Randomness Tests in Hostile Environments

Martin Goll; Shay Gueron

doi:10.1109/TDSC.2016.2537799

Randomness Tests in Hostile Environments

Martin Goll
, Shay Gueron

Department of Mathematics

University of Haifa

Research output: Contribution to journal › Article › peer-review

Abstract

An acceptable way to assess the quality of an RNG (PRNG) is to apply a standard battery of statistical randomness tests to a sampled output. Such tests compare some observed properties of the sample to properties of a uniform distribution, with the hope to detect deviations from the expected behavior. Consider a (P)RNG that outputs M -bit values which, due to a failure or an attack, are coerced to a subset of {0, 1}^M of only 2ⁿ elements, for some n < M. Such outputs are predictable with a probability of at least 2^-n > 2^-M, but the standard randomness tests do not necessarily detect this behavior. We show here deterministic M-bit sequences (M = 128) that belong to a subset of size 2ⁿ, but pass the DIEHARD Battery of Tests of Randomness [1] and the NIST Statistical Test Suite [2], even with a relatively small value of n = 29. To address the difficulty, we propose a detection method that is feasible even for large values of n (e.g., n = 64). As a practical example, we apply our method to rule out the existence of the speculative stealthy hardware Trojan that is discussed in [3].

Original language	American English
Pages (from-to)	289-294
Number of pages	6
Journal	IEEE Transactions on Dependable and Secure Computing
Volume	15
Issue number	2
DOIs	https://doi.org/10.1109/TDSC.2016.2537799
State	Published - 2016

Keywords

Error-checking
random number generation
statistical computing
testing strategies

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/TDSC.2016.2537799

Cite this

@article{8c356e635c5048c1b576a540878f7901,

title = "Randomness Tests in Hostile Environments",

abstract = "An acceptable way to assess the quality of an RNG (PRNG) is to apply a standard battery of statistical randomness tests to a sampled output. Such tests compare some observed properties of the sample to properties of a uniform distribution, with the hope to detect deviations from the expected behavior. Consider a (P)RNG that outputs M -bit values which, due to a failure or an attack, are coerced to a subset of \{0, 1\}M of only 2n elements, for some n < M. Such outputs are predictable with a probability of at least 2-n > 2-M, but the standard randomness tests do not necessarily detect this behavior. We show here deterministic M-bit sequences (M = 128) that belong to a subset of size 2n, but pass the DIEHARD Battery of Tests of Randomness [1] and the NIST Statistical Test Suite [2], even with a relatively small value of n = 29. To address the difficulty, we propose a detection method that is feasible even for large values of n (e.g., n = 64). As a practical example, we apply our method to rule out the existence of the speculative stealthy hardware Trojan that is discussed in [3].",

keywords = "Error-checking, random number generation, statistical computing, testing strategies",

author = "Martin Goll and Shay Gueron",

note = "Funding Information: The authors thank Georg Becker and Christof Paar (authors of [3]) for sharing information on the parameters that were used with the NIST Statistical Test Suite, for confirming that our model matched the model that was used in [3], and for many other valuable discussions. They also thank two anonymous referess for their useful comments. This research was supported by the PQCRYPTO project, which was partially funded by the European Commission Horizon 2020 research Programme, grant \#645622, and by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University. Publisher Copyright: {\textcopyright} 2004-2012 IEEE.",

year = "2016",

doi = "10.1109/TDSC.2016.2537799",

language = "American English",

volume = "15",

pages = "289--294",

journal = "IEEE Transactions on Dependable and Secure Computing",

issn = "1545-5971",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Randomness Tests in Hostile Environments

AU - Goll, Martin

AU - Gueron, Shay

N1 - Funding Information: The authors thank Georg Becker and Christof Paar (authors of [3]) for sharing information on the parameters that were used with the NIST Statistical Test Suite, for confirming that our model matched the model that was used in [3], and for many other valuable discussions. They also thank two anonymous referess for their useful comments. This research was supported by the PQCRYPTO project, which was partially funded by the European Commission Horizon 2020 research Programme, grant #645622, and by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University. Publisher Copyright: © 2004-2012 IEEE.

PY - 2016

Y1 - 2016

N2 - An acceptable way to assess the quality of an RNG (PRNG) is to apply a standard battery of statistical randomness tests to a sampled output. Such tests compare some observed properties of the sample to properties of a uniform distribution, with the hope to detect deviations from the expected behavior. Consider a (P)RNG that outputs M -bit values which, due to a failure or an attack, are coerced to a subset of {0, 1}M of only 2n elements, for some n < M. Such outputs are predictable with a probability of at least 2-n > 2-M, but the standard randomness tests do not necessarily detect this behavior. We show here deterministic M-bit sequences (M = 128) that belong to a subset of size 2n, but pass the DIEHARD Battery of Tests of Randomness [1] and the NIST Statistical Test Suite [2], even with a relatively small value of n = 29. To address the difficulty, we propose a detection method that is feasible even for large values of n (e.g., n = 64). As a practical example, we apply our method to rule out the existence of the speculative stealthy hardware Trojan that is discussed in [3].

AB - An acceptable way to assess the quality of an RNG (PRNG) is to apply a standard battery of statistical randomness tests to a sampled output. Such tests compare some observed properties of the sample to properties of a uniform distribution, with the hope to detect deviations from the expected behavior. Consider a (P)RNG that outputs M -bit values which, due to a failure or an attack, are coerced to a subset of {0, 1}M of only 2n elements, for some n < M. Such outputs are predictable with a probability of at least 2-n > 2-M, but the standard randomness tests do not necessarily detect this behavior. We show here deterministic M-bit sequences (M = 128) that belong to a subset of size 2n, but pass the DIEHARD Battery of Tests of Randomness [1] and the NIST Statistical Test Suite [2], even with a relatively small value of n = 29. To address the difficulty, we propose a detection method that is feasible even for large values of n (e.g., n = 64). As a practical example, we apply our method to rule out the existence of the speculative stealthy hardware Trojan that is discussed in [3].

KW - Error-checking

KW - random number generation

KW - statistical computing

KW - testing strategies

UR - https://www.scopus.com/pages/publications/85043759415

U2 - 10.1109/TDSC.2016.2537799

DO - 10.1109/TDSC.2016.2537799

M3 - Article

SN - 1545-5971

VL - 15

SP - 289

EP - 294

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

IS - 2

ER -

Randomness Tests in Hostile Environments

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this