Random

Transcript

1. Random

2. @DAGINGINGIN iPlayground 2018 會眾 iPlayground 2019 設計組組長 iPlayground 2020 講師

   劉家瑋-⼤軍
3. None

4. What is Random?

5. None
6. None
7. None

8. ✌ ✊ 0~33 34~66 67~99

9. 23 56 3 76 13 74 25 68 11 28

   31 90 47 62 23 56 3 76 13 74 25 68 11 28 31 90 47 62
10. None
11. None

12. 均勻性 獨立性

13. 頻數測試 塊內頻數測試 遊程測試 塊內最長連續「1」測試 矩陣秩的測試 離散傅立葉變換測試 非重疊模板匹配測試 重疊模板匹配測試 通⽤統計測試 壓縮測試

    線性複雜度測試 連續性測試 近似熵測試 部分和測試 隨機漫步測試 隨機漫步變量測試

14. True Pseudo

15. True Pseudo

16. 亂數(Random number) 由 Seed 搭配演算法產出亂數(具有確定性): • 偽亂數⽣產器 Pseudorandom number generator，簡稱

    PRNG • ⼜稱為定性隨機比特⽣成器Deterministic random bit generators (DRBGs) • 密碼學安全偽亂數⽣成器 Cryptographically secure pseudorandom number generator，簡稱 CSPRNG 由物理世界的現象產出亂數(不具有確定性): • 真亂數⽣成器 True random number generator，簡稱 TRNG • ⼜稱為非定性隨機比特⽣成器 • non-deterministic random bit generators (NRBGs)

17. atmospheric noise

18. TRNG PRNG 效率 較低 較⾼ 確定性 非確定性 確定性的 週期性 非週期性的

    週期性的

19. PHP rand() on Windows TRNG

20. 線性同餘法 LCG，Linear Congruential Method m:Modulus a:Multiplier c:Increment X0:Seed X1 =

    a(X0 + c) mod m Lehmer 1988

21. ( 5 + 3 ) x 8 % 1 1

    = 9 ( 9 + 3 ) x 8 % 1 1 = 8 ( 8 + 3 ) x 8 % 1 1 = 0 ( 0 + 3 ) x 8 % 1 1 = 2 ( 2 + 3 ) x 8 % 1 1 = 7 ( 7 + 3 ) x 8 % 1 1 = 3
22. None

23. PHP rand() on Windows TRNG

24. static unsigned long int next = 1; int myrand(void) /*

    RAND_MAX assumed to be 32767 */ { next = next * 1103515245 + 12345; return((unsigned int)(next/65536) % 32768); } void mysrand(unsigned int seed) { next = seed; }
25. None

26. Blum Blum Shub (B.B.S.) Algorithm p ≡ q ≡ 3(

    mod 4) X0 = s2 mod n Xi = (Xi−1 )2 mod n Bi = Xi mod 2

27. 在Swift 裡要⽤什麼產⽣Random Number?

28. Jens Persson

29. None

30. Gamekit

31. Arc4random的歷史

32. These functions first appeared in OpenBSD 2.1. The original version

    of this random number generator used the RC4 (also known as ARC4) algorithm. In OpenBSD 5.5 it was replaced with the ChaCha20 cipher, and it may be replaced again in the future as cryptographic techniques advance. A good mnemonic is “A Replacement Call for Random”.

33. Open BSD

34. "The next generation awesome random subsystem must be super, super

    secure, before we change 1 line of code to rely on it"

35. ⼜快、⼜亂、⼜安全 ⼜線程安全、⼜跨平台

36. None

37. RC4

38. Cryptographics

39. 柯克霍夫原則 (Kerckhoffs’s principle) 即使演算法完全洩漏，只要⾦鑰沒有洩漏，密⽂就是安全的 • Claude Shannon: "the enemy knows

    the system" • Bruce Schneier: 任何以隱藏設計作為防護(Security through obscurity)的保安 系統必然會失敗 • Kerckhoffs's principle 不是說密碼學演算法都必須公開，⽽是要確 保即使公開也 不會傷害安全性

40. key scheduling algorithm（KSA） Pseudo-Random Generation Algorithm(PRGA)

41. None
42. None

43. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 j=(j+S[i]+K[i]) % 8 S0 S1 S2 S3 S4 S5 S6 S7 j=(0+0+3)=3

44. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+1)%8=5

45. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(5+4+2)%8=3

46. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

47. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

48. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(7+1+3)%8=3

49. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

50. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

51. S box KSA 1 2 3 4 5 6 7

    0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7

52. PRGA 1 2 3 4 5 6 7 0 1

    2 3 4 5 6 7 0 i j t KStream 0 1 5 3 1 2 5 5 0 3 6 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 j=(j+S[I])% 8 t=(S[j]+S[I] )% 8 KS=S[t]

53. PT XOR KS -> CT CT XOR KS -> PT

54. RC4後被證實有許多缺陷

55. RC4算法 Chacha20算法 OpenBSD 5.5 arc4random

56. RC4算法 AES算法 macOS 10.12(Sierra) iOS10 （NIST-approved） arc4random

57. pctr — driver for CPU performance counters RDRAND —晶片上的硬體亂數⽣成器中取得亂數

58. NIST National Insitute of Standards and Technology

59. None

60. Swift的基本庫沒有⾃⼰的Random Algorithm?

61. Swift Evolution

62. BCryptGenRandom() arc4random_buf() getrandom() dev/urandom()

63. Linux rand() vs urand()

64. Import Foundation? Arc4random()?rand()?srand()? 其實是import Darwin （Ｃ Api）

65. /// Platform Implementation of `SystemRandomNumberGenerator` /// ======================================================== /// /// While

    the system generator is automatically seeded and thread-safe on every /// platform, the cryptographic quality of the stream of random data produced by /// the generator may vary. For more detail, see the documentation for the APIs /// used by each platform. /// /// - Apple platforms use `arc4random_buf(3)`. /// - Linux platforms use `getrandom(2)` when available; otherwise, they read /// from `/dev/urandom`. /// - Windows uses `BCryptGenRandom`.

66. array.randomElement() CGFloat.random(in: 0...1) Int.random(in: -5...5) array.shuffle()

67. 期許

68. Thank you for your listening!