Pseudo-randomness in cryptography
This paper explores the pivotal role of randomness in ensuring the robustness of cryptographic systems. By conducting attacks on historically prevalent Pseudo-Random Number Generators (PRNGs), namely - Dual Elliptic Curve Deterministic Bit Number Generator (Dual-EC-DRBG), Truncated Linear Congruenti...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/175094 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | This paper explores the pivotal role of randomness in ensuring the robustness of cryptographic systems. By conducting attacks on historically prevalent Pseudo-Random Number Generators (PRNGs), namely - Dual Elliptic Curve Deterministic Bit Number Generator (Dual-EC-DRBG), Truncated Linear Congruential Generator (LCG), and Mersenne Twister – it demonstrates the causes of inadequate randomness and implications of these significant security vulnerabilities. The analysis reveals how these vulnerabilities can be exploited, undermining the security of their cryptographic applications.
The paper also attacks the RC4 stream cipher, which relies on the randomness of its keystream for security, further illustrating the wide-ranging impact of insufficient pseudo-randomness on cryptographic integrity. The case studies serve to stress the essential need for adopting more sophisticated and unpredictable pseudo-random number generators within cryptographic frameworks.
In addition, the paper defines the criteria for a cryptographically secure pseudo-random number generator (CSPRNG) and outlines the National Institute of Standards and Technology (NIST) randomness test suite, which offers a framework for evaluating the randomness quality of RNG outputs.
The conclusions drawn from this research underscore the indispensable requirement of high-quality randomness in protecting cryptographic infrastructures from advanced threats, calling for continuous advancements and evaluations in PRNG technologies. |
|---|