Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Random

 Random

iPlayground 2020
Swift 4.2後開始支援Random相關Syntax
但實際上底層會因不同的作業系統,去撈取不同的API。
順便帶大家認識從iOS初期一直到現在都在用的Arc4random的由來,和簡單介紹RC4的演算法。

C1da01b3ef2be042110a1d619e095f11?s=128

danny80916kimo

November 09, 2020
Tweet

Transcript

  1. Random

  2. @DAGINGINGIN iPlayground 2018 會眾 iPlayground 2019 設計組組長 iPlayground 2020 講師

    劉家瑋-⼤軍
  3. None
  4. What is Random?

  5. None
  6. None
  7. None
  8. ✌ ✊ 0~33 34~66 67~99

  9. 23 56 3 76 13 74 25 68 11 28

    31 90 47 62 23 56 3 76 13 74 25 68 11 28 31 90 47 62
  10. None
  11. None
  12. 均勻性 獨立性

  13. 頻數測試 塊內頻數測試 遊程測試 塊內最長連續「1」測試 矩陣秩的測試 離散傅立葉變換測試 非重疊模板匹配測試 重疊模板匹配測試 通⽤統計測試 壓縮測試

    線性複雜度測試 連續性測試 近似熵測試 部分和測試 隨機漫步測試 隨機漫步變量測試
  14. True Pseudo

  15. True Pseudo

  16. 亂數(Random number) 由 Seed 搭配演算法產出亂數(具有確定性): • 偽亂數⽣產器 Pseudorandom number generator,簡稱

    PRNG • ⼜稱為定性隨機比特⽣成器Deterministic random bit generators (DRBGs) • 密碼學安全偽亂數⽣成器 Cryptographically secure pseudorandom number generator,簡稱 CSPRNG 由物理世界的現象產出亂數(不具有確定性): • 真亂數⽣成器 True random number generator,簡稱 TRNG • ⼜稱為非定性隨機比特⽣成器 • non-deterministic random bit generators (NRBGs)
  17. atmospheric noise

  18. TRNG PRNG 效率 較低 較⾼ 確定性 非確定性 確定性的 週期性 非週期性的

    週期性的
  19. PHP rand() on Windows TRNG

  20. 線性同餘法 LCG,Linear Congruential Method m:Modulus a:Multiplier c:Increment X0:Seed X1 =

    a(X0 + c) mod m Lehmer 1988
  21. ( 5 + 3 ) x 8 % 1 1

    = 9 ( 9 + 3 ) x 8 % 1 1 = 8 ( 8 + 3 ) x 8 % 1 1 = 0 ( 0 + 3 ) x 8 % 1 1 = 2 ( 2 + 3 ) x 8 % 1 1 = 7 ( 7 + 3 ) x 8 % 1 1 = 3
  22. None
  23. PHP rand() on Windows TRNG

  24. static unsigned long int next = 1; int myrand(void) /*

    RAND_MAX assumed to be 32767 */ { next = next * 1103515245 + 12345; return((unsigned int)(next/65536) % 32768); } void mysrand(unsigned int seed) { next = seed; }
  25. None
  26. Blum Blum Shub (B.B.S.) Algorithm p ≡ q ≡ 3(

    mod 4) X0 = s2 mod n Xi = (Xi−1 )2 mod n Bi = Xi mod 2
  27. 在Swift 裡要⽤什麼產⽣Random Number?

  28. Jens Persson

  29. None
  30. Gamekit

  31. Arc4random的歷史

  32. These functions first appeared in OpenBSD 2.1. The original version

    of this random number generator used the RC4 (also known as ARC4) algorithm. In OpenBSD 5.5 it was replaced with the ChaCha20 cipher, and it may be replaced again in the future as cryptographic techniques advance. A good mnemonic is “A Replacement Call for Random”.
  33. Open BSD

  34. "The next generation awesome random subsystem must be super, super

    secure, before we change 1 line of code to rely on it"
  35. ⼜快、⼜亂、⼜安全 ⼜線程安全、⼜跨平台

  36. None
  37. RC4

  38. Cryptographics

  39. 柯克霍夫原則 (Kerckhoffs’s principle) 即使演算法完全洩漏,只要⾦鑰沒有洩漏,密⽂就是安全的 • Claude Shannon: "the enemy knows

    the system" • Bruce Schneier: 任何以隱藏設計作為防護(Security through obscurity)的保安 系統必然會失敗 • Kerckhoffs's principle 不是說密碼學演算法都必須公開,⽽是要確 保即使公開也 不會傷害安全性
  40. key scheduling algorithm(KSA) Pseudo-Random Generation Algorithm(PRGA)

  41. None
  42. None
  43. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 j=(j+S[i]+K[i]) % 8 S0 S1 S2 S3 S4 S5 S6 S7 j=(0+0+3)=3
  44. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+1)%8=5
  45. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(5+4+2)%8=3
  46. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6
  47. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6
  48. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(7+1+3)%8=3
  49. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6
  50. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6
  51. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7
  52. PRGA 1 2 3 4 5 6 7 0 1

    2 3 4 5 6 7 0 i j t KStream 0 1 5 3 1 2 5 5 0 3 6 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 j=(j+S[I])% 8 t=(S[j]+S[I] )% 8 KS=S[t]
  53. PT XOR KS -> CT CT XOR KS -> PT

  54. RC4後被證實有許多缺陷

  55. RC4算法 Chacha20算法 OpenBSD 5.5 arc4random

  56. RC4算法 AES算法 macOS 10.12(Sierra) iOS10 (NIST-approved) arc4random

  57. pctr — driver for CPU performance counters RDRAND —晶片上的硬體亂數⽣成器中取得亂數

  58. NIST National Insitute of Standards and Technology

  59. None
  60. Swift的基本庫沒有⾃⼰的Random Algorithm?

  61. Swift Evolution

  62. BCryptGenRandom() arc4random_buf() getrandom() dev/urandom()

  63. Linux rand() vs urand()

  64. Import Foundation? Arc4random()?rand()?srand()? 其實是import Darwin (C Api)

  65. /// Platform Implementation of `SystemRandomNumberGenerator` /// ======================================================== /// /// While

    the system generator is automatically seeded and thread-safe on every /// platform, the cryptographic quality of the stream of random data produced by /// the generator may vary. For more detail, see the documentation for the APIs /// used by each platform. /// /// - Apple platforms use `arc4random_buf(3)`. /// - Linux platforms use `getrandom(2)` when available; otherwise, they read /// from `/dev/urandom`. /// - Windows uses `BCryptGenRandom`.
  66. array.randomElement() CGFloat.random(in: 0...1) Int.random(in: -5...5) array.shuffle()

  67. 期許

  68. Thank you for your listening!