From: guyeux Date: Mon, 11 Jun 2012 08:40:49 +0000 (+0200) Subject: Ajout d'une partie évaluation, à revoir. X-Git-Url: https://bilbo.iut-bm.univ-fcomte.fr/and/gitweb/prng_gpu.git/commitdiff_plain/860ecbe3a673a4ac258e24e6c0284a56e3427b6e?ds=inline Ajout d'une partie évaluation, à revoir. --- diff --git a/mabase.bib b/mabase.bib index 21fb105..15c282d 100644 --- a/mabase.bib +++ b/mabase.bib @@ -14,6 +14,23 @@ timestamp = {2009.06.29} } +@INPROCEEDINGS{Fischlin, + author = {Fischlin, R. and Schnorr, C. P.}, + title = {Stronger security proofs for RSA and rabin bits}, + booktitle = {Proceedings of the 16th annual international conference on Theory + and application of cryptographic techniques}, + year = {1997}, + series = {EUROCRYPT'97}, + pages = {267--279}, + address = {Berlin, Heidelberg}, + publisher = {Springer-Verlag}, + acmid = {1754569}, + isbn = {3-540-62975-0}, + location = {Konstanz, Germany}, + numpages = {13}, + url = {http://dl.acm.org/citation.cfm?id=1754542.1754569} +} + @INPROCEEDINGS{BattiatoCGG99, author = {Sebastiano Battiato and Dario Catalano and Giovanni Gallo and Rosario Gennaro}, diff --git a/prng_gpu.tex b/prng_gpu.tex index a57e2a0..34ec700 100644 --- a/prng_gpu.tex +++ b/prng_gpu.tex @@ -1389,6 +1389,40 @@ secure. +\begin{color}{red} +\subsection{Practical Security Evaluation} + +Suppose now that the PRNG will work during +$M=100$ time units, and that during this period, +an attacker can realize $10^{12}$ clock cycles. +We thus wonder whether, during the PRNG's +lifetime, the attacker can distinguish this +sequence from truly random one, with a probability +greater than $\varepsilon = 0.2$. +We consider that $N$ has 900 bits. + +The random process is the BBS generator, which +is cryptographically secure. More precisely, it +is $(T,\varepsilon)-$secure: no +$(T,\varepsilon)-$distinguishing attack can be +successfully realized on this PRNG, if~\cite{Fischlin} +$$ +T \leqslant \dfrac{L(N)}{6 N (log_2(N))\varepsilon^{-2}M^2}-2^7 N \varepsilon^{-2} M^2 log_2 (8 N \varepsilon^{-1}M) +$$ +where $M$ is the length of the output ($M=100$ in +our example), and $L(N)$ is equal to +$$ +2.8\times 10^{-3} exp \left(1.9229 \times (N ~ln(2)^\frac{1}{3}) \times ln(N~ln 2)^\frac{2}{3}\right) +$$ +is the number of clock cycles to factor a $N-$bit +integer. + +A direct numerical application shows that this attacker +cannot achieve its $(10^{12},0.2)$ distinguishing +attack in that context. + +\end{color} + \subsection{Toward a Cryptographically Secure and Chaotic Asymmetric Cryptosystem} \label{Blum-Goldwasser} We finish this research work by giving some thoughts about the use of @@ -1471,8 +1505,8 @@ namely the BigCrush. Furthermore, we have shown that when the inputted generator is cryptographically secure, then it is the case too for the PRNG we propose, thus leading to the possibility to develop fast and secure PRNGs using the GPU architecture. -An improvement of the Blum-Goldwasser cryptosystem, making it -behaves chaotically, has finally been proposed. +\begin{color}{red} An improvement of the Blum-Goldwasser cryptosystem, making it +behaves chaotically, has finally been proposed. \end{color} In future work we plan to extend this research, building a parallel PRNG for clusters or grid computing. Topological properties of the various proposed generators will be investigated,