How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Maintaining Security in the Presence of Transient Faults
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Practical Cryptography
Software generation of practically strong random numbers
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Forward-security in private-key cryptography
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Entropic security and the encryption of high entropy messages
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
IEEE Security and Privacy
Cryptanalysis of the windows random number generator
Proceedings of the 14th ACM conference on Computer and communications security
How to Encrypt with a Malicious Random Number Generator
Fast Software Encryption
Pseudo-randomness Inside Web Browsers
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
PRNG based on new HCI devices entropy sources: Wii remote study case
Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship
Games for extracting randomness
Proceedings of the 5th Symposium on Usable Privacy and Security
Cryptanalysis of the random number generator of the Windows operating system
ACM Transactions on Information and System Security (TISSEC)
Nonce Generators and the Nonce Reset Problem
ISC '09 Proceedings of the 12th International Conference on Information Security
Games for extracting randomness
XRDS: Crossroads, The ACM Magazine for Students - Comp-YOU-Ter
Cryptographic extraction and key derivation: the HKDF scheme
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On the use of financial data as a random beacon
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Lightweight RFID authentication with forward and backward security
ACM Transactions on Information and System Security (TISSEC)
Leftover Hash Lemma, revisited
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes
Wireless Personal Communications: An International Journal
The Twist-AUgmented technique for key exchange
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Entropy harvesting from physical sensors
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Security analysis of pseudo-random number generators with input: /dev/random is not robust
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems
Journal of Network and Computer Applications
Hi-index | 0.00 |
We present a formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source. Our model and architecture have the following properties:Resilience. The generator's output looks random to an observer with no knowledge of the internal state. This holds even if that observer has complete control over data that is used to refresh the internal state.Forward security. Past output of the generator looks random to an observer, even if the observer learns the internal state at a later time.Backward security/Break-in recovery. Future output of the generator looks random, even to an observer with knowledge of the current state, provided that the generator is refreshed with data of sufficient entropy.Architectures such as above were suggested before. This work differs from previous attempts in that we present a formal model for robust pseudo-random generation, and provide a formal proof within this model for the security of our architecture. To our knowledge, this is the first attempt at a rigorous model for this problem.Our formal modeling advocates the separation of the entropy extraction phase from the output generation phase. We argue that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography. On the other hand, we show that the latter can be implemented using any standard (non-robust) cryptographic PRG.We also discuss the applicability of our architecture for applications such as /dev/(u)random in Linux and pseudorandom generation on smartcards.