Insertion attack effects on some PRNGs based on NIST randomness tests tool: Case study on ANSI-X9.17, ANSIX9.31, Dragon and Rabbit algorithms

Abstract

Based on previous research [1], the 1-bit insertion attack with random bits on AES-based PRNG had some effects on randomness property of the output sequences after the attack, where about 8 from total 45 experiments (17.17%) had failed test at most 3 tests on AES-128, 11 experiments from 45 (24.44%) on AES-192 mostly had one failed test where only one experiment has two failed tests, and on AES 256 we got 10 experiments from 45 (22.22%) had failed test at most 3 tests, where 8 of them just have one test. So globally the 1-bit insertion attack with random bits affected the randomness property of AES-based PRNG even not significant based on NIST randomness tests under α =0.01. In this research, we also expand the case study on the other 4 algorithms ANSI X9.17, X9.31, Dragon and Rabbit Stream Cipher. The scenario still the same with level of significant α = 0.01. From the experiments, we found that the insertion attack with random bits on the four algorithms has affected the randomness property of the output sequences after the attack indicated by at least 2 experiments from 30 experiments on each algorithms has failed tests at most 2 tests on average on each experiment. The effects are increasing for higher intensity level. Among the 4 algorithms, the Dragon-based algorithm is stronger against the three other algorithms indicated by only 2 failed tests occurred in two different experiments. It is also shown that the insertion attack effect with extreme bits is very significant which may danger the randomness of the target PRNG that should be anticipated.