Skip to main content
SpringerLink
Log in
SpringerLink
Log in

The New Randomness Beacon Format Standard: An Exercise in Limiting the Power of a Trusted Third Party

  • Conference paper
  • First Online:
Security Standardisation Research (SSR 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11322))

Included in the following conference series:

Abstract

We discuss the development of a new format for beacons–servers which provide a sequence of digitally signed and hash-chained public random numbers on a fixed schedule. Users of beacons rely on the trustworthiness of the beacon operators. We consider several possible attacks on the users by the beacon operators, and discuss defenses against those attacks that have been incorporated into the new beacon format. We then analyze and quantify the effectiveness of those defenses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    There are other ways to get public random numbers. Many also depend on some trusted third party; others introduce other practical problems–ambiguity about correct values, lack of a fixed schedule, etc. Overall, we believe beacons are the best way to get practical public randomness for real-world applications.

  2. 2.

    The localRandomValue is the locally-produced random value, but the actual random value of the pulse is outputValue–this is what almost any application should use, as discussed below.

  3. 3.

    It’s possible for a beacon to suffer an outage, during which scheduled pulses are not produced. Gaps in a sequence of pulses are reflected in the statusCode of the first pulse produced immediately following an outage.

  4. 4.

    The use of brand or company names does not imply any endorsement on the part of NIST; they are included only to clearly explain how the NIST beacon operates at present.

  5. 5.

    While these are not the only possible ways for a beacon to misbehave, they are the ways that undermine the security guarantees of a beacon service.

  6. 6.

    There must be some lag time between when the random value is generated and when the pulse is output, since the beacon engine must sign its pulse, compute outputValue, and propagate the pulse to the frontend.

  7. 7.

    That system is doing password cracking attacks. Trying to control some bits of the output of the beacon is very similar to password cracking.

  8. 8.

    This might be an outsider who has compromised the beacon engine, or an insider with access to the engine but not the HSM or RSA keys.

  9. 9.

    A skiplist [3] is a data structure for efficiently accessing and maintaining sorted records; the data structure in this section is a cryptographic one using a hash function, which is based loosely on the original skiplist. A hash skiplist bears the same relationship to a skiplist as a Merkle tree does to an ordinary binary tree.

References

  1. 8x Nvidia GTX 1080 Hashcat Benchmarks. Accessed 09 July 2018

    Google Scholar 

  2. Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, 21–24 March 2016, pp. 292–302 (2016). https://doi.org/10.1109/EuroSP.2016.31

  3. Black, P.E.: Skip List. Dictionary of Algorithms and Data Structures. [online], Pieterse, V., Black, P.E. (eds.) https://xlinux.nist.gov/dads/HTML/skiplist.html. Accessed 17 Nov 2017

  4. Cooper, D., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. In: RFC 5280, pp. 1–151 (2008). https://doi.org/10.17487/RFC5280

  5. Laurie, B., Langley, A., Käsper, E.: Certificate transparency. In: RFC 6962, pp. 1–27 (2013). https://doi.org/10.17487/RFC6962

  6. Mell, P., Kelsey, J., Shook, J.M.: Cryptocurrency smart contracts for distributed consensus of public randomness. In: Stabilization, Safety, and Security of Distributed Systems - 19th International Symposium, SSS 2017, Boston, MA, USA, 5–8 November 2017, pp. 410–425 (2017). https://doi.org/10.1007/978-3-319-69084-1_31

    Google Scholar 

  7. Newman, C., Klyne, G.: Date and Time on the Internet: Timestamps. RFC 3339, July 2002. https://doi.org/10.17487/RFC3339. https://rfc-editor.org/rfc/rfc3339.txt

  8. NIST Randomness Beacon (2018). https://www.nist.gov/programs-projects/nist-randomness-beacon. Accessed 09 July 2018

  9. Percival, C., Josefsson, S.: The scrypt password-based key derivation function. In: RFC 7914, pp. 1–16 (2016). https://doi.org/10.17487/RFC7914

  10. Powerball. https://www.powerball.com/games/home. Accessed 19 Sep 2018

  11. Rabin, M.O.: Transaction protection by beacons. J. Comput. Syst. Sci. 27(2), 256–267 (1983). https://doi.org/10.1016/0022-0000(83)90042-9

    Article  MathSciNet  MATH  Google Scholar 

  12. Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. Technical report Cambridge, MA, USA (1996)

    Google Scholar 

  13. Schelling, T.C.: The Strategy of Conflict. Oxford University Press, Oxford (1960)

    MATH  Google Scholar 

  14. National Institute of Standards and Technology. FIPS 180–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180–4. Technical report. Department of Commerce (2015). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

  15. National Institute of Standards and Technology. FIPS 186–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 186–4 Digital Signature Standard (DSS. Technical report Department of Commerce (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  16. Szabo, N.: Trusted Third Parties are Security Holes (2001). Accessed 09 July 2018

    Google Scholar 

  17. Wikipedia contributors. Dow Jones Industrial Average—Wikipedia, The Free Encyclopedia (2018). https://en.wikipedia.org/w/index.php?title=Dow_Jones_Industrial_Average&oldid=860019957. Accessed 19 Sep 2018

Download references

Acknowledgements

The author would like to thank René Peralta, Luís Brandão, Harold Bloom, Paul Black, Carl Miller, and the participants of the Vail Computer Elements Workshop and COSIC Seminar, for many useful comments, questions and conversations about this work. The author would also like to thank the anonymous referees, for many useful comments and requests for clarification.

Author information

Authors and Affiliations

  1. National Institute of Standards and Technology, Gaithersburg, MD, USA

    John Kelsey

  2. Department of Electrical Engineering, ESAT/COSIC, KU Leuven, Leuven, Belgium

    John Kelsey

Authors
  1. John Kelsey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John Kelsey .

Editor information

Editors and Affiliations

  1. CISPA-Helmholtz-Zentrum (i.G.), SaarbrĂĽcken, Germany

    Cas Cremers

  2. IBM Research Zurich, RĂĽschlikon, Switzerland

    Anja Lehmann

Rights and permissions

Reprints and permissions

Copyright information

© 2018 This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kelsey, J. (2018). The New Randomness Beacon Format Standard: An Exercise in Limiting the Power of a Trusted Third Party. In: Cremers, C., Lehmann, A. (eds) Security Standardisation Research. SSR 2018. Lecture Notes in Computer Science(), vol 11322. Springer, Cham. https://doi.org/10.1007/978-3-030-04762-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04762-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04761-0

  • Online ISBN: 978-3-030-04762-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation