Cryptography Reference
In-Depth Information
Table 12-1. Tolerance intervals for runs of various lengths, after [BSI2] and [FIPS]
Run Length
Interval
1
[2267,2733]
2
[1079,1421]
3
[502,748]
4
[233,402]
5
[90,223]
6
[90,233]
12.3.6 Autocorrelation Test
The autocorrelation test provides information about possible existing dependen-
cies within a generated bit sequence. For a sequence of 10 000 bits, b 1 ,...,b 10000 ,
and for t in the range 1
t
5000 , the values
5000
Z t =
b i
b i +1
(12.12)
i =1
are computed. The test is passed with probability of error 10 6 if all the Z t lie in
the interval [2327 , 2673] (see [BSI2] and [FIPS]).
12.3.7 Quality of the FLINT/C Random Number
Generators
To demonstrate the properties K2, the required statistical tests for the output
width of 8 bits for the random number generators presented here were carried
out. In 2313 individual tests, over 20 000 random bits were calculated. All test
results lay within the required bounds. The average values were calculated, and
they are presented in Table 12-2. Therefore, the generators presented here can be
placed in class K2.
Class K3 requires that it be impossible for an attacker to determine
predecessors or successors of a given subsequence r i ,r i +1 ,...,r i + j , nor to
determine any internal state. For the generator RandAES, this would be equivalent
to serious attack possibilities against the encryption procedure AES, which would
lead to being able to take ciphered text and produce bits of clear text or of a key.
No such attacks are known. Furthermore, the AES is considered a high-strength
cryptographic mechanism, so that the generator can be placed in class K3.
If the parameter c is set to the value 1 , then in each round, a new key
k i := ξ ( k i 1 ,x,i− 1) = k i 1 AES k i 1 ( x ) is established. Due to this
operation, it is impossible to determine a previous internal state (or key) s i j
 
Search WWH ::




Custom Search