Splittable pseudorandom number generators using cryptographic hashing

We propose a new splittable pseudorandom number generator (PRNG) based on a cryptographic hash function. Splittable PRNGs, in contrast to linear PRNGs, allow the creation of two (seemingly) independent generators from a given random number generator. Splittable PRNGs are very useful for structuring purely functional programs, as they avoid the need for threading around state. We show that the currently known and used splittable PRNGs are either not efficient enough, have inherent flaws, or lack formal arguments about their randomness. In contrast, our proposed generator can be implemented efficiently, and comes with a formal statements and proofs that quantify how 'random' the results are that are generated. The provided proofs give strong randomness guarantees under assumptions commonly made in cryptography.

[1]  Michael Mascagni,et al.  SPRNG: A Scalable Library for Pseudorandom Number Generation , 1999, PP.

[2]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[3]  Koen Claessen,et al.  QuickSpec: Guessing Formal Specifications Using Testing , 2010, TAP@TOOLS.

[4]  Claus-Peter Schnorr,et al.  Stronger Security Proofs for RSA and Rabin Bits , 1997, Journal of Cryptology.

[5]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[6]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[7]  Mark A. Moraes,et al.  Parallel random numbers: As easy as 1, 2, 3 , 2011, 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[8]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9]  Silvio Micali,et al.  Efficient, perfect polynomial random number generators , 2004, Journal of Cryptology.

[10]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[11]  F. Warren Burton,et al.  Distributed Random Number Generation , 1992, J. Funct. Program..

[12]  Mihir Bellare,et al.  Improved Security Analyses for CBC MACs , 2005, CRYPTO.

[13]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[14]  Charles E. Leiserson,et al.  Deterministic parallel random-number generation for dynamic-multithreading platforms , 2012, PPoPP '12.

[15]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[16]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[17]  Shoichi Hirose Security Analysis of DRBG Using HMAC in NIST SP 800-90 , 2008, WISA.

[18]  Berry Schoenmakers,et al.  Concrete Security of the Blum-Blum-Shub Pseudorandom Generator , 2005, IMACC.

[19]  Mamadou Kaba Traoré,et al.  Distribution of random streams for simulation practitioners , 2013, Concurr. Comput. Pract. Exp..

[20]  Roman Leshchinskiy,et al.  Recycle Your Arrays! , 2009, PADL.

[21]  Mihir Bellare,et al.  Code-Based Game-Playing Proofs and the Security of Triple Encryption , 2004, IACR Cryptol. ePrint Arch..

[22]  Michael Mascagni,et al.  Recent Developments in Parallel Pseudorandom Number Generation , 1993, PPSC.

[23]  Pierre L'Ecuyer,et al.  TestU01: A C library for empirical testing of random number generators , 2006, TOMS.

[24]  John Kelsey,et al.  NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2011 .

[25]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[26]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[27]  Kristian Gjøsteen,et al.  A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator , 2007, CRYPTO.

[28]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[29]  Bruce D. McCullough,et al.  The Accuracy of Econometric Software , 2009 .

[30]  Sanjit Chatterjee,et al.  Another Look at Tightness , 2011, IACR Cryptol. ePrint Arch..

[31]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[32]  Burton J. Smith,et al.  Pseudo-random trees in Monte Carlo , 1984, Parallel Comput..

[33]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.