Stream cipher diagram + + Recall: One-time pad in Chap. 2

Advantage of stream cipher With proper design of PRNG, stream cipher is as secure as block cipher of comparable key length (?) Stream cipher is faster than block cipher

Disadvantage of stream cipher never reuse the same key c.f. you can reuse keys in block cipher Ciphertext 1 = plaintext 1  keystream Ciphertext 2 = plaintext 2  keystream Ciphertext 1  Ciphertext 2 = (plaintext 1  keystream)  (plaintext 2  keystream) = plaintext 1  plaintext 2 If plaintexts are text string, credit card no., or other streams with known properties, then cryptanalysis may be successful. ?[DAWS96]

Random Numbers many uses of random numbers in cryptography keystream for a one-time pad nonces in authentication protocols to prevent replay session keys public key generation Requirement for a sequence of random numbers: Randomness Uniform distribution: freq. of occurrence of each number should be approximately the same Independence: no one value in the seq. can be inferred from the others Unpredictability cannot infer future sequence on previous values

Application: randomization Goal: determine if a given number N is prime Brute-force search: divide N by odd integers less than => tests N= => Randomization: test using a (sufficiently long) sequence of randomly chosen integers

Source of random numbers: 1. Natural Random Noise best source is natural randomness in real world find a regular but random event and monitor do generally need special h/w to do this eg. radiation counters, radio noise, audio noise, thermal noise in diodes, leaky capacitors, mercury discharge tubes etc starting to see such h/w in new CPU's problems of bias or uneven distribution in signal have to compensate for this when sample and use best to only use a few noisiest bits from each sample

2. Published Sources a few published collections of random numbers Rand Co, in 1955, published 1 million numbers generated using an electronic roulette wheel has been used in some cipher designs cf Khafre earlier Tippett in 1927 published a collection issues are that: these are limited too well-known for most uses

3. Pseudorandom Number Generators (PRNGs) algorithmic technique to create “ random numbers ” deterministic algorithm although not truly random can pass many tests of “randomness”

Linear Congruential Generator common iterative technique using: X n+1 = (aX n + c) mod m How to choose suitable values of parameters ? a=1, c=1 a=7, c=0, m=32, X 0 =1 X 0 : initial seed {1, 7, 17, 23, 1, … }

Congruence: Integers Modulo 7 Example congruence 一致 (from Gauss) Z 7 : residue class modulo n Integers a and b are congruence modulo n : a ≡ b mod n

Linear Congruential Generator (cont.) Suitable criteria to have are: 1. function generates a full-period {1, …, m-1} 2. generated sequence should appear random 3. efficient implementation (eg. with 32-bit arithmetic) To satisfy 1. c=0, m is a prime, and certain a (?) 3. For 32-bit arithmetic, m = 2 32 – 1 (prime?) 2. Few a satisfy random: ex. a=7 5 =16807 X n+1 = (aX n + c) mod m X n+1 = (aX n ) mod ( )

Primitive root

Attacks on linear congruential method All parameters are known A single number is discovered, subsequent numbers are known Only know the linear congruential method Know a small sequence of numbers X 1 = (aX 0 + c) mod m X 2 = (aX 1 + c) mod m X 3 = (aX 2 + c) mod m X0X0

Cryptographically generated random numbers can use block cipher to generate numbers 1. use Counter Mode X i = E Km [i] (protected)

Cryptographically generated random numbers (cont.) 2. use Output Feedback Mode X i = E Km [X i-1 ] Looks like RC4 stream cipher

Cryptographically generated random numbers (cont.) 3. ANSI X9.17 PRNG (one of the strongest PRNGs) uses date-time + seed inputs and 3 triple-DES encryptions to generate new seed & random (date/time) (seed) (triple-DES keys) (random output) (next seed)

Blum Blum Shub (BBS) random bit generator based on public key algorithms use least significant bit from iterative equation: x i+1 = x i 2 mod n B i+1 = x i+1 mod 2 where n=pq, and primes p,q=3 mod 4 n= =383x503

Blum Blum Shub (BBS) random bit generator (cont.) unpredictable, passes next-bit test (prediction based on previous k bits) security rests on difficulty of factoring n is unpredictable given any run of bits slow, since very large numbers must be used too slow for cipher use, good for key generation