Principles of Pseudorandom Number Generation
•Random
numbers play an important role in the use of encryption for various network
security
applications
•The
Use of Random Numbers: A
number of network security algorithms and protocols based on cryptography make
use of random binary numbers. For example,
–Key
distribution
–Session
key generation
–Generation
of keys for the RSA public-key encryption algorithm
–Generation
of a bit stream for symmetric stream encryption
These applications give rise to two
distinct and not necessarily compatible requirements for a sequence of random
numbers:
•randomness and
•unpredictability
RANDOMNESS
•The sequence
of numbers be random in some well-defined statistical sense.
•The following
two criteria are used to validate that a sequence of numbers is random:
–Uniform
distribution: The distribution of bits in the sequence
should be uniform; that is, the frequency of occurrence of ones and zeros
should be approximately equal.
–Independence:
No
one subsequence in the sequence can be inferred from the others.
UNPREDICTABILITY
•In applications
such as
reciprocal authentication,
session
key generation,
and stream
ciphers, the
requirement is not just that the sequence of numbers be statistically random
but that the successive members of the sequence are unpredictable.
•With “true”
random sequences, each number is statistically independent of other numbers in
the sequence and therefore unpredictable.
•However, true random
numbers are seldom used; rather, sequences of numbers that appear to be random
are generated by some algorithm.
•In this
latter case, care must be taken that an opponent not be able to predict future
elements of the sequence on the basis of earlier elements.
No comments:
Post a Comment