Pseudorandom bit and RC4

Module II
 Random numbers
• A number of network security algorithms and protocols based on
cryptography make use of random binary numbers.
• Key distribution and reciprocal authentication schemes
• Session key generation
• Generation of keys for the RSA public-key encryption algorithm
• Generation of a bit stream for symmetric stream encryption

• There are two distinct requirements for a sequence of random

numbers : Randomness and Unpredictability.
Randomness
• Criteria used to validate that a sequence of numbers is random:
• Uniform distribution: The frequency of occurrence of ones and zeros
should be approximately equal.
• Independence: No one subsequence in the sequence can be inferred
from the others.

Unpredictability
• The requirement is not just that the sequence of numbers be statistically
random, but that the successive members of the sequence are
unpredictable.
• With “true” random sequences each number is statistically independent of
other numbers in the sequence and therefore unpredictable.
• True random numbers have their limitations, such as inefficiency, so it is more common
to implement algorithms that generate sequences of numbers that appear to be random.
• Care must be taken that an opponent not be able to predict future elements of the
sequence on the basis of earlier elements.
Pseudorandom Numbers
• Cryptographic applications typically make use of algorithmic
techniques for random number generation.
• These algorithms are deterministic and therefore produce
sequences of numbers that are not statistically random.
• If the algorithm is good, the resulting sequences will pass many
tests of randomness and are referred to as pseudorandom
numbers. Seed
Context specific
Seed values
Source of true
randomness
Deterministic
Algorithm
Deterministic
Conversion to Algorithm
Binary

TRNG
Pseudorandom bit stream Pseudorandom
Random bit stream PRNG PRF value
True Random Number Generator (TRNG)
• Takes as input a source that is effectively random.
• The source is referred to as an entropy source and is drawn from
the physical environment of the computer.
• Includes things such as keystroke timing patterns, disk electrical activity,
mouse movements, and instantaneous values of the system clock.
• The source, or combination of sources, serve as input to an algorithm that
produces random binary output.
• The TRNG may simply involve conversion of an analog source to a binary
output.
• The TRNG may involve additional processing to overcome any bias in the
source.
Pseudo Random Number Generator (PRNG)
• Takes as input a fixed value, called the seed, and produces a
sequence of output bits using a deterministic algorithm.
• Quite often the seed is generated by a TRNG
• The output bit stream is determined solely by the input value or
values, so an adversary who knows the algorithm and the seed
can reproduce the entire bit stream.
• Other than the number of bits produced there is no difference
between a PRNG and a PRF
Pseudo Random Number Generator (PRNG) cntd..
• Two different forms of PRNG:
• Pseudorandom generator (PRNG):
• An algorithm that is used to produce an open-ended sequence of bits.
• Input to a symmetric stream cipher is a common application for an open-ended
sequence of bits.
• Pseudorandom function (PRF)
• Used to produce a pseudorandom string of bits of some fixed length.
• Examples are symmetric encryption keys and nonces
 PRNG requirements
• The basic requirement when a PRNG or PRF is used for a
cryptographic application is that an adversary who does not know
the seed is unable to determine the pseudorandom string.
• The requirement for secrecy of the output of a PRNG or PRF leads
to specific requirements in the areas of:
• Randomness
• Unpredictability
• Characteristics of the seed
 Randomness
• The generated bit stream needs to appear random even though it
is deterministic.
• There is no single test that can determine if a PRNG generates
numbers that have the characteristic of randomness.
• If the PRNG exhibits randomness on the basis of multiple tests, then it
can be assumed to satisfy the randomness requirement.
• NIST SP 800-22 specifies that the tests should seek to establish
three characteristics:
• Uniformity
• Scalability
• Consistency
 Randomness Tests
• Frequency Test
• The most basic test and must be included in any test suite.
• Purpose is to determine whether number of ones and zeros in a sequence is
approximately the same as would be expected for a truly random sequence.
• Runs Test
• Focus of this test is the total number of runs in the sequence, where a run is an
uninterrupted sequence of identical bits bounded before and after with a bit of
the opposite value.
• Purpose is to determine whether number of runs of ones and zeros of various
lengths is as expected for a random sequence.
• Maurer’s Universal Statistical Test
• Focus is the number of bits between matching patterns.
• Purpose is to detect whether or not the sequence can be significantly
compressed without loss of Information. A significantly compressible sequence
is considered to be non-random.
 Unpredictability
• A stream of pseudorandom numbers should exhibit two forms of
unpredictability.
• Forward unpredictability
• If the seed is unknown, the next output bit in the sequence should be unpredictable
in spite of any knowledge of previous bits in the sequence.
• Backward unpredictability
• It should not be feasible to determine the seed from knowledge of any generated
values.
• No correlation between a seed and any value generated from that seed should be
evident.
• Each element of the sequence should appear to be the outcome of an independent
random event whose probability is 1/2.
• The same set of tests for randomness also provides a test of
unpredictability
• A random sequence will have no correlation with a fixed value (the seed)
Seed Requirements
• The seed that serves as input to the PRNG must be secure and
unpredictable.
• The seed itself must be a random or pseudorandom number.
• Typically, the seed is generated by TRNG.
Entropy source

True Random Number

Generator (TRNG)
Seed
Pseudo-Random Number
Generator (PRNG)

Pseudorandom bit stream

 Algorithm Design
• Algorithms fall into two categories.
• Purpose-built algorithms
• Algorithms designed specifically and solely for the purpose of generating
pseudorandom bit streams
• Algorithms based on existing cryptographic algorithms
• Have the effect of randomizing input data

• Three broad categories of cryptographic algorithms are commonly

used to create PRNGs:
• Symmetric block ciphers
• Asymmetric ciphers
• Hash functions and message authentication codes.
 Pseudo Random Number Generators
• Linear Congruential Generator.
• Blum Blum Shub Generator
 Linear Congruential Generator
• An algorithm first proposed by Lehmer that is parameterized with four numbers:
• m the modulus m>0
• a the multiplier 0<a<m
• c the increment 0≤c<m
• 𝑋0 the string value, or seed 0 ≤ 𝑋0 < m
• The sequence of random numbers {𝑋𝑛 } is obtained via the following
iterative equation.
Xn+1 = (aXn + c) mod m
• If m , a , c , and X0 are integers, then this technique will produce a sequence of integers
with each integer in the range 0 ≤ Xn < m.
• The selection of values for a , c , and m is critical in developing a good random number
generator.
Blum Blum Shub Generator
• Has perhaps the strongest public proof of its cryptographic
strength of any purpose-built algorithm.
• Referred to as a cryptographically secure pseudorandom bit
generator (CSPRBG).
• A CSPRBG is defined as one that passes the next-bit-test if there is not a
polynomial-time algorithm that, on input of the first k bits of an output
sequence, can predict the (k + 1)st bit with probability significantly greater
than 1/2
• The security of BBS is based on the difficulty of factoring n.
Blum Blum Shub Generator n=p*q seed (s)=101355
n=192649=383*503

𝑋0 = 𝑠 2 𝑚𝑜𝑑 𝑛
𝑓𝑜𝑟 𝑖 = 1 𝑡 ∞
𝑋𝑖 = 𝑋𝑖−1 2𝑚𝑜𝑑 𝑛
𝐵𝑖 = 𝑋𝑖 𝑚𝑜𝑑 2
Stream cipher
Stream cipher design considerations
RC4
• Designed in 1987 by Ron Rivest for RSA Security.
• Variable key size stream cipher with byte-oriented operations.
• Based on the use of a random permutation.
• Eight to sixteen machine operations are required per output byte and
the cipher can be expected to run very quickly in software.
• Used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS)
standards that have been defined for communication between Web
browsers and servers.
• Is also used in the Wired Equivalent Privacy (WEP) protocol and the
newer WiFi Protected Access (WPA) protocol that are part of the IEEE
802.11 wireless LAN standard
 Encryption algorithm for RC4
RC4_Encryption(K) //continuously permuting state byes, generating keys, and encrypting.
{ i0
//Creation of initial state and key bytes
j0
for(i=0 to 255)
{ while (more byte to encrypt)
S[i]  i {
K[i]  Key [ i mod KeyLength ] i  (i+1) mod 256
} j  (I + S[ i ]) mod 256
//permuting state bytes swap(S[i],S[j])
// based on values of key bytes
t  S[i] + S[j] mod 256
j0
for (i=0 to 255) kS[t]
{ // Key is ready, encrypt
j  (j+S[i]+K[i]) mod 256 input P
swap(S[i], S[j]) CP⊕k
}
RC4 Worked Example
RC4 Worked Example cntd..

To encrypt a plaintext stream P=[ 1 2 2 2]

With Key K=[ 1 2 3 6] using simplified RC4
stream cipher is C=[4 1 2 0]