hdknr’s posterous

1-1. ランダムファイルの作成

秘密鍵を作成する材料となるランダムデータを作成します。
内容は何でもかまいません。たとえば、Linux/UNIXの場合、/dev/urandomデバイスがあれば、以下のコマンドを実行しても作成できます。

dd if=/dev/urandom of=rand.dat count=1024 bs=1024

また、ランダムファイルを生成しなくても、秘密鍵を作ることは可能です。

6.1 Mixing Functions 6.1 混合関数 A strong mixing function is one which combines two or more inputs and produces an output where each output bit is a different complex non- linear function of all the input bits. On average, changing any input bit will change about half the output bits. But because the relationship is complex and non-linear, no particular output bit is guaranteed to change when any particular input bit is changed. 混合関数は２つ以上の入力を結合し、その出力ビットがそれぞれ異なった全 ての入力の複雑で線形でない関数であるものです。平均して、入力ビットの 任意のビットの変化が、出力の半分のビットを変化させるでしょう。けれど も関連が複雑で非線形であるから、入力の特定のビットが変化したときに、 出力のどのビットが変化するか予測できません。 Consider the problem of converting a stream of bits that is skewed towards 0 or 1 to a shorter stream which is more random, as discussed in Section 5.2 above. This is simply another case where a strong mixing function is desired, mixing the input bits to produce a smaller number of output bits. The technique given in Section 5.2.1 of using the parity of a number of bits is simply the result of successively Exclusive Or'ing them which is examined as a trivial mixing function immediately below. Use of stronger mixing functions to extract more of the randomness in a stream of skewed bits is examined in Section 6.1.2. 上記５.２章で論じられるように、０か１の方向に傾いてるビット列をより短 いランダム列に変換する問題を考えてください。これは、入力ビットを混ぜ て短い出力ビットを生成する、強力な混合機能の要望される他の例です。セ クション５.２.１章で与えられた多数のビットのパリティのテクニックは、 連続した排他的論理和の結果で、以下のつまらない混合関数です。歪んだビッ ト列の中からより多くの乱雑さを引き出すより強力な混合関数の使用が ６.１.２章で調べられます。

6.1.3 Diffie-Hellman as a Mixing Function 6.1.3 混合関数としてのDiffie-Hellman Diffie-Hellman exponential key exchange is a technique that yields a shared secret between two parties that can be made computationally infeasible for a third party to determine even if they can observe all the messages between the two communicating parties. This shared secret is a mixture of initial quantities generated by each of them [D-H]. If these initial quantities are random, then the shared secret contains the combined randomness of them both, assuming they are uncorrelated. Diffie-Hellmanの指数関数的な鍵交換は、第三者がたとえ２者間のすべての 通信メッセージを観察できても計算量的に鍵がばれない様に、２者間に共有 秘密鍵をもたらすテクニックです。この共有秘密鍵は彼らのそれぞれから生 成される初期値の混合です[D-H]。もしこれらの初期値がランダムなら、共 有秘密鍵は、それらが相関がないと想定すると、それら両方を結合した乱雑 さを含んでいます。

Abstract
Security systems today are built on increasingly strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities.

The use of pseudo-random processes to generate secret quantities can result in pseudo-security. The sophisticated attacker of these security systems may find it easier to reproduce the environment that produced the secret quantities, searching the resulting small set of possibilities, than to locate the quantities in the whole of the number space.

Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This paper points out many pitfalls in using traditional pseudo-random number generation techniques for choosing such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available. And it gives examples of how large such quantities need to be for some particular applications.