A C OMPARISON OF P SEUDORANDOM N UMBER G ENERATORS Riivo Talviste 3 rd Conference on Advanced Topics in Telecommunication Aug 14 – 15, 2009
I NTRODUCTION Cryptography in everyday life E-banking Estonian ID-card 2
I SSUES Security Good algotithms Weak random number generators (RNGs) Performance RNG has to be fast enough Embedded systems Non-specialized hardware 3
C ONTRIBUTION Analyse pseudorandom number generator libraries Security Performance 4
R ANDOM NUMBER GENERATION Measure physical phenomena Radioactive decay Radio waves from space Special hardware needed With non-specialized hardware Require low-level access to device drivers Operating systems provide these RNGs /dev/random and /dev/urandom in Linux CryptoAPI in Windows 5
R ANDOM NUMBER GENERATION ( SOFTWARE ) Two kind of software random number generators: Deterministic random bit generators aka pseudorandom number generators (PRNGs) Non- deterministic random bit generators aka “true” random number generators National Institute of Standards and Technology: Several approved PRNGs No approved “true” RNGs 6
P SEUDORANDOM NUMBER GENERATOR SEED Security depends on seed – piece of data with enough entropy Seed is initial value that is used to calculate all subsequent values Seed has to chosen carefully 7
T ESTING ENVIRONMENT Tests for each PRNG Written in C++ Generate 1 MB of random Run 100 times, calculate average Environment Intel Core Duo CPU @ 1.83 GHz 2 GB RAM 32-bit Windows 7 RC Cygwin 1.7 With GCC 4.3.2 8
C++ BUILT - IN RANDOM rand() declared in stdlib.h Returns integer between 0 and RAND_MAX ≥ 32767 srand() used to seed PRNG Not cryptograhically secure Generates 1 MB of random in 2.77 ms 9
C RYPTO ++ LIBRARY Open source C++ class library Includes several PRNGs Version 5.6.0 Compiled under Cygwin with GCC 4.3.2 10
C RYPTO ++ LC_RNG Linear congruential generator Not usable for cryptographic purposes Generates 1 MB of random in 31.58 ms 11
C RYPTO ++ R ANDOM P OOL Does not usually produce secure random numbers After calling IncorporateEntropy() generates cryptographically secure random data Method not available in every environment Generates 1 MB of random in 2 437.57 ms 12
C RYPTO ++ A UTO S EEDED R ANDOM P OOL Seeds itself with operating system provided RNG Can use both blocking and non-blocking RNGs Generates cryptographically secure random values Generates 1 MB of random in 2 408.62 ms 13
C RYPTO ++ A UTO S EEDED X917RNG PRNG from ANSI X9.17 Appendix C Seeded with operating system provided PRNG Suitable for cryptographic use Can use different block ciphers Generates 1 MB of random in 3 724.85 ms with DES cipher 2 386.19 ms with Rijndael (AES) cipher 14
O PEN SSL LIBRARY Open source toolkit Implements Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols Version 0.9.8k, precompiled for Cygwin 15
O PEN SSL RAND_ BYTES RAND_pseudorandom_bytes() → not for cryptographic use RAND_bytes() → for cryptographic use Entropy level can be increased by Mixing memory into entropy pool Collecting entropy from Windows events or screen contents Generates 1 MB of random in 2 929.63 ms 16
SNOW 2 Stream cipher Cryptographically secure In theory not as secure as block ciphers Generates 1 MB of random in 6.64 ms 17
PRNG PERFORMANCE TEST RESULTS PRNG name Avg. time (ms) C++ rand() 2.77 Crypto++ LC_RNG 31.58 Crypto++ RandomPool 2 437.57 Crypto++ AutoSeededRandomPool 2 408.62 Crypto++ AutoSeededX917RNG with DES 3 724.85 Crypto++ AutoSeededX917RNG with Rijndael 2 386.19 OpenSSL RAND_bytes() 2 929.63 SNOW 2 6.64 18
T HE S HAREMIND FRAMEWORK Distributed virtual machine Allows to perform multiparty computation on secret shared data. Three independent data-miners Communicate over the netwotk, using special protocol Almost all messages are encrypted 19
M ULTIPLICATION (X9.17 RNG) 900 800 700 600 Time (ms) 500 Other Random 400 Waiting InQueue 300 OutQueue 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 20 Vector size
M ULTIPLICATION (SNOW 2) 900 800 700 600 Time (ms) 500 Other Random 400 Waiting InQueue 300 OutQueue 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 21 Vector size
C OMPARISON OF AES AND SNOW 2 900 800 700 600 Time (ms) 500 AES 400 SNOW 2 300 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 22 Vector size
C ONCLUSION Cryptography is used in our everyday life More secure PRNGs take more time Applications that make intensive use of random number generators should use hardware security modules 23
Recommend
More recommend