Cryptography Reference
In-Depth Information
Appendix B: Pseudorandom Number Generation
In this appendix we look at algorithms for pseudorandomly generating num-
bers for use in cryptographic schemes (see page 151). In particular, we begin
with a FIPS-approved standard for use with DES (see Section 3.2). It is also
the basis for the PGPRNG discussed in Section 8.1 (see page 283).
B.1 ANSI X9.17
ANSI X9.17 was introduced in 1985 as the
Financial Institution Key Man-
agement
standard, which defined protocols for use by such institutions for en-
cryption key transfer using SKC methods. It was updated in 1995, but had
become a FIPS-171 standard in 1992. In 1998, Appendix A of ANSI X9.31
replaced Appendix C of ANSI X9.17, which is the version used by PGP.
X9.17/X9.31 PRNG
The goal is to output a string of
B
64-bit PRNs,
where
B
is some predetermined bound. We are given the following as input.
(a) a secret, random 64-bit seed,
S
;
(b) a 64-bit representation,
DT
, of the current date/time;
and
(c) a 3-DES key
K
, which is used for DES encryption, denoted by
E
K
, which
is
E
k
1
,
a two-key triple encryption, kept secret and used only for the PRNG (see
page 131).
E
k
1
◦
D
k
2
◦
Then the algorithm proceeds as follows with a parameter
i
, and a vector
X
of length
B
initialized with entries
X
[
j
]= 0 for
j
=1
,
2
,...,B
.
1. Set
I
=
E
K
(
DT
) and set
i
=1.
2. Compute
X
i
=
E
K
(
I
⊕
S
)
and set
X
[
i
]=
X
i
.
3. Set
S
=
E
K
(
X
i
⊕
I
), and set
i
=
i
+1.
4. If
i<B
, go to step 2. Otherwise, output
X
=(
X
1
,X
2
,...,X
B
)
as the sequence of pseudorrandom 64-bit numbers.
Search WWH ::
Custom Search