Cryptography Reference
In-Depth Information
Function:
deletion of the internal state of RandBBS
void
PurgeRandBBS_l (STATEBBS *rstate);
Syntax:
rstate
(internal state of the pseudorandom number generator)
Input:
rstate
(internal state of the generator, deleted by overwriting)
Ouput:
12.2.3 The AES Generator
An additional possibility for constructing random number generators is offered
by symmetric block encryption systems, whose statistical and cryptographic
properties have been shown to be well suited to the generation of pseudorandom
numbers. We can clarify this with the help of the Advanced Encryption Standard,
which as representative of modern block encryption systems stands out in
relation to security and speed.
4
With the code space
K
, the space
D
of clear text blocks, and the set
C
:=
{
0
,...,c−
1
}
for a constant
c
, state sets are defined by RandAES via
S
:=
K × D × C
. The state function is described by
φ
(
k, x, i
):=
ξ
(
k, x, i
)
,
AES
k
(
x
)
,i
+1(
mod
c
)
,
φ
:
S → S,
(12.4)
with
ξ
(
k, x, i
):=
k
if
i
≡
0(
mod
c
)
,
k
⊕
AES
k
(
x
)
if
i
≡
0(
mod
c
)
,
and the output function via
ψ
(
k, x, i
):=
x/
2
8
·
(23
−
(
i
mod
16))
mod
2
8
.
ψ
:
S → R,
(12.5)
The constant
c
specifies how frequently the key is updated, to prevent a
conclusion from being drawn about one state from the previous state. The price
for more security is the time it takes to initialize the key. The most secure, but
slowest, variant of the generator is obtained with
c
=1
.
The output of the generator is varied using the counter
i
in such a way that in
sequential steps, various byte positions are selected from the output values.
The initialization of the AES-based pseudorandom number generator
RandAES is accomplished via the function
InitRandAES_l
:
4
AES is used in an extended form with a block length of 192 bits. The standard requires 128 bits,
while the underlying algorithm Rijndael is designed for block lengths of 256 bits.
