Cryptography Reference
In-Depth Information
The two components of this model are:
A seed . The secret information that is input into the deterministic generator is
often referred to as a seed . This is essentially a cryptographic key. The seed is
the only piece of information that is definitely not known to an attacker. Thus,
to preserve the unpredictability of the pseudorandom output sequence it is
important both to protect this seed and to change it frequently.
The generator . This is the cryptographic algorithm that produces the pseu-
dorandom output from the seed. Following our standard assumptions of
Section 1.5.1, we normally assume that the details of the generator are publicly
known, even if they are not.
DETERMINISTIC GENERATORS IN PRACTICE
A deterministic generator overcomes the two problems that we identified for
non-deterministic generators:
1. They are cheap to implement and fast to run. It is no coincidence that
deterministic generators share these advantages with stream ciphers (see
Section 4.2.4), since the keystream generator for a stream cipher is a
deterministic generator whose output is used to encrypt plaintext (see
Section 4.2.1).
2. Two identical pseudorandom outputs can be produced in two different
locations. All that is needed is the same deterministic generator and the
same seed.
Of course, deterministic generators are, in some sense, a bit of a cheat. They
generate pseudorandom output but they require random input in the form of
the seed to operate. So we still require a source of randomness for the seed. If
necessary, we also require a means of securely distributing the seed.
However, the seed is relatively short. It is normally a symmetric key of a
standard recommended length, such as 128 bits. We are still faced with the
problem of generating this seed, but once we address this we can use it to
produce long streams of pseudorandom output. The use of relatively expensive
non-deterministic generators might be appropriate for short seed generation.
Alternatively, amore secure deterministic generator could be used for this purpose
such as one installed in secure hardware (see Section 10.3).
The case for using deterministic generators is similar to the case we made
for using stream ciphers in Section 4.2.2. Deterministic generators thus provide
an attractive means of converting relatively costly random seed generation into a
more 'sustainable' source of pseudorandomoutput. As remarked earlier, however,
deterministic generators are often points of weakness in real cryptosystems. It is
important to identify potential points of weakness:
Cryptanalysis of the generator . Deterministic generators are cryptographic
algorithms and, as such, are always vulnerable to potential weaknesses in their
design. Use of a well-respected deterministic generator is probably the best way
 
Search WWH ::




Custom Search