Abstract
Estimating entropy of randomness sources is a task of critical importance in the context of true random number generators, as feeding cryptographic applications with insufficient entropy is a serious real-world security risk. The challenge is to maximize accuracy and confidence under certain data models and resources constraints.
In this paper we analyze the performance of a simple collision-counting estimator, under the assumption that source outputs are independent but their distribution can change due to adversarial influences.
For n samples and confidence \(1-\epsilon \) we achieve the following features
-
(a)
Efficiency: reads the stream in one-pass and uses constant memory (forward-only mode)
-
(b)
Accuracy: estimates the amount of extractable bits with a relative error \(O(n^{-\frac{1}{2}}\log (1/\epsilon ))\) per sample, when the source outputs are i.i.d.
-
(c)
Robustness: the same error when the source outputs are independent but the distribution changes up to \(t = O(n^{\frac{1}{2}})\) times during runtime
We demonstrate that the estimator is accurate enough to adjust post-processing components dynamically, estimating entropy on the fly instead investigating it off-line. Our work thus continues the line of research on “testable random number generators” (originated by Bucii and Luzzi at CHES’05) combining it with the robustness against source changes (originated by Barak et al. at CHES’03).
Keywords
A full and updated version is available at ePrint (Report 2016/272).
M. Skorski—Supported by the National Science Center, Poland (2015/17/N/ST6/03564).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Which means closeness in the variational distance (distance \(\epsilon \) smaller than \(2^{-80}\) for practical applications).
- 2.
Sometimes called also the conditioning component [TBK+], or an extractor in the theoretical literature.
References
Ash, R.B.: Information Theory. Dover Publications, New York (1990)
Bouda, J., Krhovjak, J., Matyas, V., Svenda, P.: Towards true random number generation in mobile environments. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 179–189. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04766-4_13
Bucci, M., Luzzi, R.: Design of testable random bit generators. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 147–156. Springer, Heidelberg (2005). doi:10.1007/11545262_11
Bedekar, N., Shee, C.: A novel approach to true random number generation in wearable computing environments using MEMS sensors. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 530–546. Springer, Cham (2015). doi:10.1007/978-3-319-16745-9_29
Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_14
Cachin, C.: Smooth entropy and Rényi entropy. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 193–208. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_14
Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23(4), 493–507 (1952)
de Raadt, T., Hallqvist, N., Grabowski, A., Keromytis, A.D., Provos, N.: Cryptography in OpenBSD: an overview. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 1999, p. 33. USENIX Association, Berkeley (1999)
Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 371–385. IEEE Computer Society, Washington, DC (2006)
Haahr, M.: random.org homepage. Online; Accessed 01 Jul 2016
Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
Holenstein, T.: Pseudorandom generators from one-way functions: a simple construction for any hardness. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 443–461. Springer, Heidelberg (2006). doi:10.1007/11681878_23
Jun, B., Kocher, P.: The intel random number generator, white paper prepared for Intel corporation (1999)
Kaplan, D., Kedmi, S., Hay, R., Dayan, A.: Attacking the linux prng on android: weaknesses in seeding of entropic pools and low boot-time entropy. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014). USENIX Association, San Diego (2014)
Lauradoux, C., Ponge, J., Röck, A.: Online Entropy Estimation for Non-Binary Sources and Applications on iPhone. Rapport de recherche, Inria, June 2011
Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited. Cryptology ePrint Archive, Report 2012/251 (2012). http://eprint.iacr.org/
Maurer, U.: A universal statistical test for random bit generators. J. Cryptology 5, 89–105 (1992)
Renner, R., Wolf, S.: Simple and tight bounds for information reconciliation and privacy amplification. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 199–216. Springer, Heidelberg (2005). doi:10.1007/11593447_11
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Techn. J. 27 (1948)
Shaltiel, R.: An introduction to randomness extractors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 21–41. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22012-8_2
Skórski, M.: Evaluating entropy sources for true random number generators by collision counting. In: Batten, L., Li, G. (eds.) ATIS 2016. CCIS, vol. 651, pp. 69–80. Springer, Singapore (2016). doi:10.1007/978-981-10-2741-3_6
Sunar, B.: True random number generators for cryptography. In: Koç, Ç.K. (ed.) Cryptographic Engineering, pp. 55–73. Springer, US (2009) (English)
Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.:
von Neumann, J.: Various techniques used in connection with random digits. J. Res. Nat. Bur. Stand. 12, 36–38 (1951)
Voris, J., Saxena, N., Halevi, T.: Accelerometers and randomness: perfect together. In: WiSec 2011, pp. 115–126. ACM (2011)
Walker, J.: Hotbits homepage. Accessed 01 Jul 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Inefficiency of Plugin Estimators
A Inefficiency of Plugin Estimators
Let X be an m-bit distribution. Suppose that we want to estimate \(\mathbf {P}_X\) from i.i.d samples \(X_1,\ldots ,X_n\), and use this estimate in the entropy formula. Let \(\hat{X}\) be the random variable corresponding to the empirical distribution of n samples, that is
We want to use the estimate
Consider the case when X is uniform. Suppose that we want the absolute error to be at most \(\gamma \), that is
According to the min-entropy definition, this means that
which is equivalent to
In particular,
This means that we need to estimate the probability mass function \(\mathbf {P}_X(x)\) up to a relative error \(\delta = 2^{\gamma }-1\). According to the Chernoff Bound, with fixed x and n samples we get the error probability \(\exp (-3\mathbf {P}_X(x)\delta ^2) \leqslant \exp (-3\cdot n 2^{-m}\delta ^2)\) for some c. Thus, to get the error term below \(\epsilon \), we need \(\delta =O\left( \sqrt{2^{m}\log (1/\epsilon ) / 3n}\right) \). Even for a pretty weak bound \(\gamma =1\) (an error of 1 bit) we need \(\delta = 1\) which means \(n > 2^{m}\log (1/\epsilon )/3\) samples.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Skorski, M. (2017). Evaluating Entropy for True Random Number Generators: Efficient, Robust and Provably Secure. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-54705-3_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54704-6
Online ISBN: 978-3-319-54705-3
eBook Packages: Computer ScienceComputer Science (R0)