4

I read about pseudo random number generators and there were certain demands on which "underlying hash function" and "underlying block cipher" to use. What role do hashing algorithms and block ciphers play in random number generation?

JFB
  • 1,685
  • 3
  • 13
  • 11
  • The answer to the question [How securely random is Oracle's java.security.SecureRandom](https://security.stackexchange.com/questions/47871/how-securely-random-is-oracles-java-security-securerandom) describes an example of a cryptographically secure PRNG built around the SHA-1 hash function. – Philipp Jan 25 '18 at 13:19
  • the output of both is uniformly distributed and not thought to be reversible. – dandavis Jan 26 '18 at 20:06
  • None. Symmetric, asymmetric and hashing algorithms depend on the randomness of a RNG. See NIST SP 8OO-22 for a test suite on how to determine if a sequence of bits random and additional information. – jas- May 25 '18 at 15:28

2 Answers2

2

Hash functions are often used as a mixing function to take potentially-biased input data and transform it in a way such that those biases are highly unlikely to negatively impact the quality of the system's RNG state. This is useful when you're trying to accumulate entropy from sources that might only contain partial randomness, and some of the data may possibly be influenced by an attacker. As long as any of the input bits are unknown and unpredictable, the output bits from the hash will retain that unpredictability.

Symmetric ciphers are often used to produce DRBGs - deterministic random bit generators. By configuring a cipher such as AES or RC4 as a stream cipher with a secret seed value as the key, the output of the cipher becomes a cryptographically secure random bit generator. This is useful in cases where you need repeatable but secure random numbers, e.g. where two systems both need to produce the same stream of random numbers but the randomness needs to be secure.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
0

When you need a cryptographically secure pseudorandom number generator (one where you can not predict the output from previous output), then a common method is to reuse a different cryptographic primitive.

A common pattern is to use a hash or encryption algorithm and constantly feed its output back into it as input.

When you use an encryption algorithm with a secret key, you can use the complete output of each round as pseudorandom numbers. When you use a hash algorithm, you either only use a part of it or you add a secret salt value to every hash-round.

Philipp
  • 48,867
  • 8
  • 127
  • 157