Pseudo-random generators
Random Number Generating
There are three types of generators
 table look-up generators
 hardware generators
 algorithmic (software) generators
The third category is the one most often used in
cryptography. It does not produce a truly random number
but rather a pseudo random number.
5497
5497
2170
7089
2170
7089
2539
2170
7089
2539
0.2170
0.7089
0.2539
0.0088
0.0077
0.0059
0.0088
0.0088
Is a given PRNG good enough?
•The German Federal Office for Information Security (BSI)
has established four criteria for quality of random number
generators:
• K1 A sequence of random numbers with a low probability of containing identical consecutive
elements.
• K2 A sequence of numbers which is indistinguishable from 'true random' numbers according to
specified statistical tests..
• K3 It should be impossible for any attacker to calculate, or otherwise guess, from any given subsequence, any previous or future values in the sequence.
• K4 It should be impossible for an attacker to calculate, or guess from an inner state of the generator,
any previous numbers in the sequence or any previous inner generator states.
•To be suitable for cryptography any PRNG should
meet K3 and K4 standards
Mersenne Twister
Linear congruential generator
A linear congruential generator is determined by the
following four integer values
 m the modulus m > 0
 a the multiplier 0 , 0 < a < m
 c the increment 0, 0 < c< m
 X0 the starting value 0, 0 <X0 < m
The algorithm is
Xn + 1 = (aXn + c)mod m
Where n>0
Lehmer random number
generator
Lehmer random number
generator
The basic algorithm is
Xi + 1 = (aXi + c) mod m , with 0 ≤ Xi ≤ m
X0, a, and c are known as the seed, multiplier, and the increment respectively
M is 2p-1 where p is the CPU bits (32 bit, 64 bit, etc.)
If we pick small numbers to make the math easy like this
For example, consider m = 31, a = 7, c = 0 and begin with X0 = 19. The next
integers in the sequence are
9, 1, 7, 18, 2, 14, 5, 4, 28, 10, 8, 25, 20, 16
If the multiplier and seed are chosen properly, a Lehmer generator is statistically
indistinguishable from drawing from with replacement.
You can see a code implementation of this PRNG at
http://www.seas.gwu.edu/~simhaweb/java/lectures/appendix/random.html
Lagged Fibonacci Generator
Naor-Reingold Pseudorandom
Function
• Example: