{"title":"白盒PRNG:白盒攻击模型下的安全伪随机数生成器","authors":"Weijie Deng","doi":"10.1109/CSP58884.2023.00020","DOIUrl":null,"url":null,"abstract":"The random number generator (RNG) plays a crucial role in modern cryptography. While true RNG (TRNG) is available, pseudo RNG (PRNG) is often preferred due to its better compatibility. However, PRNGs have long been vulnerable to the leakage of internal states, which compromises their properties of resilience, forward security, and backward security. Furthermore, this threat will become more prevalent as adversaries gain full control of the PRNG. Inspired by white-box cryptography, we aim to provide a definition of white-box PRNG that protects against the leakage of internal states. Additionally, we bind the white-box PRNG with a specific application to resist code-lifting attacks. We implement the white-box PRNG based on various types of white-box SM4 ciphers and measure their storage overhead and random number generation speed. Meanwhile, we evaluate the randomness of the generated numbers using randomness test standards, including NIST SP 800-90B and GM/T 0005–2021, and compare the testing results to the output of Linux entropy pool and OpenSSL.","PeriodicalId":255083,"journal":{"name":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"White-Box PRNG: A Secure Pseudo-Random Number Generator under the White-Box Attack Model\",\"authors\":\"Weijie Deng\",\"doi\":\"10.1109/CSP58884.2023.00020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The random number generator (RNG) plays a crucial role in modern cryptography. While true RNG (TRNG) is available, pseudo RNG (PRNG) is often preferred due to its better compatibility. However, PRNGs have long been vulnerable to the leakage of internal states, which compromises their properties of resilience, forward security, and backward security. Furthermore, this threat will become more prevalent as adversaries gain full control of the PRNG. Inspired by white-box cryptography, we aim to provide a definition of white-box PRNG that protects against the leakage of internal states. Additionally, we bind the white-box PRNG with a specific application to resist code-lifting attacks. We implement the white-box PRNG based on various types of white-box SM4 ciphers and measure their storage overhead and random number generation speed. Meanwhile, we evaluate the randomness of the generated numbers using randomness test standards, including NIST SP 800-90B and GM/T 0005–2021, and compare the testing results to the output of Linux entropy pool and OpenSSL.\",\"PeriodicalId\":255083,\"journal\":{\"name\":\"2023 7th International Conference on Cryptography, Security and Privacy (CSP)\",\"volume\":\"89 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 7th International Conference on Cryptography, Security and Privacy (CSP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSP58884.2023.00020\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSP58884.2023.00020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
White-Box PRNG: A Secure Pseudo-Random Number Generator under the White-Box Attack Model
The random number generator (RNG) plays a crucial role in modern cryptography. While true RNG (TRNG) is available, pseudo RNG (PRNG) is often preferred due to its better compatibility. However, PRNGs have long been vulnerable to the leakage of internal states, which compromises their properties of resilience, forward security, and backward security. Furthermore, this threat will become more prevalent as adversaries gain full control of the PRNG. Inspired by white-box cryptography, we aim to provide a definition of white-box PRNG that protects against the leakage of internal states. Additionally, we bind the white-box PRNG with a specific application to resist code-lifting attacks. We implement the white-box PRNG based on various types of white-box SM4 ciphers and measure their storage overhead and random number generation speed. Meanwhile, we evaluate the randomness of the generated numbers using randomness test standards, including NIST SP 800-90B and GM/T 0005–2021, and compare the testing results to the output of Linux entropy pool and OpenSSL.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
