Abstract
We discuss the development of a new format for beacons–servers which provide a sequence of digitally signed and hash-chained public random numbers on a fixed schedule. Users of beacons rely on the trustworthiness of the beacon operators. We consider several possible attacks on the users by the beacon operators, and discuss defenses against those attacks that have been incorporated into the new beacon format. We then analyze and quantify the effectiveness of those defenses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There are other ways to get public random numbers. Many also depend on some trusted third party; others introduce other practical problems–ambiguity about correct values, lack of a fixed schedule, etc. Overall, we believe beacons are the best way to get practical public randomness for real-world applications.
- 2.
The localRandomValue is the locally-produced random value, but the actual random value of the pulse is outputValue–this is what almost any application should use, as discussed below.
- 3.
It’s possible for a beacon to suffer an outage, during which scheduled pulses are not produced. Gaps in a sequence of pulses are reflected in the statusCode of the first pulse produced immediately following an outage.
- 4.
The use of brand or company names does not imply any endorsement on the part of NIST; they are included only to clearly explain how the NIST beacon operates at present.
- 5.
While these are not the only possible ways for a beacon to misbehave, they are the ways that undermine the security guarantees of a beacon service.
- 6.
There must be some lag time between when the random value is generated and when the pulse is output, since the beacon engine must sign its pulse, compute outputValue, and propagate the pulse to the frontend.
- 7.
That system is doing password cracking attacks. Trying to control some bits of the output of the beacon is very similar to password cracking.
- 8.
This might be an outsider who has compromised the beacon engine, or an insider with access to the engine but not the HSM or RSA keys.
- 9.
A skiplist [3] is a data structure for efficiently accessing and maintaining sorted records; the data structure in this section is a cryptographic one using a hash function, which is based loosely on the original skiplist. A hash skiplist bears the same relationship to a skiplist as a Merkle tree does to an ordinary binary tree.
References
8x Nvidia GTX 1080 Hashcat Benchmarks. Accessed 09 July 2018
Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, 21–24 March 2016, pp. 292–302 (2016). https://doi.org/10.1109/EuroSP.2016.31
Black, P.E.: Skip List. Dictionary of Algorithms and Data Structures. [online], Pieterse, V., Black, P.E. (eds.) https://xlinux.nist.gov/dads/HTML/skiplist.html. Accessed 17 Nov 2017
Cooper, D., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. In: RFC 5280, pp. 1–151 (2008). https://doi.org/10.17487/RFC5280
Laurie, B., Langley, A., Käsper, E.: Certificate transparency. In: RFC 6962, pp. 1–27 (2013). https://doi.org/10.17487/RFC6962
Mell, P., Kelsey, J., Shook, J.M.: Cryptocurrency smart contracts for distributed consensus of public randomness. In: Stabilization, Safety, and Security of Distributed Systems - 19th International Symposium, SSS 2017, Boston, MA, USA, 5–8 November 2017, pp. 410–425 (2017). https://doi.org/10.1007/978-3-319-69084-1_31
Newman, C., Klyne, G.: Date and Time on the Internet: Timestamps. RFC 3339, July 2002. https://doi.org/10.17487/RFC3339. https://rfc-editor.org/rfc/rfc3339.txt
NIST Randomness Beacon (2018). https://www.nist.gov/programs-projects/nist-randomness-beacon. Accessed 09 July 2018
Percival, C., Josefsson, S.: The scrypt password-based key derivation function. In: RFC 7914, pp. 1–16 (2016). https://doi.org/10.17487/RFC7914
Powerball. https://www.powerball.com/games/home. Accessed 19 Sep 2018
Rabin, M.O.: Transaction protection by beacons. J. Comput. Syst. Sci. 27(2), 256–267 (1983). https://doi.org/10.1016/0022-0000(83)90042-9
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. Technical report Cambridge, MA, USA (1996)
Schelling, T.C.: The Strategy of Conflict. Oxford University Press, Oxford (1960)
National Institute of Standards and Technology. FIPS 180–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180–4. Technical report. Department of Commerce (2015). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
National Institute of Standards and Technology. FIPS 186–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 186–4 Digital Signature Standard (DSS. Technical report Department of Commerce (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
Szabo, N.: Trusted Third Parties are Security Holes (2001). Accessed 09 July 2018
Wikipedia contributors. Dow Jones Industrial Average—Wikipedia, The Free Encyclopedia (2018). https://en.wikipedia.org/w/index.php?title=Dow_Jones_Industrial_Average&oldid=860019957. Accessed 19 Sep 2018
Acknowledgements
The author would like to thank RenĂ© Peralta, LuĂs BrandĂŁo, Harold Bloom, Paul Black, Carl Miller, and the participants of the Vail Computer Elements Workshop and COSIC Seminar, for many useful comments, questions and conversations about this work. The author would also like to thank the anonymous referees, for many useful comments and requests for clarification.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply
About this paper
Cite this paper
Kelsey, J. (2018). The New Randomness Beacon Format Standard: An Exercise in Limiting the Power of a Trusted Third Party. In: Cremers, C., Lehmann, A. (eds) Security Standardisation Research. SSR 2018. Lecture Notes in Computer Science(), vol 11322. Springer, Cham. https://doi.org/10.1007/978-3-030-04762-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-04762-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04761-0
Online ISBN: 978-3-030-04762-7
eBook Packages: Computer ScienceComputer Science (R0)