We study Pseudorandom Number Generators (PRNGs) as used in practice. We first give a general security framework for PRNGs, incorporating the attacks that users are typically concerned about. We then analyze the most popular ones, including the ANSI X9.17 PRNG and the FIPS 186 PRNG. Our results also suggest ways in which these PRNGs can be made more efficient and more secure.

We expand a previous result of Dean [Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damgård-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2 k-message-block message with about k × 2 n/2+1 +2 n−k+1 work. Using RIPEMD-160 as an example, our attack can find a second preimage for a 2^60 byte message in about 2^106 work, rather than the previously expected 2^160 work. We also provide slightly cheaper ways to find multicollisions than the method of Joux [Jou04]. Both of these results are based on expandable messages–patterns for producing messages of varying length, which all collide on the intermediate hash result immediately after processing the message. We provide an algorithm for finding expandable messages for any n-bit hash function built using the Damgård-Merkle construction, which requires only a small multiple of the work done to find a single collision in the hash function.

: Random Number Generators 1 (RNGs) are an important building block for algorithms and protocols in cryptography. They are paramount in the construction of encryption keys and other cryptographic algorithm parameters. In practice, statistical testing is employed to gather evidence that a generator indeed produces numbers that appear to be random. Few resources are readily available to researchers in academia and industry who wish to analyze their newly developed RNG. To address this problem, NIST has developed new metrics that may be employed to investigate the randomness of cryptographic RNGs. In this paper, issues such as statistical test suites, evaluation frameworks, and the interpretation of results are addressed. 1.0 Introduction In computer security, suitable metrics are needed to investigate the degree of randomness for binary sequences produced by cryptographic random number generators (RNGs). Today, researchers are developing new hardware and software based RNGs. However,...

From security to randomized algorithms, there are many existing problems whose solutions are fundamentally based on the assumption that intrinsically pure random number sources exist. Pseudorandom number generators can imitate randomness sufficiently well for most applications, however, they still rely on some secret seed input. Hardware random number generators attempt to extract randomness directly from complex physical systems. In this way they create random outputs without requiring any seed inputs. In this paper we describe how to use Physical Random Functions (or Physical Unclonable Functions, PUFs) to create a candidate hardware random number generator. We present a short argument supporting the tenability of our methods and provide a brief evaluation of the “randomness ” of numbers generated using PUFs through a series of statistical tests. These tests show promising possibilities for the use of PUFs in hardware random number generation. 1.

We propose a construction of an e#cient, synchronous keystream generator with provable security properties in response to the NESSIE call for primitives. The cryptographic core of the stream cipher is the block cipher Rijndael. We show that a non-trivial attack on the cipher reduces to an attack on Rijndael. The construction uses an optimization of earlier work on pseudorandom generators by Blum and Micali, and Goldreich and Levin. 1