Paper 2024/1421
Provable Security of Linux-DRBG in the Seedless Robustness Model
Abstract
This paper studies the provable security of the deterministic random bit generator~(DRBG) utilized in Linux 6.4.8, marking the first analysis of Linux-DRBG from a provable security perspective since its substantial structural changes in Linux 4 and Linux 5.17. Specifically, we prove its security up to $O(\min\{2^{\frac{n}{2}},2^{\frac{\lambda}{2}}\})$ queries in the seedless robustness model, where $n$ is the output size of the internal primitives and $\lambda$ is the min-entropy of the entropy source. Our result implies $128$-bit security given $n=256$ and $\lambda=256$ for Linux-DRBG. We also present two distinguishing attacks using $O(2^{\frac{n}{2}})$ and $O (2^{\frac{\lambda}{2}})$ queries, respectively, proving the tightness of our security bound.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2024
- Keywords
- Deterministic random bit generatorLinux-DRBGSeedless robustnessProvable security
- Contact author(s)
-
hephaistus @ kaist ac kr
rlagnlrua4 @ gmail com
hicalf @ kaist ac kr
yeongmin lee @ desilo ai - History
- 2024-09-19: last of 2 revisions
- 2024-09-11: received
- See all versions
- Short URL
- https://ia.cr/2024/1421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1421,
author = {Woohyuk Chung and Hwigyeom Kim and Jooyoung Lee and Yeongmin Lee},
title = {Provable Security of Linux-{DRBG} in the Seedless Robustness Model},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1421},
year = {2024},
url = {https://eprint.iacr.org/2024/1421}
}