2009 Iteratioal Coferece o Computer Egieerig ad Applicatios IPCSIT vol.2 (2011) (2011) IACSIT Press, Sigapore Radomess Aalysis of Pseudoradom Bit Sequeces Rashidah Kadir 1+ ad Mohd Aizaii Maarof Faculty of Computer Sciece ad Iformatio Systems, Uiversiti Tekologi Malaysia, Johor, MALAYSIA Abstract. May users applied built-i radom geerator for their cryptography applicatios which is simple ad fast. However, the radomess of geerated pseudoradom umbers (PRNs) is uder questioed whether it ca support the reliable security i secure commuicatio. I this paper, we examied two kids of pseudoradom bit sequece (PRBS); covetioal PRBS ad chaos-based PRBS. Liear Cogruetial method, Marsaglia s Ziggurat algorithm ad Mersee Twister method are used to geerate the former, ad the latter is produced usig chebychev map, logistic map ad sawtooth-like map. To verify the radomess of the PRBS, the stadard statistical test FIPS140-2 is performed. Overall four tests ivolved amely moobit, poker, rus ad log rus. The results have bee compared ad aalysed betwee covetioal PRBS ad chaos-based PRBS o their reliability as ecryptio key. Keywords: radom umber geeratio, chaos, PRNG, PRBS, chaos-based PRNG, radomess test 1. Itroductio Radom bit geerators have bee widely employed i may electroic equipmet [1] ad several applicatios such as statistical samplig, computer simulatio ad cryptography [2,3]. I this paper, we cocetrate o radom umber geeratio i cryptography which required for producig key. The security level of cryptographic system depeds o the radom umber geerators features of upredictable ad ulimited period [4]. Good cryptography requires good radom umbers. Iadequate source of radomess ca compromise the strogest cryptographic protocol ad applicatio. There are two kids of the radom umber geerator (RNG): truly radom (TRNG) ad pseudoradom (PRNG). The TRNGs are very upredictable but difficult to hadle because it s too sesitive to the chagig eviromet. As a result, TRNGs are ucotrollable ad ot suitable for those applicatios demaded strogly stable radomess quality. PRNG is widely used method improvig the cotrollability of radom umber. The PRNG ca be implemeted through software or hardware. For hardware implemetatio, LFSR is the most popular [1,5-8]. It advatages deped o simple implemetatio ad high speed performace. However, it has poor security i terms of violability. For software implemetatio, most of users applied built-i radom geerator for their applicatios which is simple ad fast. However, the radomess of geerated pseudoradom umbers is claimed ot secure eough to be used for cryptography. Over the past decades, chaos-based pseudoradom geerator is seemed promisig. Due to some iterestig characteristics of chaos, such as sesitivity to iitial coditios, ergodicity, ustable periodic orbits with log periods ad radom-like behavior, chaotic systems may appear to be good sources of radomess. This paper is orgaized as follows. Sectio 2 presets the pseudoradom umber geerator related works. Sectio 3 describes the process of pseudoradom bit sequece geeratio ad the radomess test. I Sectio 4, the radomess test is performed o PRBS geerated ad the results are aalyzed i detail. Fially, Sectio 5 some coclusio are draw ad future work is discussed. + Correspodig author. Tel.: + 607-5532244; fax: +607-5565044. E-mail address: rashidah@utm.my 390
2. Pseudoradom Number Geerator May methods have bee used for geeratig pseudoradom sequece i may applicatios. However, most of the pseudoradom umber geerators (PRNGs) are claimed isecure. As poited out i [9], a good pseudoradom bit sequece (PRBS) should at least satisfy the followig cryptographic properties: 1) balace o {0, 1}; 2) high liear complexity approximately to half of sequece period; 3) log period; 4) d-like autocorrelatio, early zero cross-correlatio; 5) passig empirical statistical test (or radomess test). 2.1. Covetioal PRNG A Liear Cogruetial Geerator (LCG) represets oe of the oldest ad best-kow pseudoradom umber geerators which is easy to uderstad, ad they are easily implemeted ad fast. It is the basis for may of the radom umber geerators i use today. Startig with a iitial value, x 0 the liear cogruetial method uses the followig formula: x +1 = (ax + c) mod m (1) Most commo pseudo radom umber geerators (PRNG) implemeted i stadard libraries such as C/C++, use the LCG but with differet parameters. Table 1 shows the list of parameters of LCGs i various compilers. However, LCGs are ot recommeded to be used i cryptography, or ay other purposes which require higher degrees of radomess [10-12]. TABLE I. THE PARAMETER OF LCGS IN COMMON USE Compiler Parameter rad() i Visual C++, a=214013,c=2531011, m=4294967296 rad() i Matlab a=16807, c=0,m= 2147483647 Kuth [13] a= 16807; c=0; m=2147483647; Aother pseudoradom geerator is Mersee Twister method that based o a matrix liear recurrece over a fiite biary field F2, It developed by Makoto Matsumoto ad Takuji Nishimura [14]. If higher quality radom umbers are eeded, ad sufficiet memory is available, the the Mersee Twister algorithm is a preferred choice. A commo Mersee twister implemetatio, iterestigly eough, uses a LCG to geerate seed data. A Marsaglia Ziggurat algorithm is specifically desiged to produce floatigpoit values. The ziggurat algorithm is more complex to implemet ad requires precomputed tables, so it is best used whe large umbers of radom values are required [15]. 2.2. Chaos-based PRNG Easy realizatio ad tight relatioship with cryptography makes chaos as a suitable choice for pseudoradom umber geerators i cryptography area such as multimedia ecryptio. Pseudoradom umbers are produced usig simple mathematical equatio that iteratively ru called chaotic map. May chaos-based PRBG employed chaotic map such as logistic [16-18], chebyshev [19], sawtooth-like [20], H eo [21], skew tet [22-23]; have bee widely used for geeratio of the bit sequeces. sawtooth-like map 1.2 1 x() 0.8 0.6 0.4 0.2 0 1 11 21 31 41 x(0)=0.50001 x(0)=0.50002 Fig. 1: Two evolutio curves of the sawtooth-like map with slight differece i the iitial coditio (0.50001 ad 0.50002). Compared to covetioal PRBG, chaotic systems have a very sesitive depedece o their iitial. This sesitive depedece is show i Fig. 1. After a few iteratios, the two iterative sequeces are completely differet. Thus, there are eormous umbers of chaotic pseudoradom sequeces that satisfy the 391
requiremets of cryptography [24]. Parameters ad iitial value of chaotic maps also ca be used as a ecryptio key. 3. Empirical Test For the radomess aalysis of a pseudoradom umber geerator, we adopted the strategy illustrated i Fig. 2. Stage 1: Selectio of a geerator Stage 2: Biary sequece geeratio Stage 3: Perform the radomess test Stage 5: Pass or fail the assigmet Stage 4: Aalyse the results Fig. 2 : The strategies for the radomess aalysis 3.1. Geeratig PRBS Selectio of PRBG ad biary sequece geeratio are two processes ivolved i PRBS geeratio. I this paper we select three PRBG for covetioal PRBS ad chaotic PRBS. For covetioal PRBS, we implemet Liear Cogruetial method, Mersee Twister method ad Marsaglia s Ziggurat algorithm which have bee implemeted usig built-i fuctio rad() i Matlab ad Visual C++. As metioed earlier, we produce chaotic-prbs based o three chaotic maps. They are chebychev map, logistic map ad sawtooth-like map. The logistic map ca be deoted by the followig equatio: x+ 1 = μ x (1 x ) (2) where, x 0 is the iitial state, ad x 0 [0,1) ; μ is a cryptographic key, x is a radom umber geerated by the radom umber geerator, ad x +1 is a iterated result. Here, we select μ = 4, where the logistic map is chaotic [17, 21]. The sawtooth-like map ca be expressed as equatio here: x + 1 = cx mod1 (3) The chebychev map which is employed as follow: x + 1 = cos(4 arccos( x )) 1 x 1 (4) After iteratios, a pseudoradom umber x is obtaied. I order to costruct a bit sequece, the pseudoradom umber geerated is coverted to 0 ad 1 usig the followig tossig coi formula: 0 ifx < 0.5 b = (5) 1 ifx 0.5 Fially a bit sequece B = {b 1, b 2, b 3, b } is produced. 3.2. The Radomess Test To verify the radomess of pseudoradom bit sequeces, we apply the stadard radomess test FIPS 140-2 [25]. Ay PRBS ca be claimed as a good PRBS if passed all the tests specified. For aalysis purposes, the radomess test has bee performed which cosist of four tests. A sigle bit sequece of 20,000 cosecutive bits of output from the geerator is subjected to each of the followig tests: The Moobit Test: I this test, the umber of oes is couted ad deotes this quatity by x. The test is cosidered pass if 9,654 < x < 10,346. The Poker Test: We divide 20,000 bit sequece ito 5,000 cotiguous 4 bit segmets. The umber of occurreces of each of the 16 possible 4 bit values is couted ad stored. Deote f(i) as the umber of each 4 bit value i where 0 < i < 15. The, we evaluate the followig: x = (16/5000) * ( [f(i)] 2 )-5000 (6) The test is passed if 1.03 < x < 57.4. The Rus Test. A ru is defied as a maximal sequece of cosecutive bits of either all oes or all zeros, which is part of the 20,000 bit stream. The icideces of rus of all legths should be couted ad stored. 392
The test is passed if the umber of rus that occur is each withi the specified iterval as stated i Table II. TABLE II. VALIDITY INTERVAL OF THE RUN TEST Ru legth Required Iterval 1 2,267-2,733 2 1,079-1,421 3 502-748 4 223-402 5 90-223 6 90-223 The Log Rus Test: A log ru is a ru that formed by 0 or 1 with legth 34 or more. The test is passed if there are o log rus o the 20,000 cosecutive bits. 4. Result ad Aalysis I this sectio, we preset the testig result of the covetioal PRBS ad chaotic-based PRBS. Table III shows the output of the radomess test that performed o covetioal PRBS. Two differet results of Liear cogruetial method are obtaied. As metioed earlier, it relies to the parameter settig of built-i PRBG implemeted i the compiler Visual C++ ad Matlab respectively. However, both passed the radomess test followed by Twister ad Marsaglia method. TABLE III. RANDOMNESS TEST OF THE CONVENTIONAL PRBS TABLE IV. RANDOMNESS TEST OF THE CHAOS-BASED PRBS Method Moobit Poker Rus r=1 r=2 r=3 r=4 r=5 r>=6 Log rus LCG 9831 16.10 2536 1240 626 312 144 136 Noe LCG 9978 14.96 2464 1232 631 331 138 162 Noe Twister 10129 10.84 2549 1207 628 330 169 161 Noe Marsaglia 9887 16.36 2516 1269 630 297 156 144 Noe Chaotic map Moobit Poker Rus r=1 r=2 r=3 r=4 r=5 r>=6 Log rus Chebychev 6685 2429.70 1666 1278 824 530 315 405 Noe Logistic 9867 22.33 2549 1239 625 300 139 153 Noe Sawtoothlike 9853 30.11 2391 1210 601 303 163 173 Noe As compariso, the same radomess test was repeated o the chaos-based PRBS usig chebychev map, logistic map ad sawtooth-like map. The results of statistical test are depicted i Table IV. Uexpectedly, the PRBS based o chebychev map does ot satisfy three tests except the log ru test. The results of the log ru test show that there are NO log rus i all four pseudoradom umbers. Thus, all methods ad fuctios have passed the Log rus test. 5. Coclusio All the pseudoradom sequeces geerated i this paper passed the radomess test, FIPS PUB 140-2 test except PRBS geerated usig chebychev map. Thus, the aalysis results show that covetioal PRBG ad chaotic PRBG able to geerate a good pseudoradom bit sequece for ecryptio key. I additio, chaotic PRBGs are better for multiple key geeratios which slightly differece i their iitial value will results completely differece set of pseudoradom umbers. A further study ca be carried out o other 2-D, 3-D ad discrete chaotic-based pseudoradom bit sequece that possible to geerate secure PRBS. 6. Ackowledgemets This research is partially supported by Miistry of Higher Educatio, Malaysia. Our thaks also to MOSTI ad Uiversiti Tekologi Malaysia. 7. Refereces [1] R. Mita, G. Palumbo, S. Peisi, ad M. Poli. A ovel pseudo radom bit geerator for cryptography applicatios. Proc. It. Cof. o Electroics, Circuits ad Systems. 2002, vol. 2, pp. 489-492. [2] W. Stalligs. Cryptography ad Network Security Priciples ad Practices. Third Editio, Pretice Hall, 2003. 393
[3] N. Ruggeri. Priciples of Pseudo-Radom Number Geeratio i Cryptography, VIGRE Program, The Uiversity of Chicago, August 2006. Available olie at http://www.math.uchicago.edu/~may/ VIGRE/VIGRE2006/PAPERS/Ruggeri.pdf [4] Y. L. Chug,, S. C Jiug, Y. C. Tsi. A chaos-based pseudo radom umber geerator usig timig-based reseedig method. Proc. IEEE Iteratioal Symposium o Circuits ad Systems, ISCAS 2006., 2006, vol. o. 4, pp.-3280. [5] P. Alfke. Efficiet Shift Register, LFSR Couters, ad Log Pseudo-Radom Sequece Geerators. Xilix Applicatio Note, 1996. [6] D. Kay, S. Mourad. Cotrollable LFSR for BIST. Proc. Itrumetatio ad Measuremet Techology Coferece, 2000, pp. 223-228. [7] H. L.Bi, H. S.Shao, W. W.Cheg. A fast sigature computatio algorithm for LFSR ad MISR, IEEE Tras. CAD of It. Circuits ad Systems. 2000, 19 (9): 1031-1040. [8] M. Y. Seug, O. J. Seoug,, M. K. Sug. Low cost ad high efficiecy BIST scheme with 2-level LFSR ad ATPT. Proc. IEEE It. Symp. Circuits ad Systems. 2001, vol. 4, pp. 1-4. [9] X. Wag, J. Zhag, Y. Fa ad W. Zhag. Chaotic Pseudoradom Bit Geerator Usig -dimesioal Noliear Digital Filter. Proc. It. Cof. o Commuicatio Techology(ICCT '06). 2006, pp. 1-4, 27-30. [10] Haldir. How to crack a Liear Cogruetial Geerator. The Reverse Egieerig Team, December 2004. Available olie at http://www.reteam.org/papers/ e59.pdf [11] B. Scheier. Applied Cryptography Protocols, algorithms, ad souce code i C. Joh Wiley & Sos, Ic., New York, secod editio, 1996. [12] C. Moler, Numerical Computig with MATLAB,Electroic editio: The MathWorks, Ic., Natick, MA, 2004. Available olie at http://www.mathworks.com/moler. Prit editio: SIAM, Philadelphia, 2004. [13] D. E. Kuth, Semiumerical Algorithms, 3rd editio, vol. 2 of: The Art of Computer Programmig, Addiso- Wesley, Readig, MA (1998). [14] M. Matsumoto ad T. Nishimura, Mersee Twister Home Page, Available at http://www.math.sci.hiroshimau.ac.jp/~m-mat/mt/emt.html [15] G. Marsaglia ad W. W. Tsag, The ziggurat method for geeratig radom variables, Joural of Statistical Software. 2000, 5: 1-7. Available olie at http://www.jstatsoft.org/v05/i08 [16] W. Zhag, J. Peg, H. Q. Yag. A digital image ecryptio scheme based o the hybrid of cellular eural etwork ad logistic map. LNCS 3497, 2005, pp. 860-867. [17] N. S. Philip ad K. B. Joseph. Chaos for stream cipher. Cryptography ad Security, arxiv:li.cd/0102012 v1,16 Feb.2001. [Olie]. Available olie at http://arxiv.org/abs/cs.cr/0102012. [18] S. C. Phatak ad S. S. Rao. Logistic map: a possible radom-umber geerator. Physical Review E. 1995, 51 (4): 3670-3678. [19] X. F. Liao, X. M. Li, J. Peg, et al., A digital secure image commuicatio scheme based o the chaotic Chebyshev map, It. J. Commu. System. 2004, 17 (5): 437-445. [20] H. Jia, Y. Mao ad Z. Wag. A Novel Chaos-Based Video Ecryptio Algorithm. Proc. of Trim Size: 9i x 6i, 2004. [21] D. Erdma ad S. Murphy, H eo stream cipher, Electro. Letter. 1992, 28 (9): 893-895. [22] S. Lia, G. Che, A. Cheug, Z. Wag. A chaotic-eural-etwork-based-ecryptio algorithm for JPEG2000 ecoded images. Proc. ISNN 2004-II. LNCS 3174, 2004, pp. 627 632. [23] M. K. Kha ad J. S. Zhag. Ivestigatio o pseudoradom properties of chaotic stream cipher. Proc. IEEE Iteratioal Coferece o Egieerig of Itelliget Systems, 2006, pp. 1-5. [24] J. Peg, X. F. Liao, ad Z. Wu. Digital image secure commuicatio usig Chebyshev map sequeces. Proc. IEEE It. Coferece o Comm., Circuits ad Systems ad West Sio Expositios (ICCCS 2002), 2002, pp. 492 496. [25] Natioal Istitute of Stadard ad Techology, Security Requiremets for Cryptographic Modules, FIPS PUB 140-2, May 2001. 394