%\documentclass{article}
-\documentclass[10pt,journal,letterpaper,compsoc]{IEEEtran}
+%\documentclass[10pt,journal,letterpaper,compsoc]{IEEEtran}
+\documentclass[preprint,12pt]{elsarticle}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{fullpage}
% Pour faire des sous-figures dans les figures
\usepackage{subfigure}
-\usepackage{color}
\newtheorem{notation}{Notation}
\newcommand{\alert}[1]{\begin{color}{blue}\textit{#1}\end{color}}
-\newcommand{\PCH}[1]{\begin{color}{blue}#1\end{color}}
\title{Efficient and Cryptographically Secure Generation of Chaotic Pseudorandom Numbers on GPU}
\begin{document}
Guyeux, and Pierre-Cyrille Héam\thanks{Authors in alphabetic order}}
-\IEEEcompsoctitleabstractindextext{
+%\IEEEcompsoctitleabstractindextext{
\begin{abstract}
In this paper we present a new pseudorandom number generator (PRNG) on
graphics processing units (GPU). This PRNG is based on the so-called chaotic iterations. It
\end{abstract}
-}
+%}
\maketitle
-\IEEEdisplaynotcompsoctitleabstractindextext
-\IEEEpeerreviewmaketitle
+%\IEEEdisplaynotcompsoctitleabstractindextext
+%\IEEEpeerreviewmaketitle
\section{Introduction}
need is to define \emph{secure} generators able to withstand malicious
attacks. Roughly speaking, an attacker should not be able in practice to make
the distinction between numbers obtained with the secure generator and a true random
-sequence. \begin{color}{red} However, in an equivalent formulation, he or she should not be
+sequence. However, in an equivalent formulation, he or she should not be
able (in practice) to predict the next bit of the generator, having the knowledge of all the
binary digits that have been already released. ``Being able in practice'' refers here
to the possibility to achieve this attack in polynomial time, and to the exponential growth
of the difficulty of this challenge when the size of the parameters of the PRNG increases.
-\end{color}
+
Finally, a small part of the community working in this domain focuses on a
third requirement, that is to define chaotic generators.
{\it BigCrush} battery of tests, which is widely considered as the most
stringent statistical evaluation of a sequence claimed as random.
This battery can be found in the well-known TestU01 package~\cite{LEcuyerS07}.
-\begin{color}{red}
More precisely, each time we performed a test on a PRNG, we ran it
twice in order to observe if all $p-$values are inside [0.01, 0.99]. In
fact, we observed that few $p-$values (less than ten) are sometimes
the same test. With this approach all our PRNGs pass the {\it
BigCrush} successfully and all $p-$values are at least once inside
[0.01, 0.99].
-\end{color}
Chaos, for its part, refers to the well-established definition of a
chaotic dynamical system proposed by Devaney~\cite{Devaney}.
key encryption protocol by using the proposed method.
-\PCH{
{\bf Main contributions.} In this paper a new PRNG using chaotic iteration
is defined. From a theoretical point of view, it is proven that it has fine
topological chaotic properties and that it is cryptographically secured (when
random generator. The generation speed is significantly weaker.
Note also that an original qualitative comparison between topological chaotic
properties and statistical test is also proposed.
-}
+
and on an iteration process called ``chaotic
iterations'' on which the post-treatment is based.
The proposed PRNG and its proof of chaos are given in Section~\ref{sec:pseudorandom}.
-\begin{color}{red}
+
Section~\ref{The generation of pseudorandom sequence} illustrates the statistical
improvement related to the chaotic iteration based post-treatment, for
our previously released PRNGs and a new efficient
implementation on CPU.
-\end{color}
+
Section~\ref{sec:efficient PRNG
gpu} describes and evaluates theoretically the GPU implementation.
Such generators are experimented in
We show in Section~\ref{sec:security analysis} that, if the inputted
generator is cryptographically secure, then it is the case too for the
generator provided by the post-treatment.
-\begin{color}{red} A practical
-security evaluation is also outlined in Section~\ref{sec:Practicak evaluation}.\end{color}
+A practical
+security evaluation is also outlined in Section~\ref{sec:Practicak evaluation}.
Such a proof leads to the proposition of a cryptographically secure and
chaotic generator on GPU based on the famous Blum Blum Shub
in Section~\ref{sec:CSGPU} and to an improvement of the
We have proposed in~\cite{bgw09:ip} a new family of generators that receives
two PRNGs as inputs. These two generators are mixed with chaotic iterations,
leading thus to a new PRNG that
-\begin{color}{red}
should improve the statistical properties of each
generator taken alone.
Furthermore, the generator obtained in this way possesses various chaos properties that none of the generators used as present input.
\label{Chaotic iteration1}
\end{algorithmic}
\end{algorithm}
-\end{color}
\subsection{Improving the Speed of the Former Generator}
-Instead of updating only one cell at each iteration, \begin{color}{red} we now propose to choose a
-subset of components and to update them together, for speed improvement. Such a proposition leads \end{color}
+Instead of updating only one cell at each iteration, we now propose to choose a
+subset of components and to update them together, for speed improvement. Such a proposition leads
to a kind of merger of the two sequences used in Algorithms
\ref{CI Algorithm} and \ref{Chaotic iteration1}. When the updating function is the vectorial negation,
this algorithm can be rewritten as follows:
\end{proof}
-\begin{color}{red}
\section{Statistical Improvements Using Chaotic Iterations}
\label{The generation of pseudorandom sequence}
\begin{table}
-\renewcommand{\arraystretch}{1.3}
+%\renewcommand{\arraystretch}{1}
\caption{TestU01 Statistical Test Failures}
\label{TestU011}
\centering
\begin{table}
-\renewcommand{\arraystretch}{1.3}
+%\renewcommand{\arraystretch}{1}
\caption{TestU01 Statistical Test Failures for Old CI algorithms ($\mathsf{N}=4$)}
\label{TestU01 for Old CI}
\centering
\label{Results and discussion}
\begin{table*}
-\renewcommand{\arraystretch}{1.3}
+%\renewcommand{\arraystretch}{1}
\caption{NIST and DieHARD tests suite passing rates for PRNGs without CI}
\label{NIST and DieHARD tests suite passing rate the for PRNGs without CI}
\centering
\begin{table*}
-\renewcommand{\arraystretch}{1.3}
+%\renewcommand{\arraystretch}{1.3}
\caption{NIST and DieHARD tests suite passing rates for PRNGs with CI}
\label{NIST and DieHARD tests suite passing rate the for single CIPRNGs}
\centering
using chaotic iterations on defective generators.
\begin{table*}
-\renewcommand{\arraystretch}{1.3}
+%\renewcommand{\arraystretch}{1.3}
\caption{Number of $\oplus$ operations to pass the whole NIST and DieHARD batteries}
\label{threshold}
\centering
fastest generator in the chaotic iteration based family. In the remainder,
this generator will be simply referred to as CIPRNG, or ``the proposed PRNG'', if this statement does not
raise ambiguity.
-\end{color}
+
\subsection{First Efficient Implementation of a PRNG based on Chaotic Iterations}
\label{sec:efficient PRNG}
Thus producing a pseudorandom number needs 6 xor operations with 6 32-bits numbers
that are provided by 3 64-bits PRNGs. This version successfully passes the
stringent BigCrush battery of tests~\cite{LEcuyerS07}.
-\begin{color}{red}At this point, we thus
+At this point, we thus
have defined an efficient and statistically unbiased generator. Its speed is
directly related to the use of linear operations, but for the same reason,
this fast generator cannot be proven as secure.
-\end{color}
+
\section{Efficient PRNGs based on Chaotic Iterations on GPU}
\label{algo:gpu_kernel2}
\end{algorithm}
-\begin{color}{red}
\subsection{Chaos Evaluation of the Improved Version}
-\end{color}
A run of Algorithm~\ref{algo:gpu_kernel2} consists in an operation ($x=x\oplus t$) having
the form of Equation~\ref{equation Oplus}, which is equivalent to the iterative
\begin{figure}[htbp]
\begin{center}
- \includegraphics[width=\columnwidth]{curve_time_xorlike_gpu.pdf}
+ \includegraphics[scale=0.7]{curve_time_xorlike_gpu.pdf}
\end{center}
\caption{Quantity of pseudorandom numbers generated per second with the xorlike-based PRNG}
\label{fig:time_xorlike_gpu}
\begin{figure}[htbp]
\begin{center}
- \includegraphics[width=\columnwidth]{curve_time_bbs_gpu.pdf}
+ \includegraphics[scale=0.7]{curve_time_bbs_gpu.pdf}
\end{center}
\caption{Quantity of pseudorandom numbers generated per second using the BBS-based PRNG}
\label{fig:time_bbs_gpu}
\section{Security Analysis}
-\begin{color}{red}
This section is dedicated to the security analysis of the
proposed PRNGs, both from a theoretical and from a practical point of view.
enough, the system is secured.
As a complement, an example of a concrete practical evaluation of security
is outlined in the next subsection.
-\end{color}
In this section the concatenation of two strings $u$ and $v$ is classically
denoted by $uv$.
internal coin tosses of $D$.
\end{definition}
-Intuitively, it means that there is no polynomial time algorithm that can
-distinguish a perfect uniform random generator from $G$ with a non
-negligible probability.
-\begin{color}{red}
- An equivalent formulation of this well-known
-security property means that it is possible
-\emph{in practice} to predict the next bit of
-the generator, knowing all the previously
-produced ones.
-\end{color}
-The interested reader is referred
-to~\cite[chapter~3]{Goldreich} for more information. Note that it is
-quite easily possible to change the function $\ell$ into any polynomial
-function $\ell^\prime$ satisfying $\ell^\prime(m)>m)$~\cite[Chapter 3.3]{Goldreich}.
+Intuitively, it means that there is no polynomial time algorithm that can
+distinguish a perfect uniform random generator from $G$ with a non negligible
+probability. An equivalent formulation of this well-known security property
+means that it is possible \emph{in practice} to predict the next bit of the
+generator, knowing all the previously produced ones. The interested reader is
+referred to~\cite[chapter~3]{Goldreich} for more information. Note that it is
+quite easily possible to change the function $\ell$ into any polynomial function
+$\ell^\prime$ satisfying $\ell^\prime(m)>m)$~\cite[Chapter 3.3]{Goldreich}.
The generation schema developed in (\ref{equation Oplus}) is based on a
pseudorandom generator. Let $H$ be a cryptographic PRNG. We may assume,
-\begin{color}{red}
\subsection{Practical Security Evaluation}
\label{sec:Practicak evaluation}
cannot achieve its $(10^{12},0.2)$ distinguishing
attack in that context.
-\end{color}
\section{Cryptographical Applications}
Proposition~\ref{cryptopreuve}, the resulted PRNG is
cryptographically secure.
-\begin{color}{red}
As stated before, even if the proposed PRNG is cryptocaphically
secure, it does not mean that such a generator
can be used as described here when attacks are
must be established. Authors
hope to achieve this difficult task in a future
work.
-\end{color}
\subsection{Toward a Cryptographically Secure and Chaotic Asymmetric Cryptosystem}
To encrypt his message, Bob will compute
%%RAPH : ici, j'ai mis un simple $
-%\begin{equation}
-$c = \left(m_0 \oplus (b_0 \oplus S^0), m_1 \oplus (b_0 \oplus b_1 \oplus S^0), \hdots, \right.$
-$ \left. m_{L-1} \oplus (b_0 \oplus b_1 \hdots \oplus b_{L-1} \oplus S^0) \right)$
-%%\end{equation}
-instead of $\left(m_0 \oplus b_0, m_1 \oplus b_1, \hdots, m_{L-1} \oplus b_{L-1} \right)$.
+\begin{equation*}
+c = \left(m_0 \oplus (b_0 \oplus S^0), m_1 \oplus (b_0 \oplus b_1 \oplus S^0), \hdots, \right.
+ \left. m_{L-1} \oplus (b_0 \oplus b_1 \hdots \oplus b_{L-1} \oplus S^0) \right)
+\end{equation*}
+instead of $$\left(m_0 \oplus b_0, m_1 \oplus b_1, \hdots, m_{L-1} \oplus b_{L-1} \right)$$.
The same decryption stage as in Blum-Goldwasser leads to the sequence
-$\left(m_0 \oplus S^0, m_1 \oplus S^0, \hdots, m_{L-1} \oplus S^0 \right)$.
+$$\left(m_0 \oplus S^0, m_1 \oplus S^0, \hdots, m_{L-1} \oplus S^0 \right)$$.
Thus, with a simple use of $S^0$, Alice can obtain the plaintext.
By doing so, the proposed generator is used in place of BBS, leading to
the inheritance of all the properties presented in this paper.
Furthermore, we have shown that when the inputted generator is cryptographically
secure, then it is the case too for the PRNG we propose, thus leading to
the possibility to develop fast and secure PRNGs using the GPU architecture.
-\begin{color}{red} An improvement of the Blum-Goldwasser cryptosystem, making it
-behave chaotically, has finally been proposed. \end{color}
+An improvement of the Blum-Goldwasser cryptosystem, making it
+behave chaotically, has finally been proposed.
In future work we plan to extend this research, building a parallel PRNG for clusters or
grid computing. Topological properties of the various proposed generators will be investigated,
