 This topic on pseudo random numbers and stream ciphers follows some of the things we've just seen about The block modes of operation we saw some of those modes of operation take a block cipher and Really convert it into a stream cipher. What's the difference? I guess in theory the difference is how much do we encrypt at a time a block is usually 64 bits or longer a stream cipher usually 8 bits But in practice, it's about the implementation of the speed the idea of using smaller number of bits a stream cipher and Especially X oring the plain text with some random input is that can be done quickly So as the plain text is generated by our computer and let's say we need to quickly send it across a network a Stream cipher can be better in that case a block cipher would take more time to encrypt to an entire block so there's some practical and theoretical differences and Somehow connecting also is random numbers because stream ciphers really are X oring plain text with some random sequence But there are different ways to generate random numbers So we'll just briefly introduce random numbers today. How do we generate a random number? How do you generate a random number by randomly doing it? How do we but how do we generate a random number close your eyes? Okay, so if I say choose a random number between One and a hundred Tell me 49. Okay, you somehow use your brain to choose a random number. How do we get a computer to do it? math Any more precise answer You Ran used to call the function rand but who implemented the rand function Someone did it wasn't magically arrived in your computer. Someone must have implemented the rand function and That when we implement something in our computer It's usually what we say deterministic that is it's a function that it will always do the same thing given the same inputs Which is not what we think of random random is it should do different things all the time So we in fact have a problem of how do we generate? Not as a as an application programmer We can call a library like the rand function to generate random numbers, but the person who needs to implement that library How do they generate random numbers? And that's hard any suggestions How would you do it? Right, so some math function that takes some some input number raise it to some power applies some complex math operations So that the output looks random and we'll see some examples of that some simple ones Of course, it's not random because with any function if you take the same Same inputs you always get the same output. Okay, so there is some determinism there Any other ways to generate random numbers Sorry Use the CPU clock CPU clock goes from one two three. That's not random. How would you use the CPU clock? Use noise. Where do you get noise from? Some senses so you maybe some hardware so when you say noise electrical noise noise in terms of some disturbances from some audio or or some especially in in computers the noise generated by vibrating components it is Considered to be random that is that the noise if you have electrical components And as they do things they vibrate a little bit and if you can measure the output effect of that then that's considered to be Random and that that's a good way to generate random numbers But it has some problems because you now need some special hardware to do it for you to measure those things So there's a trade-off of getting goods good random numbers truly random numbers You should require specialized hardware you can measure the The radiation levels so I have a what is a Geiger counter and if you measure the radiation levels at particular in a general area Then there will be random variations and use that as an input But that means your computer needs a Geiger counter or something so To get true random numbers is hard because you need hardware to do it, but the comment about the CPU Yes, you still can use the CPU clock, but how how to use the CPU clock? It turns out when you do things on your computer like press the keyboard button move your mouse Start and do operations with the software the time at which you do them has appears to be random not the day or the year or Even the hour in which you press a key but if you measure the millisecond at which I press a key and then press another key that The milli or even microseconds those numbers at the end if we look at them over time will appear random Not just a pressing a keyboard key, but maybe hardware interrupts occurring for different hardware components. So in fact most operating systems today Will use those things like key presses mouse movement memory access hard disk reads and writes and Look at the times when they happen Specifically the very fine detail time like microsecond millisecond times just those parts and use that As an input to generate random numbers. So we need some other source. We can't just use a function sometimes So generating random numbers is sometimes not as easy as we think we can't just use the RAND function What do we expect as the output? How do we know if something is random? Is this random? Is there a random pattern? No, we can see some pattern here random random Right, so we can visualize I think that there's no pattern in this case that we can recognize So we may judge this as being random or if we look at the bits that represent this image We may say all those variations in zeros and ones are random But we need maybe a better way to measure and to be able to determine if something is random or not Okay, so we need some measures to to be able to evaluate what's good and what's not Why do we need random numbers in security? Why do we need random numbers? To secure what for example Keys are important. I want to generate a shared secret key that only you and I will know I Need to create that key. I don't just choose it from my head It takes too long to get 64 bits and maybe I'll just choose the next the same value tomorrow or a slight variation of it So we use a random number generator to generate a key for us if we have a random number generator that is not good in That the output is not really random Then that gives the attacker some opportunity to find my key If I generate a key, I think it's random But it's not really random and the attacker knows that then it's easier for the attacker to find my key so random numbers are Important for many aspects of security. So they used in generation of keys Session keys for example a session maybe Every time I connect to a web server. I create a session and choose a new key and Tomorrow when I connect again, I use a different key. So across a session. We need to generate random keys RSA will see in a later topic is a public key cryptographic algorithm. It needs keys and it needs random numbers To distribute keys and authenticate again in later topics. We'll see that random numbers become important stream ciphers X or the plain text with a random number. So we need a good random number generator There are different measures of randomness That is given a number or a sequence is it random or not? Well, there are different ways to measure some things We expect if we look at binary a uniform distribution of zeros and ones Take a long sequence of zeros and ones like a thousand zeros and ones We'd expect Half of them to be zeros and half them to be ones 500 zeros and 500 ones is one measure of Is that sequence of zeros and ones random But we wouldn't expect it to be 500 zeros then 500 ones. We wouldn't evaluate that as random Okay, so we need a distribution of zeros and ones in our number Spread out Not just is an entire sequence have equal number of zeros and ones even sub sequences for example Just have a few simple examples to introduce random numbers today, and then we'll go into the details next week Let's say we have a sequence of 10 bits 12 Nice a number to split 12 bits and we want to evaluate if it's random. So I'll write some How many did I do? One more That's enough 12 bits random or not. Is this a random sequence of bits? What what why would you say no well one measure is that there are more there are there's one zero and 11 ones One zeros 11 ones. So when we say uniform distribution, we'd expect about half and half How many zeros? How many ones? All right, half and half good Random No, we may say no there looks to be some structure. Well another way to look at it then is to look at the sub sequences So yes of those 12 bits half and half for zeros and ones. Well, that's what we want But let's look at sub sequences. Let's look at say this six bits We have Six zeros and Zero ones So that doesn't that sub sequence of six bits doesn't have this property of an equal number of zeros and ones That's an indicator that this is not a random sequence or does not exhibit the randomness that we That would expect so not just as one sequence have an equal number of zeros and ones But the sub sequences that is the first six bits should have three zeros and three ones the next six bits Or any six bits for example If we select any six bits at a time, we'd expect on average to get the same number of zeros and ones Of course, we cannot go forever and just select a sequence of one bits but as You have a long sequence of bits you can start to apply some measures to test whether One sequence exhibits more randomness than others So one more sequence How many zeros? How many ones? What if we take this sub sequence How many zeros? So it's not enough just to count the number of zeros and ones. So we need other ways to measure the The randomness of this sequence. So again, this doesn't appear random. It looks like it's just alternating zeros and ones So the other one which is sometimes harder to measure is independence that we would think no sub sequence can be inferred from others so if we see some of those bits we cannot predict what the next bits will be and In this case if we see okay the first six bits zero one zero one zero one Maybe you can predict that the next two bits will be zero one. So this does not exhibit independence So that's some another measure of whether this sequence is Exhibits randomness or not But it becomes hard so there are different measures to try and to compare Sequences and see how random they are should be hard to predict the next value in a sequence so to finish today we'll distinguish between true random number generators and pseudo random number generators There's also random number functions, but I will not talk about them okay a True random number generator. We think is something to take some source that measures the physical environment to get a sequence of numbers which we can say a random so Radiation events from the environment maybe electrical Circuits and how things vibrate the noise from different environments measure them and It's under certain circumstances people believe that they exhibit randomness and they generate true random numbers for us But and even mouse and keyboard activity the timing and when different things happen and we can extract the events and get a true random number generator the problem is that such Techniques for generating random numbers are inconvenient We maybe need some extra hardware or some dedicated things to make these measurements So they're not general purpose solutions like a piece of software and That they often just generate a small number of values over time so if I want to generate I need a One million bit sequence Which is random? Then a true random number generator may take days to generate such a sequence Which is not very convenient So we talk about pseudo random number generators. They're not not real real true number generators They are fake or pretend ones They use algorithms that we can implement in hardware or software. They're deterministic and we calculate random numbers And we talk about them being relatively relatively random and Often they take an input which we call a seed Where that may come from a true random number generator? so we'll use a true random number generator to Act as an input to a pseudo random number generator and That can produce larger sequences of random bits, which are more useful for applications and software we will we will look at some example pseudo random number generators and Look at some of the properties of them and how to compare them next week You