Questions tagged as ['randomness']

Usage of randomness (i.e. non-predictable data, usually in the form of bits or numbers) for cryptographic purposes.
Score: 1
How secure is it to use a 128-bit random seed to derive a 256-bit key for seeding key-pair generation?
cl flag

We are developing an open-source peer-to-peer app, Mapeo, designed for users with low technical experience (and no email or phone) to collect data in offline environments. We are generating their identity on the device for each project as a public-private keypair using libsodium crypto_sign_keypair.

To support identity recovery in the case of device loss or switching to a new device, we want to use  ...

Score: 3
Finlay Weber avatar
Are PRNGs Key Derivation Functions?
ng flag

PRNG is a mechanism to produce randomness from an initial random seed, so basically a way to derive more secrets from one secret.

Looking at the Wikipedia entry for KDF you find

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a main key, a password, or a passphrase.

Which sounds to me like what PRNGS a ...

Score: 2
krystof18 avatar
Is it insecure to make nonce using random number generator and hashing algorythm with secret key like HMAC?
ag flag

I'm building a project on Arduino Mega microcontroller and I need some nonce generator for challenge-response exchange. But I failed to find some alphanumerical string generators. Then I came up with an idea to make one using the random() function that generates random int in limit you give and hash that integer with HMAC using another secret key (one that could be auto-generated on startup since it  ...

Score: 0
Finlay Weber avatar
Is hashing random numbers generated from a TRNG enough to create a key?
ng flag

Is hashing random numbers generated from a TRNG enough to create a key?

Basically taking the output of something like a Lavarand and pass that through a hash function like sha-2.

I guess at the end of the day the core of my question is, can an hash function be used as a pseudorandom number generator?

Score: 3
Diego Hernandez Herrera avatar
DIY TRNG on an embedded system for Ethereum private key generation
cn flag

I'm trying to build this Ethereum hardware wallet on a custom designed embedded system and I'm no expert. Googling around I found this Robust, low-cost, auditable random number generation for embedded system security paper. As I read the proposal in this paper, it sounded quite safe; a real TRNG. Neverthless, as I struggled to simulate the circuit in any online circuit builder, I thought that maybe I ...

Score: 3
dade avatar
Difference between Non-uniformly random and Uniformly random
bt flag

I am reading up on Key Deriving Functions (KDF) and in a section of the Real-World Cryptographic book by David Wong, a comparison is being made with Pseudorandom number generator (PRNG). And one of the differences is said to be that KDF takes non-uniformly random arbitrary length input, while PRNG takes Uniformly random k-bit key. Even though both have Uniformly random arbitrary length output.

Basi ...

Score: 1
NotQuiteSo1337 avatar
Incrementing nonces vs regular nonces?
lk flag

I have recently been studying up on the lorawan protocol for IoT devices.

LoraWAN has a handshake, and then communication can commense. Messages are encrypted and MAC'ed. When encryption and MAC's are made, the values FCntUp and FCntDown are mixed in. FCntUp is used for Uplink messages, while FCntDown is for downlink.

Both of the values start at 0, and increment with every message, and then reset every s ...

Score: 1
Generate unique random values for unqiue input values
pk flag

I'm going to generate unique random values based per a range of unique input values.

In other words I have range of input values which these numbers are part of a series (like a range of serial numbers which are increasing one by one) and there are no duplicate values among them. I want to generate random values based per each of input values which there should not be any duplicate values in output  ...

Score: 1
TyeolRik avatar
Does Endianness matter in NIST SP800-22 test?
cn flag

I am curious about Randomness test suite.

One of the famous randomness test suite, DIEHARDER, said that Endianness does not matter for a "GOOD" random generator.

Note that this is not the same as writing raw floating point numbers (that will not be random at all as a bitstream) and that "endianness" of the uints should not matter for the null hypothesis of a "good" generator, as random bytes are random ...

Score: 0
Mohammed Siddique avatar
Mersenne twister word size and degree of recurrence combination
cn flag

For a 32-Bit variant of Mersenne twister, if the outputs Should be a 5-Bit integer(word size) then what is the value of recurrence according to the k-distribution?

Score: -1
emonhossain avatar
Neural Network based on pseudorandom number
pl flag

Recently, I read this paper NEURAL NETWORK BASED CRYPTOGRAPHY. Under the section 3.1 it said:

The aim is to improve the randomness of the random numbers generated by any algorithm using an NN. In order to improve pseudo-random numbers via a neural network, random numbers are generated by a modified subtract with borrow algorithm in MATLAB. The random numbers generated by the modified subtract with bo ...

Score: 1
sanscrit avatar
Derivating random numbers from random numbers
ua flag

If I have a "truly random number" $K$ of $L$ bits (whatever "truly random" means... is it a value from a normal distribution a truly random number, or only uniform distributions are considered "truly random"?), and a "truly random number" $T$ of $M \le L$ bits,

which arithmetic/bitwise algorithms among $K$ and $T$ can generate new truly random numbers? If $M=L$, is $K + T$ or $K\ xor\ T$ a truly random ...

Score: 1
caveman avatar
Are there on-line ways to use a block cipher to generate unique $n$ bits that guarantee collision-freeness for $2^n$ times?
in flag

$n$ is a run-time variable chosen each time the user runs the implementation.

One way I can think is to use any block cipher, say AES, as a seeded CSPRNG to randomly shuffle list of numbers $0, 1, \ldots, 2^n-1$. This way I guarantee collision-freeness up to $2^n$ numbers. But this approach is too expensive as it will require me to swap $2^n$ numbers.

Another way I can think of is to use the block ciphe ...

Score: 2
typo avatar
Does grouping password characters for readability decrease entropy?
mk flag

For example, for a randomly generated password of 28 lowercase letters, which is about 128 bits of entropy, how would adding a space after every four characters affect it?

ijax jndd kcsw zovc rpbn qqiw aqyb
Score: 0
Cryptographic Random Beacon VS Random Oracle
cn flag

Let's start with what I mean by cryptographic random beacon (RB). A RB is a protocol among some parties who generate a random value all together such that:

  1. these parties do not trust each other
  2. the result is publicly verifiable (anyone can verify the result is correctly generated by the protocol)
  3. The output is unbiasable: No party can make a bias in the result.
  4. the result is unpredictable: no body can p ...
Score: 6
A source of randomness that anyone can independently, conveniently and robustly access?
in flag

Does there exist a source of randomness that anyone in the world can independently, conveniently and robustly access? For example, the 10th decimal place of the temperature in Mexico City is sufficiently random. But it's inconvenient for Bob to access independently, and it can't be measured robustly anyways.

The source of randomness must also be secure, in that no one party controls it (or access ...

Score: 0
Random sampling vs incrementing randomness in cryptographic protocols
do flag

As an example to my question, I post the ECDSA signing algorithm for reference (from wikipedia) to sign a message $m$:

  1. Calculate $e = H ( m )$.
  2. Select a random integer $k \in [ 1 , n − 1 ] $
  3. Calculate the curve point $( x_1 , y_1 ) = k × G $
  4. Calculate $r = x_1$ mod $n$. If $r = 0$ , go back to step 2.
  5. Calculate $s = k ^{− 1} ( z + r d_A )$ mod $n$. If $s = 0$, go back to step 2.
  6. The signatur ...
Score: 0
What are the fastest algorithms that sample from the uniform distribution?
ru flag

Lots of cryptography algorithms rely on pseudorandom number generators. Sometimes, given a plaintext, you need to generate a pseudorandom number from it. What are some fast algorithms that do so?

I've seen one that uses SHA256 and other that uses AES, but I couldn't find any literature about them or some implementation that I can use. They should be fast because processors nowadays have hardware  ...

Score: 1
Sentinel ("trick") values for lattice attack on DSA with biased k (MSB)
in flag

I'm studying lattice attack using this sage script. There are 2 options in script: LSB and MSB. The most interesting option for me is MSB. It recovers private key with less then 100 signatures provided with script. When I run it with my PQG generated by openssl and my own signatures with zeroed 8-bit MSB I was able to recover private key with 800 signatures in one case and unable to recover even wi ...

Score: 4
Vladimir Gamalyan avatar
Weakness of XORing random bytes with secret key
de flag

Side A generates 16 (high quality) random bytes and performs XOR with a 16-byte secret key, then data transfers to side B, where the same secret key is used to recover the original 16 random bytes.

Is there, by chance, a way to guess the secret key by intercepting the XORed data between sides?

Score: 1
LimesBytefend avatar
How to generate a random string in Python for a mission-critical application
kr flag

I'm trying to figure something out, but it is difficult for me. I need to generate a fully random string in Python. My current function is attached below. I just want to know whether this is secure and good for the project that I'm working on, a cryptocurrency type of website.

import random
import string

def get_random_string(length):
    result_str = ''.join(random.choice(string.ascii_letters) fo ...
Score: 2
DurandA avatar
Randomness extraction from a Santha-Vazirani (semi-random) source
us flag

In a quest to better understand randomness extractors (in the context of TRNG post-processing), I read some papers about the von Neumann Extractor and Santha-Vazirani (SV-) sources. The von Neumann extractor is a simple algorithm that works on independent, biased sources such as a biased coin. However, available physical sources of randomness are imperfect and are biased and correlated. Santha and Va ...

Score: 4
DurandA avatar
Use of scrambler LFSR for randomness extraction of semi-random source
us flag

I am using a linear feedback shift register (LFSR) in a scrambler configuration as a randomness extractor for a weakly random source. This source is semi-random (aka. Santha-Vazirani source): the bits are correlated and biased (with a min-entropy of ~0.5 per bit). Here is an example of a LFSR in a scrambler configuration (this one is 12-bit while I am using a 32-bit register) with a downsampler:

Score: 2
Laura avatar
Is generalized birthday attack only suitable for the problem with multiple solutions?
dz flag

In David Wagner's article A Generalized Birthday Problem, he said and I quote:

Our algorithm works only when one can extend the size of the lists freely, i.e, in the special case where there are sufficiently many solutions to the k-sum problem.

  1. Does that means that the generalized birthday attack only applies for the problems with multiple solutions?
  2. Why is it not suitable for the problem with on ...
Score: 2
elonnoe avatar
Advantage of Adversary against a simple function?
ng flag

Attacker has to win following game by distinguishing that output was updated by a certain function or not?

  1. Attacker queries an oracle for the output.

  2. Oracle generates fresh 4 random bytes $a$, $b$, $c$, and $d$ and one random bit $x$.

  3. if $x=0$, Oracle outputs values of $a$, $b$, $c$, and $d$.

  4. if $x=1$, it first updates the values using following equations (applied sequentially) and then outputs updat ...

Score: -1
ShAr avatar
Does this paper find cryptographic weakness of SHA-256?
cn flag

I found only the abstract and tables of this paper

From the abstract

In this paper, the researchers proved that the modified SHA256 is viable to length extension, brute-force and dictionary attacks. Randomness tests also showed uniform random distribution of the hashes generated by the modified SHA256

enter image description here

The meaning of each randomness test: