Today, many applications require the ability to generate random numbers. Obviously, depending on what specific problem is being solved, different requirements will be imposed on the random number generator: for example, sometimes the random number generator may only need the uniqueness of the number obtained, while often, especially in the field of cryptography, the requirements for such the device / algorithm is much more rigid.
It is worth clarifying right away that the numbers obtained at the output of some deterministic algorithm and possessing the property of randomness are called pseudo-random, and the corresponding generators are called pseudo-random number generators (PRNG).
The purpose of this article is to familiarize with PRNG based on shift registers with linear feedback, several of their modifications, as well as several cryptographically strong PRNGs that are used in practice.
Pseudo-random number generator structure
Let's start from a little distance by looking at the general structure of the PRNG. The structure is taken as a basis, which is recommended and considered in more detail by the authors in [2].
Let's take a quick look at each block:
- , , , ( ), .
( ) . (nonce). , , , .. .
- , , ;
nonce , , ;
, . , ;
, ;
( ) ;
.
(), .. .
![Linear feedback shift register. Source: [3, p. 105]](https://habrastorage.org/getpro/habr/upload_files/c7d/d3f/7ef/c7dd3f7ef6b5c465199fb40575fff421.PNG "Linear feedback shift register. Source: [3, p. 105]")
n b1, b2, . . . , bn C1 = 1, C2, C3 , . . . , Cn ∈ {0, 1}. ( [8]). GF(2), . 2:
C(x) = 1xn + C2xn-1 + . . . + Cnx + 1,
.
2 , , .. Ci 1;
;
, 1.
b1 . 2n-1, , .
, , .. , , n . , 2n , , .
, : . , , , ( ).
:
, , ;
;
2 ;
.
, , , , .
, , .
, - , , (). , [9, . 2.8], .. , , , , .
, , , . [1], [10] . , , , .
, , "" , .
, , , . : :
.. 2 , . , - . , . .
L1 . . . LM , , .
i- Li , , - , .. (Li, Lj) = 1 i≠j. f , .. f = . . . + xi + . . . , . 2L, L - , .
"-"
"-" ( -1 -2). -2 , -1 1. -2 , .. , -1 -2.
, , , , -1.
, "-", 3 . -2 1 -1, -3 0. -2 -3. [4] , .
"-": , , , . :
![Gollman's cascade, source: [6, page 50]](https://habrastorage.org/getpro/habr/upload_files/d36/483/47a/d3648347a9b69103ca7490224ea1d0f3.PNG "Gollman's cascade, source: [6, page 50]")
-1 1, -2. -2 1 - -3 .. .
: . [9] . 15 .
5/1
, , , , GSM. 5, 1987 5/1, .. 5/2 5/3.
: , 19, 22 23 . . 5 , .. .
![Algorithm diagram A5 / 1, source: [3, page 113]](https://habrastorage.org/getpro/habr/upload_files/cd6/37c/fc2/cd637cfc2d493443032ca30d04af1089.PNG "Algorithm diagram A5 / 1, source: [3, page 113]")
.
: , ( C1 , C2, C3- ). m = majotiry (C1, C2, C3) , .. 0 1. , .
, , . . , [10].
:
.. ( 2. )
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
. ., . ., . . : — .: , 2019
C.G. Gunter, “Alternating Step Generators Contolled by de Bruijn Sequenc-es”, Advances in Cryptology EUROCRYPT ’87 Proceedings, Springer-Verlag, 1988
. . – .: . — 1989
Slepovichev I.I. Pseudo-Random Number Generators: A Tutorial, 2017
https://software.intel.com/sites/default/files/m/d/4/1/d//441IntelR_DRNGSoftwareImplementationGuidefinalAug7.pdf
https://www.xilinx.com/support/documentation/application_notes/xapp052.pdf
Schneier B. Applied Cryptography. Protocols, algorithms, source texts in the C language. - Triumph, 2013 .-- 816 s
https://csrc.nist.gov/publications/detail/sp/800-22/rev-1a/final