# Questions tagged as ['randomness']

Usage of randomness (i.e. non-predictable data, usually in the form of bits or numbers) for cryptographic purposes.
Score: 1
How secure is it to use a 128-bit random seed to derive a 256-bit key for seeding key-pair generation?

We are developing an open-source peer-to-peer app, Mapeo, designed for users with low technical experience (and no email or phone) to collect data in offline environments. We are generating their identity on the device for each project as a public-private keypair using libsodium crypto_sign_keypair.

To support identity recovery in the case of device loss or switching to a new device, we want to use  ...

Score: 3
Are PRNGs Key Derivation Functions?

PRNG is a mechanism to produce randomness from an initial random seed, so basically a way to derive more secrets from one secret.

Looking at the Wikipedia entry for KDF you find

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a main key, a password, or a passphrase.

Which sounds to me like what PRNGS a ...

Score: 2
Is it insecure to make nonce using random number generator and hashing algorythm with secret key like HMAC?

I'm building a project on Arduino Mega microcontroller and I need some nonce generator for challenge-response exchange. But I failed to find some alphanumerical string generators. Then I came up with an idea to make one using the random() function that generates random int in limit you give and hash that integer with HMAC using another secret key (one that could be auto-generated on startup since it  ...

Score: 0
Is hashing random numbers generated from a TRNG enough to create a key?

Is hashing random numbers generated from a TRNG enough to create a key?

Basically taking the output of something like a Lavarand and pass that through a hash function like sha-2.

I guess at the end of the day the core of my question is, can an hash function be used as a pseudorandom number generator?

Score: 3
DIY TRNG on an embedded system for Ethereum private key generation

I'm trying to build this Ethereum hardware wallet on a custom designed embedded system and I'm no expert. Googling around I found this Robust, low-cost, auditable random number generation for embedded system security paper. As I read the proposal in this paper, it sounded quite safe; a real TRNG. Neverthless, as I struggled to simulate the circuit in any online circuit builder, I thought that maybe I ...

Score: 3
Difference between Non-uniformly random and Uniformly random

I am reading up on Key Deriving Functions (KDF) and in a section of the Real-World Cryptographic book by David Wong, a comparison is being made with Pseudorandom number generator (PRNG). And one of the differences is said to be that KDF takes non-uniformly random arbitrary length input, while PRNG takes Uniformly random k-bit key. Even though both have Uniformly random arbitrary length output.

Basi ...

Score: 1
Incrementing nonces vs regular nonces?

I have recently been studying up on the lorawan protocol for IoT devices.

LoraWAN has a handshake, and then communication can commense. Messages are encrypted and MAC'ed. When encryption and MAC's are made, the values FCntUp and FCntDown are mixed in. FCntUp is used for Uplink messages, while FCntDown is for downlink.

Both of the values start at 0, and increment with every message, and then reset every s ...

Score: 1
Generate unique random values for unqiue input values

I'm going to generate unique random values based per a range of unique input values.

In other words I have range of input values which these numbers are part of a series (like a range of serial numbers which are increasing one by one) and there are no duplicate values among them. I want to generate random values based per each of input values which there should not be any duplicate values in output  ...

Score: 1
Does Endianness matter in NIST SP800-22 test?

I am curious about Randomness test suite.

One of the famous randomness test suite, DIEHARDER, said that Endianness does not matter for a "GOOD" random generator.

Note that this is not the same as writing raw floating point numbers (that will not be random at all as a bitstream) and that "endianness" of the uints should not matter for the null hypothesis of a "good" generator, as random bytes are random ...

Score: 0
Mersenne twister word size and degree of recurrence combination

For a 32-Bit variant of Mersenne twister, if the outputs Should be a 5-Bit integer(word size) then what is the value of recurrence according to the k-distribution?

Score: -1
Neural Network based on pseudorandom number

Recently, I read this paper NEURAL NETWORK BASED CRYPTOGRAPHY. Under the section 3.1 it said:

The aim is to improve the randomness of the random numbers generated by any algorithm using an NN. In order to improve pseudo-random numbers via a neural network, random numbers are generated by a modified subtract with borrow algorithm in MATLAB. The random numbers generated by the modified subtract with bo ...

Score: 1
Derivating random numbers from random numbers

If I have a "truly random number" $$K$$ of $$L$$ bits (whatever "truly random" means... is it a value from a normal distribution a truly random number, or only uniform distributions are considered "truly random"?), and a "truly random number" $$T$$ of $$M \le L$$ bits,

which arithmetic/bitwise algorithms among $$K$$ and $$T$$ can generate new truly random numbers? If $$M=L$$, is $$K + T$$ or $$K\ xor\ T$$ a truly random ...

Score: 1
Are there on-line ways to use a block cipher to generate unique $n$ bits that guarantee collision-freeness for $2^n$ times?

$$n$$ is a run-time variable chosen each time the user runs the implementation.

One way I can think is to use any block cipher, say AES, as a seeded CSPRNG to randomly shuffle list of numbers $$0, 1, \ldots, 2^n-1$$. This way I guarantee collision-freeness up to $$2^n$$ numbers. But this approach is too expensive as it will require me to swap $$2^n$$ numbers.

Another way I can think of is to use the block ciphe ...

Score: 2

For example, for a randomly generated password of 28 lowercase letters, which is about 128 bits of entropy, how would adding a space after every four characters affect it?

ijaxjnddkcswzovcrpbnqqiwaqyb
ijax jndd kcsw zovc rpbn qqiw aqyb

Score: 0
Cryptographic Random Beacon VS Random Oracle

Let's start with what I mean by cryptographic random beacon (RB). A RB is a protocol among some parties who generate a random value all together such that:

1. these parties do not trust each other
2. the result is publicly verifiable (anyone can verify the result is correctly generated by the protocol)
3. The output is unbiasable: No party can make a bias in the result.
4. the result is unpredictable: no body can p ...
Score: 6
A source of randomness that anyone can independently, conveniently and robustly access?

Does there exist a source of randomness that anyone in the world can independently, conveniently and robustly access? For example, the 10th decimal place of the temperature in Mexico City is sufficiently random. But it's inconvenient for Bob to access independently, and it can't be measured robustly anyways.

The source of randomness must also be secure, in that no one party controls it (or access ...

Score: 0
Random sampling vs incrementing randomness in cryptographic protocols

As an example to my question, I post the ECDSA signing algorithm for reference (from wikipedia) to sign a message $$m$$:

1. Calculate $$e = H ( m )$$.
2. Select a random integer $$k \in [ 1 , n − 1 ]$$
3. Calculate the curve point $$( x_1 , y_1 ) = k × G$$
4. Calculate $$r = x_1$$ mod $$n$$. If $$r = 0$$ , go back to step 2.
5. Calculate $$s = k ^{− 1} ( z + r d_A )$$ mod $$n$$. If $$s = 0$$, go back to step 2.
6. The signatur ...
Score: 0
What are the fastest algorithms that sample from the uniform distribution?

Lots of cryptography algorithms rely on pseudorandom number generators. Sometimes, given a plaintext, you need to generate a pseudorandom number from it. What are some fast algorithms that do so?

I've seen one that uses SHA256 and other that uses AES, but I couldn't find any literature about them or some implementation that I can use. They should be fast because processors nowadays have hardware  ...

Score: 1
Sentinel ("trick") values for lattice attack on DSA with biased k (MSB)

I'm studying lattice attack using this sage script. There are 2 options in script: LSB and MSB. The most interesting option for me is MSB. It recovers private key with less then 100 signatures provided with script. When I run it with my PQG generated by openssl and my own signatures with zeroed 8-bit MSB I was able to recover private key with 800 signatures in one case and unable to recover even wi ...

Score: 4
Weakness of XORing random bytes with secret key

Side A generates 16 (high quality) random bytes and performs XOR with a 16-byte secret key, then data transfers to side B, where the same secret key is used to recover the original 16 random bytes.

Is there, by chance, a way to guess the secret key by intercepting the XORed data between sides?

Score: 1
How to generate a random string in Python for a mission-critical application

I'm trying to figure something out, but it is difficult for me. I need to generate a fully random string in Python. My current function is attached below. I just want to know whether this is secure and good for the project that I'm working on, a cryptocurrency type of website.

import random
import string

def get_random_string(length):
result_str = ''.join(random.choice(string.ascii_letters) fo ...
Score: 2
Randomness extraction from a Santha-Vazirani (semi-random) source

In a quest to better understand randomness extractors (in the context of TRNG post-processing), I read some papers about the von Neumann Extractor and Santha-Vazirani (SV-) sources. The von Neumann extractor is a simple algorithm that works on independent, biased sources such as a biased coin. However, available physical sources of randomness are imperfect and are biased and correlated. Santha and Va ...

Score: 4
Use of scrambler LFSR for randomness extraction of semi-random source

I am using a linear feedback shift register (LFSR) in a scrambler configuration as a randomness extractor for a weakly random source. This source is semi-random (aka. Santha-Vazirani source): the bits are correlated and biased (with a min-entropy of ~0.5 per bit). Here is an example of a LFSR in a scrambler configuration (this one is 12-bit while I am using a 32-bit register) with a downsampler:

Score: 2
Is generalized birthday attack only suitable for the problem with multiple solutions?

In David Wagner's article A Generalized Birthday Problem, he said and I quote:

Our algorithm works only when one can extend the size of the lists freely, i.e, in the special case where there are sufficiently many solutions to the k-sum problem.

1. Does that means that the generalized birthday attack only applies for the problems with multiple solutions?
2. Why is it not suitable for the problem with on ...
Score: 2

Attacker has to win following game by distinguishing that output was updated by a certain function or not?

1. Attacker queries an oracle for the output.

2. Oracle generates fresh 4 random bytes $$a$$, $$b$$, $$c$$, and $$d$$ and one random bit $$x$$.

3. if $$x=0$$, Oracle outputs values of $$a$$, $$b$$, $$c$$, and $$d$$.

4. if $$x=1$$, it first updates the values using following equations (applied sequentially) and then outputs updat ...

Score: -1
Does this paper find cryptographic weakness of SHA-256?

I found only the abstract and tables of this paper https://dl.acm.org/doi/abs/10.1145/3409501.3409513

From the abstract

In this paper, the researchers proved that the modified SHA256 is viable to length extension, brute-force and dictionary attacks. Randomness tests also showed uniform random distribution of the hashes generated by the modified SHA256

The meaning of each randomness test:

Monobit