For example, for the symbol 0,
00 would be a distance of 0.030 would be a distance of 1.02250 would be a distance of 3, etc.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 7 of 51
![Page 21: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/21.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Run Test
A run is a sequence of consecutive digits.This test is based on the frequency of run-lengths.Example: 522238 has a run of 2’s of length 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 8 of 51
![Page 22: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/22.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Run Test
A run is a sequence of consecutive digits.
This test is based on the frequency of run-lengths.Example: 522238 has a run of 2’s of length 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 8 of 51
![Page 23: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/23.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Run Test
A run is a sequence of consecutive digits.This test is based on the frequency of run-lengths.
Example: 522238 has a run of 2’s of length 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 8 of 51
![Page 24: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/24.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Run Test
A run is a sequence of consecutive digits.This test is based on the frequency of run-lengths.Example: 522238 has a run of 2’s of length 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 8 of 51
![Page 25: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/25.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Autocorrelation Test
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
![Page 26: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/26.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Autocorrelation Test
Correlation between two sequences/processes givesa measure of similarity between them.
Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
![Page 27: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/27.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Autocorrelation Test
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.
If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
![Page 28: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/28.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Autocorrelation Test
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
![Page 29: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/29.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Maurer’s Universal Test
Source modeled as
an ergodic stationary processwith finite memoryhaving arbitrary (unknown) state transitionprobabilities.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 10 of 51
![Page 30: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/30.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Maurer’s Universal Test
Source modeled asan ergodic stationary process
with finite memoryhaving arbitrary (unknown) state transitionprobabilities.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 10 of 51
![Page 31: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/31.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Maurer’s Universal Test
Source modeled asan ergodic stationary processwith finite memory
having arbitrary (unknown) state transitionprobabilities.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 10 of 51
![Page 32: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/32.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Maurer’s Universal Test
Source modeled asan ergodic stationary processwith finite memoryhaving arbitrary (unknown) state transitionprobabilities.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 10 of 51
![Page 33: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/33.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Example with a Binary StringConsider the string 0010110011101.
Frequency test:freq(0)=6, freq(1)=7,freq(00) = 2, freq(01) = 4, freq(10)=3, freq(11) = 3.Gap test: freq(gap 0)=2, freq(gap 1)=1, freq(gap2)=1, freq(gap 3) = 1.Run test: freq(len 1)=4, freq(len 2)=3, freq(len 3)=1.Autocorrelation test:Lag 1 autocorrelation =0.0+0.1+1.0+0.1+1.1+1.0+0.0+0.1+1.1+1.1+1.0+0.1= 3,Lag 2 autocorrelation =0.1+0.0+1.1+0.1+1.0+1.0+0.1+0.1+1.1+1.0+1.1 = 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 11 of 51
![Page 34: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/34.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Example with a Binary StringConsider the string 0010110011101.
Frequency test:freq(0)=6, freq(1)=7,freq(00) = 2, freq(01) = 4, freq(10)=3, freq(11) = 3.
Gap test: freq(gap 0)=2, freq(gap 1)=1, freq(gap2)=1, freq(gap 3) = 1.Run test: freq(len 1)=4, freq(len 2)=3, freq(len 3)=1.Autocorrelation test:Lag 1 autocorrelation =0.0+0.1+1.0+0.1+1.1+1.0+0.0+0.1+1.1+1.1+1.0+0.1= 3,Lag 2 autocorrelation =0.1+0.0+1.1+0.1+1.0+1.0+0.1+0.1+1.1+1.0+1.1 = 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 11 of 51
![Page 35: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/35.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Example with a Binary StringConsider the string 0010110011101.
Frequency test:freq(0)=6, freq(1)=7,freq(00) = 2, freq(01) = 4, freq(10)=3, freq(11) = 3.Gap test: freq(gap 0)=2, freq(gap 1)=1, freq(gap2)=1, freq(gap 3) = 1.
Run test: freq(len 1)=4, freq(len 2)=3, freq(len 3)=1.Autocorrelation test:Lag 1 autocorrelation =0.0+0.1+1.0+0.1+1.1+1.0+0.0+0.1+1.1+1.1+1.0+0.1= 3,Lag 2 autocorrelation =0.1+0.0+1.1+0.1+1.0+1.0+0.1+0.1+1.1+1.0+1.1 = 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 11 of 51
![Page 36: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/36.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Example with a Binary StringConsider the string 0010110011101.
Frequency test:freq(0)=6, freq(1)=7,freq(00) = 2, freq(01) = 4, freq(10)=3, freq(11) = 3.Gap test: freq(gap 0)=2, freq(gap 1)=1, freq(gap2)=1, freq(gap 3) = 1.Run test: freq(len 1)=4, freq(len 2)=3, freq(len 3)=1.
Autocorrelation test:Lag 1 autocorrelation =0.0+0.1+1.0+0.1+1.1+1.0+0.0+0.1+1.1+1.1+1.0+0.1= 3,Lag 2 autocorrelation =0.1+0.0+1.1+0.1+1.0+1.0+0.1+0.1+1.1+1.0+1.1 = 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 11 of 51
![Page 37: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/37.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Example with a Binary StringConsider the string 0010110011101.
Frequency test:freq(0)=6, freq(1)=7,freq(00) = 2, freq(01) = 4, freq(10)=3, freq(11) = 3.Gap test: freq(gap 0)=2, freq(gap 1)=1, freq(gap2)=1, freq(gap 3) = 1.Run test: freq(len 1)=4, freq(len 2)=3, freq(len 3)=1.Autocorrelation test:Lag 1 autocorrelation =0.0+0.1+1.0+0.1+1.1+1.0+0.0+0.1+1.1+1.1+1.0+0.1= 3,Lag 2 autocorrelation =0.1+0.0+1.1+0.1+1.0+1.0+0.1+0.1+1.1+1.0+1.1 = 3.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 11 of 51
![Page 38: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/38.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Encryption increases Randomness
The goal of encryption is to make the transmittedmessage look random.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 12 of 51
![Page 39: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/39.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Encryption increases Randomness
The goal of encryption is to make the transmittedmessage look random.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 12 of 51
![Page 40: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/40.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Perfect Secrecy
Information Theoretic Security:
Prob(P | C) = Prob(P).
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 13 of 51
![Page 41: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/41.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Perfect Secrecy
Information Theoretic Security:
Prob(P | C) = Prob(P).
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 13 of 51
![Page 42: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/42.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
Perfect Secrecy
Information Theoretic Security:
Prob(P | C) = Prob(P).
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 13 of 51
![Page 43: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/43.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
From Non-Random to Random-Looking
Result: XOR(Arbitrary bitstring, Random bitstring) =Random bitstring.Encryption Ci = Mi ⊕ Ki .Decryption: Mi = Ci ⊕ Ki .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 14 of 51
![Page 44: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/44.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
From Non-Random to Random-Looking
Result: XOR(Arbitrary bitstring, Random bitstring) =Random bitstring.
Encryption Ci = Mi ⊕ Ki .Decryption: Mi = Ci ⊕ Ki .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 14 of 51
![Page 45: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/45.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
From Non-Random to Random-Looking
Result: XOR(Arbitrary bitstring, Random bitstring) =Random bitstring.Encryption Ci = Mi ⊕ Ki .
Decryption: Mi = Ci ⊕ Ki .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 14 of 51
![Page 46: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/46.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
From Non-Random to Random-Looking
Result: XOR(Arbitrary bitstring, Random bitstring) =Random bitstring.Encryption Ci = Mi ⊕ Ki .Decryption: Mi = Ci ⊕ Ki .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 14 of 51
![Page 47: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/47.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
One Time Pad
A different keystream is XOR-ed with each differentplaintext message.Has the property of perfect secrecy.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 15 of 51
![Page 48: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/48.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
One Time Pad
A different keystream is XOR-ed with each differentplaintext message.
Has the property of perfect secrecy.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 15 of 51
![Page 49: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/49.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
One Time Pad
A different keystream is XOR-ed with each differentplaintext message.Has the property of perfect secrecy.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 15 of 51
![Page 50: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/50.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Defining RandomnessTesting RandomnessCryptographic Randomness
One Time Pad
A different keystream is XOR-ed with each differentplaintext message.Has the property of perfect secrecy.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 15 of 51
![Page 51: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/51.jpg)
Roadmap
1 RandomnessDefining RandomnessTesting RandomnessCryptographic Randomness
2 Random Number GenerationNatural Random Number GeneratorsPseudo-Random Number Generators
3 Stream CiphersHardware Stream CiphersSoftware Stream CiphersDistinguisher
![Page 52: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/52.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
![Page 53: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/53.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.
Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
![Page 54: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/54.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
![Page 55: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/55.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
![Page 56: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/56.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.
Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
![Page 57: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/57.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.
Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
![Page 58: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/58.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.
Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
![Page 59: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/59.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
![Page 60: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/60.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
![Page 61: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/61.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.
Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
![Page 62: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/62.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
![Page 63: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/63.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
![Page 64: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/64.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.
A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
![Page 65: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/65.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.
Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
![Page 66: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/66.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.
Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
![Page 67: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/67.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
![Page 68: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/68.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 69: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/69.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.
FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 70: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/70.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.
So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 71: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/71.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.
One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 72: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/72.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.
Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 73: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/73.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
![Page 74: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/74.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 75: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/75.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 76: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/76.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.
a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 77: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/77.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.
Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 78: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/78.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().
Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 79: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/79.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.
Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 80: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/80.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
![Page 81: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/81.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 82: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/82.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.
Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 83: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/83.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.
Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 84: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/84.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).
j-th output is given by xj = x2j−1(modn).
Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 85: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/85.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).
Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 86: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/86.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
![Page 87: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/87.jpg)
Roadmap
1 RandomnessDefining RandomnessTesting RandomnessCryptographic Randomness
2 Random Number GenerationNatural Random Number GeneratorsPseudo-Random Number Generators
3 Stream CiphersHardware Stream CiphersSoftware Stream CiphersDistinguisher
![Page 88: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/88.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
General Model of Stream Ciphers
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 25 of 51
![Page 89: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/89.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Need for Initialization Vector (IV)
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
![Page 90: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/90.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Need for Initialization Vector (IV)
The same key always produces the same keystream.
Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
![Page 91: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/91.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Need for Initialization Vector (IV)
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.
As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
![Page 92: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/92.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Need for Initialization Vector (IV)
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.
Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
![Page 93: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/93.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Need for Initialization Vector (IV)
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
![Page 94: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/94.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 95: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/95.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.
LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 96: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/96.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.
Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 97: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/97.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 98: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/98.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.
May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 99: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/99.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.
May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 100: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/100.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware vs. Software Stream Ciphers
Hardware Stream Ciphers.LFSRs are used as linear elements.Combining functions (may be with some amount ofmemory) are used as nonlinear elements.
Software Stream Ciphers.May use word-based LFSR / NFSRs.May use arrays, modular additions and otheroperators.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 27 of 51
![Page 101: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/101.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR⊕ ⊕
b5 b4 b3 b2 b1 b0
⊕ ⊕b6 b5 b4 b3 b2 b1 b0
Figure: LFSR: one step evolution
Recurrence Relation: xn+6 = xn+4 ⊕ xn+1 ⊕ xn
Polynomial over GF (2): x6 + x4 + x1 + 1
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 28 of 51
![Page 102: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/102.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR⊕ ⊕
b5 b4 b3 b2 b1 b0
⊕ ⊕b6 b5 b4 b3 b2 b1 b0
Figure: LFSR: one step evolution
Recurrence Relation: xn+6 = xn+4 ⊕ xn+1 ⊕ xn
Polynomial over GF (2): x6 + x4 + x1 + 1
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 28 of 51
![Page 103: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/103.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR⊕ ⊕
b5 b4 b3 b2 b1 b0
⊕ ⊕b6 b5 b4 b3 b2 b1 b0
Figure: LFSR: one step evolution
Recurrence Relation: xn+6 = xn+4 ⊕ xn+1 ⊕ xn
Polynomial over GF (2): x6 + x4 + x1 + 1GOUTAM PAUL Random Number Generation and Stream Cipher Slide 28 of 51
![Page 104: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/104.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR (cont’d.)
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
![Page 105: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/105.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR (cont’d.)
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.
By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
![Page 106: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/106.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR (cont’d.)
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.
Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
![Page 107: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/107.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR (cont’d.)
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.
Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
![Page 108: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/108.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bit-oriented LFSR (cont’d.)
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
![Page 109: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/109.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Attacking the LFSR-based PRNGs
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
![Page 110: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/110.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Attacking the LFSR-based PRNGs
Suppose we know the segment 011010111100 of akeystream sequence.
We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
![Page 111: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/111.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Attacking the LFSR-based PRNGs
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.
We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
![Page 112: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/112.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Attacking the LFSR-based PRNGs
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.
We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
![Page 113: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/113.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Attacking the LFSR-based PRNGs
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
![Page 114: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/114.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 2
xn+2 = c0xn + c1xn+1.
[0 11 1
] [c0
c1
]=
[10
]Solution: c0 = 1, c1 = 1.But x6 6= x4 + x5.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 31 of 51
![Page 115: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/115.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 2
xn+2 = c0xn + c1xn+1.[0 11 1
] [c0
c1
]=
[10
]
Solution: c0 = 1, c1 = 1.But x6 6= x4 + x5.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 31 of 51
![Page 116: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/116.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 2
xn+2 = c0xn + c1xn+1.[0 11 1
] [c0
c1
]=
[10
]Solution: c0 = 1, c1 = 1.
But x6 6= x4 + x5.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 31 of 51
![Page 117: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/117.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 2
xn+2 = c0xn + c1xn+1.[0 11 1
] [c0
c1
]=
[10
]Solution: c0 = 1, c1 = 1.But x6 6= x4 + x5.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 31 of 51
![Page 118: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/118.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 3
xn+3 = c0xn + c1xn+1 + c2xn+2.
0 1 11 1 01 0 1
c0
c1
c2
=
010
Solution: ?
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 32 of 51
![Page 119: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/119.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 3
xn+3 = c0xn + c1xn+1 + c2xn+2.0 1 11 1 01 0 1
c0
c1
c2
=
010
Solution: ?
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 32 of 51
![Page 120: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/120.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 3
xn+3 = c0xn + c1xn+1 + c2xn+2.0 1 11 1 01 0 1
c0
c1
c2
=
010
Solution: ?
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 32 of 51
![Page 121: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/121.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 4
xn+4 = c0xn + c1xn+1 + c2xn+2 + c3xn+3.
0 1 1 01 1 0 11 0 1 00 1 0 1
c0
c1
c2
c3
=
1011
Solution: c0 = 1, c1 = 1, c2 = 0, c3 = 0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 33 of 51
![Page 122: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/122.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 4
xn+4 = c0xn + c1xn+1 + c2xn+2 + c3xn+3.0 1 1 01 1 0 11 0 1 00 1 0 1
c0
c1
c2
c3
=
1011
Solution: c0 = 1, c1 = 1, c2 = 0, c3 = 0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 33 of 51
![Page 123: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/123.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Try with Length 4
xn+4 = c0xn + c1xn+1 + c2xn+2 + c3xn+3.0 1 1 01 1 0 11 0 1 00 1 0 1
c0
c1
c2
c3
=
1011
Solution: c0 = 1, c1 = 1, c2 = 0, c3 = 0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 33 of 51
![Page 124: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/124.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
General Problem
xn+m = c0xn + c1xn+1 + . . . + cm−1xn+m−1
x1 x2 . . . xm
x2 x3 . . . xm+1...
... . . . ...xm xm+1 . . . x2m−1
c0
c1...
cm−1
=
xm+1
xm+2...
x2m
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
![Page 125: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/125.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
General Problem
xn+m = c0xn + c1xn+1 + . . . + cm−1xn+m−1x1 x2 . . . xm
x2 x3 . . . xm+1...
... . . . ...xm xm+1 . . . x2m−1
c0
c1...
cm−1
=
xm+1
xm+2...
x2m
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
![Page 126: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/126.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
General Problem
xn+m = c0xn + c1xn+1 + . . . + cm−1xn+m−1x1 x2 . . . xm
x2 x3 . . . xm+1...
... . . . ...xm xm+1 . . . x2m−1
c0
c1...
cm−1
=
xm+1
xm+2...
x2m
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
![Page 127: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/127.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Combiner Model
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
![Page 128: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/128.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Combiner Model
Take n LFSRs of different length (may be pairwiseprime).
Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
![Page 129: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/129.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Combiner Model
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.
In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
![Page 130: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/130.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Combiner Model
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.
May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
![Page 131: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/131.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Combiner Model
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
![Page 132: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/132.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 133: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/133.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.
Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 134: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/134.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.Initialize that with a seed.
In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 135: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/135.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.
May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 136: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/136.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.
The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 137: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/137.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Nonlinear Filter-Generator Model
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
![Page 138: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/138.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 139: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/139.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 140: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/140.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 141: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/141.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 142: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/142.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 143: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/143.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 144: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/144.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Boolean Function: Cryptographic Properties
BALANCEDNESS: Necessary to achievePseudo-Random sequence
ALGEBRAIC DEGREE: To achieve high Linear Complexity
NONLINEARITY: For higher Confusion and resistanceagainst: Best Affine Approximation (BAA) Attack andLinear Cryptanalysis.
AUTOCORRELATION: To achieve higher Diffusion, and toresist Differential Cryptanalysis.
CORRELATION IMMUNITY: To resist Correlation Attack
ALGEBRAIC IMMUNITY: To resist Algebraic Attack
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 37 of 51
![Page 145: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/145.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 146: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/146.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.
More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 147: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/147.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)
Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 148: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/148.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.
GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 149: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/149.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?
FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 150: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/150.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.
Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 151: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/151.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.
S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 152: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/152.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hardware Stream Ciphers: Current Trends
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
![Page 153: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/153.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Design Principle
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
![Page 154: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/154.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Design Principle
Initially, stream ciphers were targeted towardshardware only.
Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
![Page 155: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/155.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Design Principle
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.
Typically consists of two modules:KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
![Page 156: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/156.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Design Principle
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
![Page 157: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/157.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
An Example: RC4 (Ron Rivest, 1987)
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
![Page 158: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/158.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
An Example: RC4 (Ron Rivest, 1987)
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.
Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
![Page 159: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/159.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
An Example: RC4 (Ron Rivest, 1987)
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.
Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
![Page 160: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/160.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
An Example: RC4 (Ron Rivest, 1987)
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.
Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
![Page 161: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/161.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
An Example: RC4 (Ron Rivest, 1987)
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
![Page 162: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/162.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
RC4 KSA
0 1 2 i j 255
· · · · · ·
Initialize S-box to identity permutation of{0,1, . . . ,255}Initialize counter: j = 0;for i = 0, . . . ,255
j = j + S[i] + K [i];Swap: S[i]↔ S[j];
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 41 of 51
![Page 163: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/163.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
RC4 PRGA
0 1 2 S[i ] + S[j ] i j 254 255
· · · · · · · · ·
Z �
Initialize the counters: i = j = 0;While you need keystream bytes
Increment counters i = i + 1 and j = j + S[i];Swap S[i]↔ S[j];Output Z = S[S[i] + S[j]];
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 42 of 51
![Page 164: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/164.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Software Stream Ciphers: Current Trends
Word oriented design.Complicated Functions and Operations.Huge Internal State.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 43 of 51
![Page 165: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/165.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Software Stream Ciphers: Current Trends
Word oriented design.
Complicated Functions and Operations.Huge Internal State.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 43 of 51
![Page 166: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/166.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Software Stream Ciphers: Current Trends
Word oriented design.Complicated Functions and Operations.
Huge Internal State.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 43 of 51
![Page 167: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/167.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Software Stream Ciphers: Current Trends
Word oriented design.Complicated Functions and Operations.Huge Internal State.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 43 of 51
![Page 168: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/168.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Basic Idea
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
![Page 169: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/169.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Basic Idea
An event that distinguishes the keystream from auniformly random stream.
For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
![Page 170: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/170.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Basic Idea
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.
The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
![Page 171: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/171.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Basic Idea
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
![Page 172: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/172.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The Setup
Event A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 173: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/173.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 174: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/174.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 175: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/175.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,
n∑r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 176: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/176.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 177: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/177.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,
n∑r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 178: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/178.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
The SetupEvent A, P(A) = p.
Define Xr = 1, if A occurs in r -th sample, else it is 0.
If we observe n samples,n∑
r=1
Xr ∼ B(n,p).
When Xr ’s are i.i.d. and n is large enough,n∑
r=1
Xr ∼ N (np,np(1− p)) .
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 45 of 51
![Page 179: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/179.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hypothesis Testing Approach
TestH0 : p = p0(1 + ε), ε > 0,
againstH1 : p = p0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 46 of 51
![Page 180: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/180.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hypothesis Testing Approach
TestH0 : p = p0(1 + ε), ε > 0,
againstH1 : p = p0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 46 of 51
![Page 181: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/181.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Hypothesis Testing Approach
TestH0 : p = p0(1 + ε), ε > 0,
againstH1 : p = p0.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 46 of 51
![Page 182: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/182.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bounding the Errors
The objective is to find a threshold c in [np0,np0(1 + ε)]such that
P
(n∑
r=1
Xr ≤ c | H0
)≤ α
and
P
(n∑
r=1
Xr > c | H1
)≤ β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 47 of 51
![Page 183: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/183.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bounding the Errors
The objective is to find a threshold c in [np0,np0(1 + ε)]such that
P
(n∑
r=1
Xr ≤ c | H0
)≤ α
and
P
(n∑
r=1
Xr > c | H1
)≤ β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 47 of 51
![Page 184: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/184.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bounding the Errors
The objective is to find a threshold c in [np0,np0(1 + ε)]such that
P
(n∑
r=1
Xr ≤ c | H0
)≤ α
and
P
(n∑
r=1
Xr > c | H1
)≤ β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 47 of 51
![Page 185: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/185.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Bounding the Errors
The objective is to find a threshold c in [np0,np0(1 + ε)]such that
P
(n∑
r=1
Xr ≤ c | H0
)≤ α
and
P
(n∑
r=1
Xr > c | H1
)≤ β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 47 of 51
![Page 186: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/186.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Necessary Condition
For such a c to exist,
np0(1 + ε)− κ1σ1 > np0 + κ2σ2,
where
σ21 = np0(1 + ε) (1− p0(1 + ε)) ,
σ22 = np0(1− p0),
Φ(−κ1) = α
and Φ(κ2) = 1− β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 48 of 51
![Page 187: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/187.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Necessary Condition
For such a c to exist,
np0(1 + ε)− κ1σ1 > np0 + κ2σ2,
where
σ21 = np0(1 + ε) (1− p0(1 + ε)) ,
σ22 = np0(1− p0),
Φ(−κ1) = α
and Φ(κ2) = 1− β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 48 of 51
![Page 188: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/188.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Necessary Condition
For such a c to exist,
np0(1 + ε)− κ1σ1 > np0 + κ2σ2,
where
σ21 = np0(1 + ε) (1− p0(1 + ε)) ,
σ22 = np0(1− p0),
Φ(−κ1) = α
and Φ(κ2) = 1− β.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 48 of 51
![Page 189: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/189.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
How Many Samples Required?
When p0, ε� 1,
n >(κ1 + κ2)2
p0ε2 .
κ1 = κ2 = 0.5 gives α = β = 1− 0.6915 and at least 1p0ε2
samples are required.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 49 of 51
![Page 190: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/190.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
How Many Samples Required?
When p0, ε� 1,
n >(κ1 + κ2)2
p0ε2 .
κ1 = κ2 = 0.5 gives α = β = 1− 0.6915 and at least 1p0ε2
samples are required.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 49 of 51
![Page 191: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/191.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Example of a Distinguisher
RC4 2nd byte.Attack on Broadcast.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 50 of 51
![Page 192: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/192.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Example of a Distinguisher
RC4 2nd byte.
Attack on Broadcast.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 50 of 51
![Page 193: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/193.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
Example of a Distinguisher
RC4 2nd byte.Attack on Broadcast.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 50 of 51
![Page 194: Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur](https://reader035.fdocuments.us/reader035/viewer/2022081517/5fb44f6653abc8351d34adb3/html5/thumbnails/194.jpg)
RandomnessRandom Number Generation
Stream Ciphers
Hardware Stream CiphersSoftware Stream CiphersDistinguisher
I end my talk here ...
Thank You
Homepage: http://www.goutampaul.comEmail: [email protected]
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 51 of 51