A Comparison of Post-Processing Techniques for Biased Random Number Generators

In this paper, we study and compare two popular methods for post-processing random number generators: linear and Von Neumann compression. We show that linear compression can achieve much better throughput than Von Neumann compression, while achieving practically good level of security. We also introduce a concept known as the adversary bias which measures how accurately an adversary can guess the output of a random number generator, e.g. through a trapdoor or a bad RNG design. Then we prove that linear compression performs much better than Von Neumann compression when correcting adversary bias. Finally, we discuss on good ways to implement this linear compression in hardware and give a field-programmable gate array (FPGA) implementation to provide resource utilization estimates.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Berk Sunar,et al.  A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks , 2007, IEEE Transactions on Computers.

[3]  Ingrid Verbauwhede,et al.  FPGA Vendor Agnostic True Random Number Generator , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[4]  Markus Dichtl Bad and Good Ways of Post-processing Biased Physical Random Numbers , 2007, FSE.

[5]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  Axel Poschmann,et al.  Lightweight cryptography: cryptographic engineering for a pervasive world , 2009, IACR Cryptol. ePrint Arch..

[8]  Patrick Lacharme,et al.  Post-Processing Functions for a Biased Physical Random Number Generator , 2008, FSE.

[9]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.