抗随机数后门攻击的密码算法  被引量：5

作　　者：康步荣 张磊[1,2,3] 张蕊[1,2] 孟欣宇 陈桐[1,2] KANG Bu-Rong;ZHANG Lei;ZHANG Rui;MENG Xin-Yu;CHEN Tong(Engineering Research Center of Software/Hardware Co-design Technology and Application,Ministry of Education(East China Normal University),Shanghai 200062,China;Software Engineering Institute,East China Normal University,Shanghai 200062,China;State Key Laboratory of Cryptology,Beijing 100878,China)

机构地区：[1]软硬件协同设计技术与应用教育部工程研究中心(华东师范大学),上海200062 [2]华东师范大学软件工程学院,上海200062 [3]密码科学技术国家重点实验室,北京100878

出　　处：《软件学报》2021年第9期2887-2900,共14页Journal of Software

基　　金：国家重点研发计划(2017YFB0802000);国家自然科学基金(61972159,61572198);软硬件协同设计技术与应用教育部工程研究中心主任基金(华东师范大学)。

摘　　要：迄今为止,大多数密码原语的安全性都依赖于高质量的不可预测的随机数.密码学中,通常用伪随机数生成器(pseudorandom number generator,简称PRNG)生成随机数.因此,密码算法中所用的PRNG的安全性将直接影响着密码算法的安全性.然而,近年来,越来越多的研究结果表明:在实际应用中,很多人为因素会导致PRNG生成的随机数是不随机或可预测的,称这种不安全的PRNG为有后门的PRNG(backdoored pseudorandom number generator,简称BPRNG).BPRNG最典型的例子是双椭圆曲线伪随机数生成器(dual elliptic curves pseudorandom number generator,简称Dual EC PRNG),其算法于2014年被曝出存在后门.BPRNG的出现,使密码算法的研究面临着新的挑战.因此,研究抗随机数后门攻击的密码算法显得尤为重要.首先概述了抗随机数后门攻击密码算法的研究背景,然后着重对已有抗随机数后门攻击密码算法进行了总结和梳理.So far,the security of the most of the cryptographic primitives depends on the high-quality and unpredictable randomness.In cryptography,the pseudorandom number generator(PRNG)is used to generate randomness.Thus,the security of the PRNG will directly impact the security of cryptographic algorithms.However,there have been some reports showing that many human factors can lead to the failure randomness generated by the PRNG which is referred to as the backdoored pseudorandom number generator(BPRNG).A good example of this BPRNG is the dual elliptic curves PRNG(Dual EC PRNG)which has been exposed to generate bad randomness.With the emerging of BPRNG,new challenges will be confronted with the study of cryptographic algorithms.Therefore,it is important to investigate the cryptographic primitives against the BPRNG.This study first reviews the research background of the cryptographic primitives against the BPRNG,and then summarizes the existing schemes in this field.

关 键 词：伪随机数生成器 随机数后门 抗随机数后门攻击 密码算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]