欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2020, Vol. 37 ›› Issue (6): 835-847.DOI: 10.7523/j.issn.2095-6134.2020.06.016

• 计算机科学 • 上一篇    下一篇

一种带有熵监控功能的软件随机数发生器

刘攀1, 陈天宇2, 吕娜2, 马原2, 荆继武1   

  1. 1. 中国科学院大学计算机科学与技术学院, 北京 100049;
    2. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093
  • 收稿日期:2020-01-10 修回日期:2020-05-12 发布日期:2020-11-15
  • 通讯作者: 陈天宇
  • 基金资助:
    十三五国家密码发展基金(MMJJ20180113)资助

A software random number generator with entropy monitoring function

LIU Pan1, CHEN Tianyu2, LÜ Na2, MA Yuan2, JING Jiwu1   

  1. 1. School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China;
    2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2020-01-10 Revised:2020-05-12 Published:2020-11-15

摘要: 随机数发生器(random number generator,RNG)在现代密码学中处于基础而核心的地位,其生成的随机数为密码算法和安全协议等众多密码应用提供基本安全保障。随着移动互联网、物联网等技术的快速发展,传统纯硬件形式的随机数发生器存在硬件更新困难、开发成本高等问题,导致适用范围受限。因此,在计算机、移动终端等设备上通常采用软件随机数发生器(software RNG,SRNG)提供随机数服务。目前,Linux、Android、iOS以及Windows等典型操作系统平台均具备各自的SRNG,提供基于软件的随机数服务。现有的研究工作主要聚焦在熵源熵不足和后处理模块内部状态泄露问题,这是影响SRNG的随机数服务质量的主要问题。为此,设计并实现一种带有熵监控功能的软件随机数发生器(entropy monitoring SRNG,EM-SRNG)架构,该设计利用高精度的纳秒级系统时钟作为非物理熵源。在线的熵监控模块可实现在发生器运行时对未处理数据的熵进行持续检测,并在熵不足的情况下按需调用后处理模块以改善数据的统计特性。另外,EM-SRNG的后处理模块可选用基于SM3和SM4密码算法设计的两种后处理扩展算法,以保证发生器内部状态的前向/后向安全性。通过对所设计的EM-SRNG与Linux随机数发生器(LRNG,目前主流的软件随机数发生器之一)进行对比分析,实验结果表明:在安全性方面,经SP 800-90B测试后发现EM-SRNG的输出质量与LRNG的dev/random提供的数据质量相当,而略好于LRNG的dev/urandom提供的数据质量,每比特的最小熵约为0.94/bit;在速率方面,EM-SRNG的数据产生速率比LRNG的dev/random高4个数量级左右,但由于在结构中嵌入了基于90B统计套件进行在线熵估计,使得EM-SRNG的速率比LRNG的dev/urandom要慢一些,约为4 Mbps。

关键词: 随机数发生器, 熵监控, Linux随机数发生器

Abstract: Random number generator (RNG) is the foundation and core of modern cryptography. The random number generated by RNG provides basic security for many cryptographic applications, such as cryptographic algorithms and security protocols. With the development of mobile Internet, Internet of things and other technologies,the traditional hardware-based random number generator has the problems of difficult hardware update and high development cost, which limits its application scope. Therefore, software RNG (SRNG) is usually used in computers, mobile terminals and other devices to provide random number services. At present, Linux, Android, Windows, and other typical operating system platforms have their own SRNG, providing software-based random number generation services. The existing research focuses on the lack of entropy of the entropy source and the internal state leakage of the post-processing module, which is the main problem affecting the random number service quality of SRNG. Therefore, a software random number generator with entropy monitoring (entropy monitoring SRNG, EM-SRNG) is designed and implemented in this paper, which uses high-precision nanosecond system clock as non-physical entropy source. The online entropy monitoring module can continuously detect the entropy of the unprocessed data when the generator is running, and call the post-processing module to improve the statistical characteristics of the data when the entropy is insufficient. In addition, the post-processing module of EM-SRNG can choose two post-processing extension algorithms designed based on SM3 and SM4 cryptography algorithms to ensure the forward/backward security of the internal state of the generator. By comparing the EM-SRNG and the Linux random number generator (LRNG, one of the current mainstream SRNGs), the experimental results show that, in terms of security, through SP 800-90B test, it is found that the output quality of EM-SRNG is equal to the data quality provided by LRNG dev/random, but slightly better than that provided by LRNG dev/random, with the minimum entropy of about 0.94/bit per bit; in terms of rate, the data generation rate of EM-SRNG is about 4 orders of magnitude higher than that of LRNG dev/random, but because the 90B statistical suite is embedded in the structure for online entropy estimation, the speed of EM-SRNG is slower than that of LRNG dev/urandom, which is about 4 Mbps.

Key words: random number generator, entropy monitoring, Linux random number generator

中图分类号: