4,843 research outputs found
Practical Detection of Entropy Loss in Pseudo-Random Number Generators : Extended Version
Pseudo-random number generators (PRNGs) are a critical infrastructure for cryptography and security of many computer applications. At the same time, PRNGs are surprisingly difficult to design, implement, and debug. This paper presents the first static analysis technique specifically for quality assurance of cryptographic PRNG implementations.
The analysis targets a particular kind of implementation defect, the entropy loss. Entropy loss occurs when the entropy contained in the PRNG seed is not utilized to the full extent for generating the pseudo-random output stream. The Debian OpenSSL disaster, probably the most prominent PRNG-related security incident, was one but not the only manifestation of such a defect.
Together with the static analysis technique, we present its implementation, a tool named Entroposcope. The tool offers a high degree of automation and practicality. We have applied the tool to five real-world PRNGs of different designs and show that it effectively detects both known and previously unknown instances of entropy loss
Source-independent quantum random number generation
Quantum random number generators can provide genuine randomness by appealing
to the fundamental principles of quantum mechanics. In general, a physical
generator contains two parts---a randomness source and its readout. The source
is essential to the quality of the resulting random numbers; hence, it needs to
be carefully calibrated and modeled to achieve information-theoretical provable
randomness. However, in practice, the source is a complicated physical system,
such as a light source or an atomic ensemble, and any deviations in the
real-life implementation from the theoretical model may affect the randomness
of the output. To close this gap, we propose a source-independent scheme for
quantum random number generation in which output randomness can be certified,
even when the source is uncharacterized and untrusted. In our randomness
analysis, we make no assumptions about the dimension of the source. For
instance, multiphoton emissions are allowed in optical implementations. Our
analysis takes into account the finite-key effect with the composable security
definition. In the limit of large data size, the length of the input random
seed is exponentially small compared to that of the output random bit. In
addition, by modifying a quantum key distribution system, we experimentally
demonstrate our scheme and achieve a randomness generation rate of over
bit/s.Comment: 11 pages, 7 figure
Postprocessing for quantum random number generators: entropy evaluation and randomness extraction
Quantum random-number generators (QRNGs) can offer a means to generate
information-theoretically provable random numbers, in principle. In practice,
unfortunately, the quantum randomness is inevitably mixed with classical
randomness due to classical noises. To distill this quantum randomness, one
needs to quantify the randomness of the source and apply a randomness
extractor. Here, we propose a generic framework for evaluating quantum
randomness of real-life QRNGs by min-entropy, and apply it to two different
existing quantum random-number systems in the literature. Moreover, we provide
a guideline of QRNG data postprocessing for which we implement two
information-theoretically provable randomness extractors: Toeplitz-hashing
extractor and Trevisan's extractor.Comment: 13 pages, 2 figure
Recommendations and illustrations for the evaluation of photonic random number generators
The never-ending quest to improve the security of digital information
combined with recent improvements in hardware technology has caused the field
of random number generation to undergo a fundamental shift from relying solely
on pseudo-random algorithms to employing optical entropy sources. Despite these
significant advances on the hardware side, commonly used statistical measures
and evaluation practices remain ill-suited to understand or quantify the
optical entropy that underlies physical random number generation. We review the
state of the art in the evaluation of optical random number generation and
recommend a new paradigm: quantifying entropy generation and understanding the
physical limits of the optical sources of randomness. In order to do this, we
advocate for the separation of the physical entropy source from deterministic
post-processing in the evaluation of random number generators and for the
explicit consideration of the impact of the measurement and digitization
process on the rate of entropy production. We present the Cohen-Procaccia
estimate of the entropy rate as one way to do this. In order
to provide an illustration of our recommendations, we apply the Cohen-Procaccia
estimate as well as the entropy estimates from the new NIST draft standards for
physical random number generators to evaluate and compare three common optical
entropy sources: single photon time-of-arrival detection, chaotic lasers, and
amplified spontaneous emission
Source-device-independent heterodyne-based quantum random number generator at 17 Gbps
For many applications, quantum random number generation should be fast and independent from assumptions on the apparatus. Here, the authors devise and implement an approach which assumes a trusted detector but not a trusted source, and allows random bit generations at ~17 Gbps using off-the-shelf components
- …