In addition to the normal requirements for a PRNG, namely that its output should pass all statistical tests for randomness, a CSPRNG must have two extra properties:
Most PRNGs are not suitable for use as CSPRNGs, as whilst they appear random to statistical tests, they are not designed to resist determined mathematical reverse-engineering.
CSPRNGs are designed explicitly to resist reverse enginnering. There are a number of examples of CSPRNGs. Blum Blum Shub has the strongest security proofs, though it is slow. Most stream ciphers work by generating a pseudorandom stream of bits that are XORed with the message; this stream can be used as a good CSPRNG (thought not always: see RC4). A secure block cipher can also be converted into a CSPRNG by running it in counter mode[?]. This is done by choosing an arbitrary key and encrypting a zero, then encrypting a 1, then encrypting a 2, etc. The counter can also be started at an arbitrary number other than zero. Obviously, the period will be 2n for an n-bit block cipher. A cryptographically secure hash of a counter might also act as a good CSPRNG in some cases. If the counter is a bignum, then the CSPRNG could have an infinite period. Finally, there are PRNGs that have been designed to be cryptographically secure. One example is ISAAC (based on a variant of RC4) which is fast and has an expected cycle length of 28295 and for which no successful attack in a reasonable time has yet been found.
Search Encyclopedia
|
Featured Article
|