Random Number Generation Is Getting Harder It s Time to Pay Attention
|
|
- Anis Hoover
- 6 years ago
- Views:
Transcription
1 SESSION ID: PDAC-F03 Random Number Generation Is Getting Harder It s Time to Pay Attention Richard Moulds General Manager Whitewood Richard Hughes Laboratory Fellow (Retired) Los Alamos National Laboratory
2 All crypto security starts with random numbers Crypto security assumptions rely on keys being random, when patterns emerge (or are engineered) keys get more predictable Anything less than true randomness is a risk
3 But, there s a problem We need more and more randomness But, we are less and less sure we have enough entropy More and more crypto in use Longer and longer keys Increased key management scrutiny Tougher compliance Quantum threat Abstraction, containers and VMs Hosted and cloud environments Headless systems, no users Snap shots and replication Low power IoT devices
4 Hidden vulnerabilities and backdoors of choice
5 Basic requirements for randomness Uniformity: As many 1s as 0s, on average Independence: Each bit uncorrelated with all previous - statistical tests Diehard(er), NIST SP STS, TestU01 etc. These are necessary, but are not sufficient: π passes these tests For cryptography, we also need - Compromise of one output must not compromise future or previous outputs Different outputs from each use
6 Unpredictability, irreproducibility requires entropy A hypothetical source of random numbers: Tossing a fair coin N times makes an N-bit random binary sequence (H=0, T=1) Example: 256 coin flips generate a 256-bit binary sequence Probability of a 256-bit output sequence x, is P x Unpredictability is quantified by entropy Min-entropy captures the probability that the output could be guessed in 1 trial But practical coin flips are biased: A bias of 51:49 is typical - i.e. not uniform How unpredictable? P. Diaconis et al., Dynamical Bias in the Coin Toss, SIAM Review 49, no.2, 211 (2007). 256 flips with a bias of 51:49 has H = 249 bits As unpredictable as 249 flips of a fair coin How to find entropy, quantify it, and use it to make a trusted, verifiable source of randomness for crypto?
7 Finally we have a standard (nearly) Specifying an entropy source is a complicated matter. This is partly due to confusion in the meaning of entropy, and partly due to the fact that, while other parts of an RBG design are strictly algorithmic, entropy sources depend on physical processes that may vary from one instance of a source to another. Recommendation for the Entropy Sources Used for Random Bit Generation (SP800-90B 2 nd draft) NIST January 2016 Constructions specify how entropy sources can be used to supply cryptographic randomness Assured randomness that s easy to use
8 NIST SP B entropy assessment A very general methodology Treats noise source as a black box Novel feature: entropy assessment Sequential and restart internal datasets Permutation testing to determine IID or non-iid Numerical entropy assessment tests Beyond statistical randomness tests Provides internal and external entropy scores Measured as bits of entropy per bit of output What entropy scores do present and future randomness sources have?
9 Why so complicated? Most random numbers come from the Operating System RANDOM NUMBER GENERATO R But software doesn t act randomly
10 Entropy - a long standing issue Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin. (J. von Neumann, 1951)
11 Pseudo-random numbers an oxymoron? Entropy Source Random Seeds Operating System Pseudorandom number generator Random Numbers Crypto Application Shuffling the deck Dealing the deck
12 Where does entropy come from? Local Environment Host System Keyboards Mouse Clicks App1 App2 App3 Random Numbers Camera Entropy Pseudo-random number generator Operating System Microphone Entropy Antenna CPU Timing Network Timing Hard Drive Timing Hardware
13 But in a virtual world Local Environment Host System Keyboards Mouse Clicks App1 App2 App3 Random Numbers Camera Pseudo-random number generator Operating System Microphone Hypervisor Antenna CPU Timing Network Timing Hard Drive Timing Hardware
14 Random number generators in Linux Delivers random numbers only if sufficient entropy has been captured - otherwise it stops Delivers random numbers irrespective of how much entropy has been captured
15 Entropy sources in Linux Interrupt Events Timer Events (Disk activity, keyboard clicks and mouse movements etc.) Interrupt Entropy Pool (1024 bits) Main Entropy Pool (4096 bits) /dev/urandom PRNG /dev/random PRNG Check your entropy level with: cat /proc/sys/kernel/random/entropy_avail
16 Interrupt derived entropy in Linux Kernel IRQ handler adds data from interrupts into the Interrupt Pool Cycle Count & Kernel Timer (4 bytes) IRQ (4 bytes) Instruction Pointer (8 bytes) Cycles Kernel IRQ Instruction Pointer Entropy Score: bits 14of entropy per bit (non-iid) Thanks to Adam Everspaugh -
17 Disk derived entropy in Linux Timing of disk events is added directly to Input Pool Kernel Timer (4 bytes) Cycle Counter (4 bytes) Device ID (8 bytes) Kernel Timer Cycles Device ID Entropy Score: bits of entropy per bit (non-iid) Thanks to Adam Everspaugh -
18 Enhancing system entropy Goal: Generate true random numbers from a PRNG Good news - entropy is always additive Supplementary entropy source(s) Existing Applications PRNG e.g. /dev/random True random numbers Operating System Existing system entropy
19 Supplementary sources of entropy Three general approaches to improve entropy beyond the basic kernel: 1. Software daemons to more efficiently extract entropy for existing signals in interrupts State changes - HAVEGED ( Timing Jitter CPU Jitter RNG ( Microphones and cameras audio-entropyd ( and 2. Local hardware based entropy sources (>0.99 bits of entropy per output bit?) Embedded CPU feature - e.g. Intel RdRand External or plug in devices - USB sticks, HSMs, PCI cards, etc. 3. Network based entropy sources and RNGs Random number services ( and Entropy as a Service ( and
20 Comparing hardware RNGs Entropy or noise source Sample analog noise Digitize Remove sampling distortion (no entropy added) Post Processing Entropy extraction and whitening (no entropy added) Conditioning Random number outputs Noise sources Electrical noise Thermal noise Metastable circuits Ring oscillators Quantum fluctuations Health tests and entropy measurements Assessment criteria Quality of entropy source Verifiability of implementation Access to raw entropy for testing Data output rate Reliability of health tests Pseudo random number Generator Data rate expansion (no entropy added)
21 Comparison of supplementary entropy sources Jitter Daemons Embedded Hardware Sources Retrofit Hardware Sources Entropy as a Service Goal Low cost improvements Hardware/CPU differentiation Compliance and security Consistency and security Maturity Open source Mature Niche Emerging Advantages Low cost Low cost Speed Assurance Speed Consistency Assurance Barriers Hard to validate Hard to Manage Hard to validate Platform specific Inconvenient Cost Trust Immaturity
22 Summary Random numbers are critical for security but are often poorly understood and managed Random number generators are a point of attack and vulnerability potentially an invisible one Modern application environments present entropy challenges VMs, cloud and IoT Proving the operation and quality of entropy sources and random number generators goes beyond statistical tests - NIST SP B will help Supplementary sources of entropy can help and exist in various deployment models Random number generation should be a critical component of your key management strategy and datacenter infrastructure
23 Apply what you have learned today Next week you should: Identify applications that require true random numbers Think about entropy sources and their availability within your application environments In the first three months following this presentation you should: Consider supplementary entropy sources where risks of entropy starvation might exist Assess tools to test the quality of randomness in your organization Track the evolution (and finalization) of NIST SP Within six months you should: Consider entropy management in data center infrastructure planning Consider entropy as part of any IoT strategy Make NIST standards certification a purchase criteria Define internal entropy validation and assurance policies
24 Thank you Questions?
Entropy. Finding Random Bits for OpenSSL. Denis Gauthier and Dr Paul Dale Network Security & Encryption May 19 th 2016
Entropy Finding Random Bits for OpenSSL Denis Gauthier and Dr Paul Dale Network Security & Encryption May 19 th 2016 Program Agenda 1 2 3 4 OpenSSL s Entropy Finding Good Quality Entropy Designing an Entropy
More informationPseudo-Random Generators
Pseudo-Random Generators Why do we need random numbers? Simulation Sampling Numerical analysis Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols
More informationPseudo-Random Generators
Pseudo-Random Generators Topics Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationTopics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers
Topics Pseudo-Random Generators Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More information/dev/random and SP800-90B
/dev/random and SP800-90B Stephan Müller atsec information security 2015 atsec public atsec information security 2015 Agenda Linux RNG applied to concepts of SP800-90B chapter
More informationRandom Bit Generation
.. Random Bit Generation Theory and Practice Joshua E. Hill Department of Mathematics, University of California, Irvine Math 235B January 11, 2013 http://bit.ly/xwdbtv v. 1 / 47 Talk Outline 1 Introduction
More informationA study of entropy transfers
A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F. Goichon, G. Salagnac, C. Lauradoux The need for random numbers Computers are built to be fully deterministic......but
More informationSurvey of Hardware Random Number Generators (RNGs) Dr. Robert W. Baldwin Plus Five Consulting, Inc.
Survey of Hardware Random Number Generators (RNGs) Dr. Robert W. Baldwin Plus Five Consulting, Inc. Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG
More informationChair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics
Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 2 Basics 2.4 Random Number Generation for Cryptographic Protocols Motivation It is
More informationDesign of Secure TRNGs for Cryptography Past, Present, and Future
Design of Secure TRNGs for Cryptography Past, Present, and Future Viktor FISCHER Univ Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516 F-42023, SAINT-ETIENNE, France fischer@univ-st-etienne.fr
More informationWhat is the Q in QRNG?
What is the Q in QRNG? IN ORDER TO GUARANTEE ABSOLUTELY RANDOM NUMBERS, RNGS (RANDOM NUMBER GENERATORS) MUST NOT BE VULNERABLE TO PREDICTION OR BIAS, AND THUS DICTATED BY TRUE RANDOMNESS. BUT HOW CAN WE
More informationThe Entropy Bogeyman. Ed Morris and Khai Van November 5, 2015 International Crypto Module Conference
The Entropy Bogeyman Ed Morris and Khai Van November 5, 2015 International Crypto Module Conference Topics Overview Background Design Problems Public Entropy Vulnerabilities Recommendations International
More informationEnough Entropy? Justify It!
Enough Entropy? Justify It! Yi Mao, Ph.D., CISSP CST Lab Manager atsec information security corp. Email: yi@atsec.com Agenda Before IG 7.14 and IG 7.15 IG 7.14 Entropy Caveats IG 7.15 Entropy Assessment
More informationRandom number generators
s generators Comp Sci 1570 Introduction to Outline s 1 2 s generator s The of a sequence of s or symbols that cannot be reasonably predicted better than by a random chance, usually through a random- generator
More informationEntropy Evaluation for Oscillator-based True Random Number Generators
Entropy Evaluation for Oscillator-based True Random Number Generators Yuan Ma DCS Center Institute of Information Engineering Chinese Academy of Sciences Outline RNG Modeling method Experiment Entropy
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationEntropy Estimation Methods for SW Environments in KCMVP. NSR: Seogchung Seo, Sangwoon Jang Kookmin University: Yewon Kim, Yongjin Yeom
Entropy Estimation Methods for SW Environments in KCMVP NSR: Seogchung Seo, Sangwoon Jang Kookmin University: Yewon Kim, Yongjin Yeom Contents Brief Introduction to KCMVP Entropy Estimation Methods for
More informationThe Quantum Threat to Cybersecurity (for CxOs)
The Quantum Threat to Cybersecurity (for CxOs) Michele Mosca 5 th ETSI-IQC Workshop on Quantum-Safe Cryptography 13 September 2017 What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M.
More informationDan Boneh. Stream ciphers. The One Time Pad
Online Cryptography Course Stream ciphers The One Time Pad Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs (E, D) where E is often randomized. D is always deterministic.
More informationContents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge
Contents Introduction... 3 Quantis TRNG... 3 Quantifying Randomness... 4 Randomness Extractor... 4 Randomness Extraction in the Quantis Software Package... 5 Conclusion... 7 References... 7 ID Quantique
More informationNetwork Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 16/17 Prof. Dr.-Ing. Georg Carle Cornelius Diekmann Version: October
More informationAnalysis of Entropy Usage in Random Number Generators
EXAMENSARBETE INOM DATALOGI OCH DATATEKNIK, AVANCERAD NIVÅ, 30 HP STOCKHOLM, SVERIGE 2017 Analysis of Entropy Usage in Random Number Generators JOEL GÄRTNER KTH SKOLAN FÖR DATAVETENSKAP OCH KOMMUNIKATION
More informationManaging the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016
Managing the quantum risk to cybersecurity Global Risk Institute Michele Mosca 11 April 2016 Cyber technologies are becoming increasingly pervasive. Cybersecurity is a growing and fundamental part of safety
More informationEntropy Extraction in Metastability-based TRNG
Entropy Extraction in Metastability-based TRNG Vikram B. Suresh Dept. of Electrical & Computer Engineering University of Massachusetts Amherst, USA vsuresh@ecs.umass.edu Wayne P. Burleson Dept. of Electrical
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 37 Outline 1 Pseudo-Random Generators and Stream Ciphers 2 More Security Definitions: CPA and CCA 3 Pseudo-Random Functions/Permutations
More informationResearch Article A Novel True Random Number Generator Based on Mouse Movement and a One-Dimensional Chaotic Map
Hindawi Publishing Corporation Mathematical Problems in Engineering Volume 22, Article ID 9382, 9 pages doi:.55/22/9382 Research Article A Novel True Random Number Generator Based on Mouse Movement and
More informationTutorial: Device-independent random number generation. Roger Colbeck University of York
Tutorial: Device-independent random number generation Roger Colbeck University of York Outline Brief motivation of random number generation Discuss what we mean by a random number Discuss some ways of
More informationNetwork Security. Random Numbers. Cornelius Diekmann. Version: November 21, 2015
Network Security Random Numbers Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: November 21, 2015 IN2101, WS 15/16, Network Security 1 Fakulta t fu r
More informationarxiv: v1 [cs.it] 23 Dec 2014
Saving fractional bits: A practical entropy efficient code for fair die rolls BERNHARD ÖMER, CHRISTOPH PACHER arxiv:1412.7407v1 [cs.it] 23 Dec 2014 Digital Safety & Security Department, AIT Austrian Institute
More informationTrue Random Number Generation on FPGA
TRNG Design TRNG Classes Conclusions True Random Number Generation on FPGA Viktor FISCHER and Milos DRUTAROVSKY fischer@univ-st-etienne.fr; milos.drutarovsky@tuke.sk Training School on Trustworthy Manufacturing
More informationQuantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017
Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017 What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M. Mosca New paradigm brings new possibilities Designing
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationReal Randomness with Noise and Chaos
Real Randomness with Noise and Chaos by Kevin Fei working with Professor Rajarshi Roy, Professor Tom Murphy, and Joe Hart Random numbers are instrumental to modern computing. They are used by scientists
More informationLecture 20. Randomness and Monte Carlo. J. Chaudhry. Department of Mathematics and Statistics University of New Mexico
Lecture 20 Randomness and Monte Carlo J. Chaudhry Department of Mathematics and Statistics University of New Mexico J. Chaudhry (UNM) CS 357 1 / 40 What we ll do: Random number generators Monte-Carlo integration
More informationCHAPTER 3 CHAOTIC MAPS BASED PSEUDO RANDOM NUMBER GENERATORS
24 CHAPTER 3 CHAOTIC MAPS BASED PSEUDO RANDOM NUMBER GENERATORS 3.1 INTRODUCTION Pseudo Random Number Generators (PRNGs) are widely used in many applications, such as numerical analysis, probabilistic
More informationSampling exactly from the normal distribution
1 Sampling exactly from the normal distribution Charles Karney charles.karney@sri.com SRI International AofA 2017, Princeton, June 20, 2017 Background: In my day job, I ve needed normal (Gaussian) deviates
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationPassword Cracking: The Effect of Bias on the Average Guesswork of Hash Functions
Password Cracking: The Effect of Bias on the Average Guesswork of Hash Functions Yair Yona, and Suhas Diggavi, Fellow, IEEE Abstract arxiv:608.0232v4 [cs.cr] Jan 207 In this work we analyze the average
More informationTopics in Computer Mathematics
Random Number Generation (Uniform random numbers) Introduction We frequently need some way to generate numbers that are random (by some criteria), especially in computer science. Simulations of natural
More informationAdministrivia. Course Objectives. Overview. Lecture Notes Week markem/cs333/ 2. Staff. 3. Prerequisites. 4. Grading. 1. Theory and application
Administrivia 1. markem/cs333/ 2. Staff 3. Prerequisites 4. Grading Course Objectives 1. Theory and application 2. Benefits 3. Labs TAs Overview 1. What is a computer system? CPU PC ALU System bus Memory
More informationRecommendations and illustrations for the evaluation of photonic random number generators
Recommendations and illustrations for the evaluation of photonic random number generators Joseph D. Hart 1,2, Yuta Terashima 3, Atsushi Uchida 3, Gerald B. Baumgartner 4, Thomas E. Murphy 1,5, and Rajarshi
More informationDevice Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source
Device Independent Randomness Extraction for Arbitrarily Weak Min-Entropy Source Jan Bouda, Marcin Paw lowski, Matej Pivoluska, Martin Plesch 6.6.2014 J. B., M. P. 3 DI Extraction from min-entropy sources
More informationOn Linux Random Number Generator
On Linux Random Number Generator A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science by Tzachy Reinman supervised by Prof. Dahlia Malkhi School of Engineering
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationOn the Security of Election Audits with Low Entropy Randomness
On the Security of Election Audits with Low Entropy Randomness Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 On the Security of Election Audits with Low Entropy Randomness 1 Overview Secure auditing requires
More informationCryptanalysis of the Dual Elliptic Curve Pseudorandom Generator
Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator Berry Schoenmakers and Andrey Sidorenko Dept. of Mathematics and Computer Science, TU Eindhoven, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationA Highly Flexible Lightweight and High Speed True Random Number Generator on FPGA
A Highly Flexible Lightweight and High Speed True Random Number Generator on FPGA Faqiang Mei, Lei Zhang, Chongyan Gu, Yuan Cao 3, Chenghua Wang and Weiqiang Liu College of EIE, Nanjing University of Aeronautics
More informationONLINE TEST BASED ON MUTUAL INFORMATION FOR TRUE RANDOM NUMBER GENERATORS
J. Korean Math. Soc. 50 (2013), No. 4, pp. 879 897 http://dx.doi.org/10.4134/jkms.2013.50.4.879 ONLINE TEST BASED ON MUTUAL INFORMATION FOR TRUE RANDOM NUMBER GENERATORS Young-Sik Kim, Yongjin Yeom, and
More informationPQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel
#RSAC SESSION ID: CRYP-W10 PQ Crypto Panel MODERATOR: Bart Preneel Professor, imec-cosic KU Leuven PANELISTS: Dr. Dan Boneh Professor, Stanford University Michele Mosca Professor, UWaterloo and evolutionq
More informationExperiment 1: The Same or Not The Same?
Experiment 1: The Same or Not The Same? Learning Goals After you finish this lab, you will be able to: 1. Use Logger Pro to collect data and calculate statistics (mean and standard deviation). 2. Explain
More informationQuantum Key Distribution. The Starting Point
Quantum Key Distribution Norbert Lütkenhaus The Starting Point Quantum Mechanics allows Quantum Key Distribution, which can create an unlimited amount of secret key using -a quantum channel -an authenticated
More informationMulti-Map Orbit Hopping Chaotic Stream Cipher
Multi-Map Orbit Hopping Chaotic Stream Cipher Xiaowen Zhang 1, Li Shu 2, Ke Tang 1 Abstract In this paper we propose a multi-map orbit hopping chaotic stream cipher that utilizes the idea of spread spectrum
More informationDATA ENCRYPTION DEVICE USING RADIOACTIVE DECAY AND A HYBRID QUANTUM ENCRYPTION ALGORITM
DATA ENCRYPTION DEVICE USING RADIOACTIVE DECAY AND A HYBRID QUANTUM ENCRYPTION ALGORITM Anthony Kunkel, Karthik Paidi, Dennis Guster, Renat Sultanov, and Erich Rice Department of Information Systems Saint
More informationIntroduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationInformation and Communications Security: Encryption and Information Hiding
Short Course on Information and Communications Security: Encryption and Information Hiding Tuesday, 10 March Friday, 13 March, 2015 Lecture 9: Encryption using Chaos Contents Chaos and Cryptography Iteration
More informationContinuous Machine Learning
Continuous Machine Learning Kostiantyn Bokhan, PhD Project Lead at Samsung R&D Ukraine Kharkiv, October 2016 Agenda ML dev. workflows ML dev. issues ML dev. solutions Continuous machine learning (CML)
More informationLesson One Hundred and Sixty-One Normal Distribution for some Resolution
STUDENT MANUAL ALGEBRA II / LESSON 161 Lesson One Hundred and Sixty-One Normal Distribution for some Resolution Today we re going to continue looking at data sets and how they can be represented in different
More informationAn ultrafast quantum random number generator based on quantum phase fluctuations
An ultrafast quantum random number generator based on quantum phase fluctuations Feihu Xu, Bing Qi, Xiongfeng Ma, He Xu, Haoxuan Zheng, and Hoi-Kwong Lo Center for Quantum Information and Quantum Control,
More informationAIR FORCE INSTITUTE OF TECHNOLOGY
LIMITATIONS OF A TRUE RANDOM NUMBER GENERATOR IN A FIELD PROGRAMMABLE GATE ARRAY THESIS Jennifer L. Brady AFIT/GE/ENG/08-01 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY
More informationHow generative models develop in predictive processing
Faculty of Social Sciences Bachelor Artificial Intelligence Academic year 2016-2017 Date: 18 June 2017 How generative models develop in predictive processing Bachelor s Thesis Artificial Intelligence Author:
More informationIntroduction. Entropy and Security
Truth in Randomness Practical Insights on Randomness, the Nature of the Universe, and Using Ring Oscillators as Entropy Sources for High-Security Applications December 2011 Introduction Most engineers
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationPrevious Exam Questions, Chapter 2
ECE 302: Probabilistic Methods in Electrical and Computer Engineering Instructor: Prof. A. R. Reibman Previous Exam Questions, Chapter 2 Reibman (compiled September 2018) These form a collection of 36
More informationA DPA attack on RSA in CRT mode
A DPA attack on RSA in CRT mode Marc Witteman Riscure, The Netherlands 1 Introduction RSA is the dominant public key cryptographic algorithm, and used in an increasing number of smart card applications.
More informationDPA-Resistance without routing constraints?
Introduction Attack strategy Experimental results Conclusion Introduction Attack strategy Experimental results Conclusion Outline DPA-Resistance without routing constraints? A cautionary note about MDPL
More informationA NEW RANDOM NUMBER GENERATOR USING FIBONACCI SERIES
International J. of Math. Sci. & Engg. Appls. (IJMSEA) ISSN 0973-9424, Vol. 11 No. I (April, 2017), pp. 185-193 A NEW RANDOM NUMBER GENERATOR USING FIBONACCI SERIES KOTTA NAGALAKSHMI RACHANA 1 AND SOUBHIK
More informationALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS
SESSION ID: SP02-R14 ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS Jon Geater Chief Technology Officer Thales esecurity @jongeater Hold onto your hats! This is a very fast-paced
More informationThe quantum threat to cryptography
The quantum threat to cryptography Michele Mosca 8 May 2016 Vienna, Austria Cryptography in the context of quantum computers E. Lucero, D. Mariantoni, and M. Mariantoni Harald Ritsch Y. Colombe/NIST How
More informationWHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION
WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION Based on the discussion during the respective workshop at the ZEISS Symposium Optics in the Quantum World on 18 April 2018 in Oberkochen, Germany
More informationUncertainty in Measurement of Isotope Ratios by Multi-Collector Mass Spectrometry
1 IAEA-CN-184/168 Uncertainty in Measurement of Isotope Ratios by Multi-Collector Mass Spectrometry R. Williams Lawrence Livermore National Laboratory Livermore, California U.S.A. williams141@llnl.gov
More informationSTREAM CIPHER. Chapter - 3
STREAM CIPHER Chapter - 3 S t r e a m C i p h e r P a g e 38 S t r e a m C i p h e r P a g e 39 STREAM CIPHERS Stream cipher is a class of symmetric key algorithm that operates on individual bits or bytes.
More informationOne Weird Trick to Stop Selfish Miners: Fresh Bitcoins, A Solution for the Honest Miner
One Weird Trick to Stop Selfish Miners: Fresh Bitcoins, A Solution for the Honest Miner, University of Applied Sciences mbillah@hs-mittweida.de May 11, 2015 1/ 70 Contents What is Bitcoin What is Mining
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationSlides 3: Random Numbers
Slides 3: Random Numbers We previously considered a few examples of simulating real processes. In order to mimic real randomness of events such as arrival times we considered the use of random numbers
More information1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:
Today: Introduction to the class. Examples of concrete physical attacks on RSA A computational approach to cryptography Pseudorandomness 1 What are Physical Attacks Tampering/Leakage attacks Issue of how
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationGeneration of True Random Numbers using quasi-monte Carlo methods
Generation of True Random Numbers using quasi-monte Carlo methods Ana I Gomez, Domingo Gómez-Pérez, Florian Pausinger Universidad de Cantabria, Queen s University Belfast MCQMC 2018 Ana I Gomez, Domingo
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationThe Dual Elliptic Curve Deterministic RBG
/ The Dual Elliptic Curve Deterministic RBG Background, Specification, Security and Notes Joshua E Hill Department of Mathematics, University of California, Irvine Math C Mathematical Cryptography June,
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationEntropy transfers in the Linux Random Number Generator
Entropy transfers in the Linux Random Number Generator François Goichon, Cédric Lauradoux, Guillaume Salagnac, Thibaut Vuillemin To cite this version: François Goichon, Cédric Lauradoux, Guillaume Salagnac,
More informationFrom Sequential Circuits to Real Computers
1 / 36 From Sequential Circuits to Real Computers Lecturer: Guillaume Beslon Original Author: Lionel Morel Computer Science and Information Technologies - INSA Lyon Fall 2017 2 / 36 Introduction What we
More informationA novel pseudo-random number generator based on discrete chaotic iterations
A novel pseudo-random number generator based on discrete chaotic iterations Qianxue Wang, Christophe Guyeux and Jacques M. Bahi University of Franche-Comte Computer Science Laboratory LIFC, Belfort, France
More informationExamples of frequentist probability include games of chance, sample surveys, and randomized experiments. We will focus on frequentist probability sinc
FPPA-Chapters 13,14 and parts of 16,17, and 18 STATISTICS 50 Richard A. Berk Spring, 1997 May 30, 1997 1 Thinking about Chance People talk about \chance" and \probability" all the time. There are many
More informationEECS 126 Probability and Random Processes University of California, Berkeley: Fall 2014 Kannan Ramchandran September 23, 2014.
EECS 126 Probability and Random Processes University of California, Berkeley: Fall 2014 Kannan Ramchandran September 23, 2014 Midterm Exam 1 Last name First name SID Rules. DO NOT open the exam until instructed
More informationLecture 3: Lower bound on statistically secure encryption, extractors
CS 7880 Graduate Cryptography September, 015 Lecture 3: Lower bound on statistically secure encryption, extractors Lecturer: Daniel Wichs Scribe: Giorgos Zirdelis 1 Topics Covered Statistical Secrecy Randomness
More informationBU CAS CS 538: Cryptography Lecture Notes. Fall itkis/538/
BU CAS CS 538: Cryptography Lecture Notes. Fall 2005. http://www.cs.bu.edu/ itkis/538/ Gene Itkis Boston University Computer Science Dept. Notes for Lectures 3 5: Pseudo-Randomness; PRGs 1 Randomness Randomness
More informationPost Von Neumann Computing
Post Von Neumann Computing Matthias Kaiserswerth Hasler Stiftung (formerly IBM Research) 1 2014 IBM Corporation Foundation Purpose Support information and communication technologies (ICT) to advance Switzerland
More information6.080 / Great Ideas in Theoretical Computer Science Spring 2008
MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationc 2009 Michael Alan Wayne
c 29 Michael Alan Wayne PHOTON ARRIVAL TIME QUANTUM RANDOM NUMBER GENERATION BY MICHAEL ALAN WAYNE B.S., Washington State University, 23 THESIS Submitted in partial fulfillment of the requirements for
More informationCalibration Routine. Store in HDD. Switch "Program Control" Ref 1/ Ref 2 Manual Automatic
4.2 IMPLEMENTATION LABVIEW 4.2.1 LabVIEW features LabVIEW (short for Laboratory Virtual Instrument Engineering Workbench) originally released for the Apple Macintosh in 1986. It is a highly productive
More informationScribe for Lecture #5
CSA E0 235: Cryptography 28 January 2016 Scribe for Lecture #5 Instructor: Dr. Arpita Patra Submitted by: Nidhi Rathi 1 Pseudo-randomness and PRG s We saw that computational security introduces two relaxations
More informationSTAT509: Probability
University of South Carolina August 20, 2014 The Engineering Method and Statistical Thinking The general steps of engineering method are: 1. Develop a clear and concise description of the problem. 2. Identify
More informationB. Maddah ENMG 622 Simulation 11/11/08
B. Maddah ENMG 622 Simulation 11/11/08 Random-Number Generators (Chapter 7, Law) Overview All stochastic simulations need to generate IID uniformly distributed on (0,1), U(0,1), random numbers. 1 f X (
More informationWhy should you care?? Intellectual curiosity. Gambling. Mathematically the same as the ESP decision problem we discussed in Week 4.
I. Probability basics (Sections 4.1 and 4.2) Flip a fair (probability of HEADS is 1/2) coin ten times. What is the probability of getting exactly 5 HEADS? What is the probability of getting exactly 10
More informationA Provably Secure True Random Number Generator with Built-in. Tolerance to Active Attacks
A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks B. Sunar, W. J. Martin, D. R. Stinson {sunar,martin}@wpi.edu Electrical & Computer Engineering Mathematical Sciences
More information