The Security Aspects of Random Number Generators
Random number generation, also known as “pseudo-random number generation” or “genetic random number generation,” is a method that, via a random number generator, produces a series of pseudo-random symbols or numbers, so incapable of being predicted more precisely than by an unbiased random number generator. A pseudo-random number generator takes advantage of the mathematical principle of “composition.” This principle states that for any sufficiently large set of possible inputs, the resulting set of outputs will be the same. For example, if we take the initial set of prime numbers and assign each of them a value ranging from zero to e prime, we obtain a uniformly divisible number series. Although we cannot predict what the final series will look like, the random factors that generate it are sufficiently well-known that we can make an educated guess as to the ultimate outcome.
The modern cryptographic handshake uses a variant of this principle. Rather than providing random numbers as part of the encryption process, a public key system incorporates a pair of keys – one secret key and one public key. These keys serve to control the output of the generator. The public key serves as a digital certificate that authenticates the digital output. Digital certificates are a relatively new development in the field of cryptography, and their use presents several issues that are currently undergoing significant research and discussion.
The most important open question revolves around the security of random numbers generated by these random number generators. Algorithms employed by most modern cryptosystems are highly complex, and it is not known whether they can be cracked. The difficulty lies more in the mathematics of the underlying protocols than in the randomness of the underlying generator. One issue that has been recognized is that elliptical couplings between various devices can produce elliptical outputs that are indistinguishable from random numbers. This is a cause of concern because the elliptical output is the best known example of random number generation.
Encrypted data passes through a random number generator and is then transmitted over the Internet. The Encryption/Decryption (EDC) procedure used by modern random number generators is based on the fact that random numbers cannot truly be predictable. Any guesswork regarding the generation of digital keys can be rendered useless by the observation of exactly how the digital keys are generated. It has been a challenge for cryptographers to find methods of making the generated keys sufficiently random enough to be able to ensure the integrity of the information passed over the Internet. Modern random number generators are based on mathematical calculations, and the output of these calculations are unpredictable and difficult to predict.
Many questions have been raised against the use of pseudorandom numbers in cryptography. These are called ‘pseudo’ random numbers due to their conformity to theoretical principles of probability. Proponents of cryptographic systems point out that even if a pseudo-random number generator could be perfectly efficient at generating random numbers that would be completely under control by an attacker, the protection of information would be compromised. They argue that randomness is essential to the proper operation of cryptography. They further point out that randomness adds a degree of trust and confidence to communications, a factor that can never be reassessed or taken for granted. Without this key element, security breaches may occur sooner than security solutions can be put into place.
Cryptographers disagree with this argument. They point out that random numbers are part of the foundation on which cryptography works. Without the random elements, cryptography will cease to be secure, they argue. They also point out that there is no known way to guarantee the eventual distribution of pseudo-random numbers, especially in a world where a source of randomness may come from a phenomenon that science does not yet understand. Cryptographers point out that in order to implement encryption using the pseudo-random number generators, a master key must be used, which makes it impossible for an intruder to crack the code. This is how they argue against those who are against the use of pseudo-random numbers in cryptography.
The need for confidentiality and strength in cryptography is often cited as a reason for the use of random numbers in the design of internet protocols. However, when the random numbers are generated, it is said that this randomness is compromised. There have been various proposed methods for ensuring the security of random numbers in the past. One of these methods involves storing the numbers on memory chips that can be read only by the authorized recipient. However, these chips have been rendered obsolete by modern technologies. Modern random number generators incorporate memory chips that are resistant to attack and are therefore quite secure. xsmn
Cryptographers point out that randomness is neither good nor bad, it is merely a matter of perspective. Those who see the need for secrecy do not see the need to sacrifice some amount of randomness for security. Those who view the issue of security as outweighing the importance of randomness in the design of a protocol do not see a vulnerability in random numbers.