Cryptography Reference
In-Depth Information
8.1.1
The need for randomness
Most cryptographic primitives take structured input and turn it into something
that has no structure. For example:
• The ciphertext produced by a block or stream cipher should have no apparent
structure. If this is not the case then useful informationmay be provided (leaked)
to an attacker who observes the ciphertext. Indeed, there aremany applications
where ciphertext is used as a source of randomness. We have already seen this
in Section 4.6.2 when we observed that ciphertext can be used to generate
keystream for a 'stream cipher'.
• The output of a hash function should have no apparent structure. Although
we did not state this explicitly as one of our hash function properties,
we noted in Section 6.2.2 that hash functions are often used to generate
cryptographic keys.
Just as importantly, many cryptographic primitives
require
sources of randomness
in order to function. For example:
• Any cryptographic primitive that is based on symmetric keys requires a source
of randomness in order to generate these keys. The security of symmetric
cryptography relies on the fact that these keys cannot be predicted in
any way.
• Many cryptographic primitives require the input of other types of randomly
generated numbers such as salts (see Section 8.4.2) and initial variables
(see Section 4.6.2). We have also seen in Section 5.3.4 that public-key
cryptosystems are normally probabilistic, in the sense that they require fresh
randomness each time that they are used.
• We will see in Chapter 9 that sources of randomness are very important for
providing freshness in cryptographic protocols.
Given this intricate relationship, we could probably have had a general discussion
about random number generation almost anywhere in our review of mechanisms
for implementing security services. However, we choose to have it now because
a significant number of the cryptographic mechanisms for providing entity
authentication require randomly generated numbers as a means of providing
freshness. We will discuss freshness mechanisms in Section 8.2. We will
discuss randomness in the specific context of cryptographic key generation in
Section 10.3.
8.1.2
What is randomness?
People have been trying for hundreds of years to define precisely what is meant by
the word 'random'. In fact 'randomness', by its very nature, defies classification
rules. Nonetheless, we all have an intuitive feel for what 'random' should mean.
