article

HAVEGE: A user-level software heuristic for generating empirically strong random numbers

Authors:

Nicolas SendrierAuthors Info & Claims

ACM Transactions on Modeling and Computer Simulation (TOMACS), Volume 13, Issue 4

Pages 334 - 346

https://doi.org/10.1145/945511.945516

Published: 01 October 2003 Publication History

Abstract

Random numbers with high cryptographic quality are needed to enhance the security of cryptography applications. Software heuristics for generating empirically strong random number sequences rely on entropy gathering by measuring unpredictable external events. These generators only deliver a few bits per event. This limits them to being used as seeds for pseudorandom generators.General-purpose processors feature a large number of hardware mechanisms that aim to improve performance: caches, branch predictors, …. The state of these components is not architectural (i.e., the result of an ordinary application does not depend on it). It is also volatile and cannot be directly monitored by the user. On the other hand, every operating system interrupt modifies thousands of these binary volatile states.In this article, we present and analyze HAVEGE (HArdware Volatile Entropy Gathering and Expansion), a new user-level software heuristic to generate practically strong random numbers on general-purpose computers. The hardware clock cycle counter of the processor can be used to gather part of the entropy/uncertainty introduced by operating system interrupts in the internal states of the processor. Then, we show how this entropy gathering technique can be combined with pseudorandom number generation in HAVEGE. Since the internal state of HAVEGE includes thousands of internal volatile hardware states, it seems impossible even for the user itself to reproduce the generated sequences.

References

[1]

Chrysos, G. and Emer, J. 1998. Memory dependence prediction using store sets. In Proceedings of the 25th Annual International Symposium on Computer Architecture (ISCA-98). 142--154.]]

Digital Library

[2]

Davis, D., Ihaka, R., and Fenstermacher, P. 1994. Cryptographic randomness from air turbulence in disk drives. Lecture Notes in Computer Science, vol. 839, Springer-Verlag, New York, 114--120.]]

Digital Library

[3]

Diefendhorff, K. 1999a. Compaq chooses SMT for Alpha. Microproc. Rep. 13, 13, 3--8.]]

[4]

Diefendhorff, K. 1999b. Power4 focuses on memory bandwidth. Microproc. Rep. 13, 16, 1--6.]]

[5]

FIPS-140-2. 2001. Security requirements for cryptographic modules. Federal Information Processing Standard publication 140-2.]]

[6]

Jakobsson, M., Shriver, E., Hillyer, B., and Juels, A. 1998. A practical secure physical random bit generator. In Proceedings of the 5th ACM Conference on Computer and Communications Security (San Francisco, Calif., Nov.). ACM, New York, pp. 103--111.]]

Digital Library

[7]

Jun, B. and Kocher, P. 1999. The Intel random number generator. Cryptography Research, Inc., White Paper prepared for Intel Corporation.]]

[8]

Kelsey, J., Schneier, B., and Ferguson, N. 2000. Yarrow-160: Notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In Selected Areas in Cryptography, SAC'99, H. Heys and C. Adams, Eds. Lecture Notes in Computer Science, vol. 1758. Springer-Verlag, New York.]]

Digital Library

[9]

Kessler, R. E. 1999. The Alpha 21264 microprocessor. IEEE Micro 19, 2, 24--36.]]

Digital Library

[10]

L'Ecuyer, P. and Proulx, R. 1989. About polynomial-time unpredictable generators. In Proceedings of the 1989 Winter Simulation Conference. IEEE Press, Los Alamitos, Calif., 467--476.]]

Digital Library

[11]

Matsumoto, M. and Nishimura, T. 1998. Mersenne twister: A 623-dimensionally equidistributed uniform pseudorandom number generator. ACM Trans. Mod. Comput. Simul. 8, 1, 3--30.]]

Digital Library

[12]

Moshovos, A. and Sohi, G. S. 1997. Streamlining inter-operation memory communication via data dependence prediction. In Proceedings of the 30th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-97). ACM, New York, 235--247.]]

Digital Library

[13]

Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., and Vo, S. 2001. A statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards and Technology publication 800-22.]]

[14]

Seznec, A. and Sendrier, N. 2002. Hardware volatile entropy gathering and expansion: generating unpredictable random number at user level. Tech. Rep. 4592, INRIA.]]

[15]

Tullsen, D. M., Eggers, S. J., Emer, J. S., Levy, H. M., Lo, J. L., and Stamm, R. L. 1996. Exploiting choice : Instruction fetch and issue on an implementable simultaneous MultiThreading processor. In Proceedings of the 23rd Annual International Symposium on Computer Architecure. ACM, New York, 191--202.]]

Digital Library

Cited By

Almardeny YBenavoli ABoujnah NNaredo E(2023)A Reinforcement Learning System for Generating Instantaneous Quality Random SequencesIEEE Transactions on Artificial Intelligence10.1109/TAI.2022.31618934:3(402-415)Online publication date: Jun-2023
https://doi.org/10.1109/TAI.2022.3161893
Branca EAbazari FCarranza RStakhanova N(2021)Origin Attribution of RSA Public KeysSecurity and Privacy in Communication Networks10.1007/978-3-030-90019-9_19(374-396)Online publication date: 3-Nov-2021
https://doi.org/10.1007/978-3-030-90019-9_19
Vano-Garcia FMarco-Gisbert H(2020)E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud SystemsIEEE Access10.1109/ACCESS.2020.29844148(61872-61890)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2984414
Show More Cited By

Index Terms

HAVEGE: A user-level software heuristic for generating empirically strong random numbers

Recommendations

Bit-Wise Behavior of Random Number Generators

In 1985, G. Marsaglia proposed the m-tuple test, a runs test on bits, as a test of nonrandomness of a sequence of pseudorandom integers. We try this test on the outputs from a large set of pseudorandom number generators and discuss the behavior of the ...
Hyperchaotic system‐based pseudorandom number generator

Pseudorandom sequences are very important in the field of cryptography. The characteristics such as non‐linearity and random‐like behaviours make chaotic systems suited to generate pseudorandom sequences. However, most of chaos‐based pseudorandom number ...
An out-of-order superscalar processor on FPGA: the ReOrder buffer design
DATE '12: Proceedings of the Conference on Design, Automation and Test in Europe

Embedded systems based on FPGA (Field-Programmable Gate Arrays) must exhibit more performance for new applications. However, no high-performance superscalar soft processor is available on the FPGA, because the superscalar architecture is not suitable ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Modeling and Computer Simulation

ACM Transactions on Modeling and Computer Simulation Volume 13, Issue 4

October 2003

84 pages

ISSN:1049-3301

EISSN:1558-1195

DOI:10.1145/945511

Issue’s Table of Contents

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2003

Published in TOMACS Volume 13, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
748
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Almardeny YBenavoli ABoujnah NNaredo E(2023)A Reinforcement Learning System for Generating Instantaneous Quality Random SequencesIEEE Transactions on Artificial Intelligence10.1109/TAI.2022.31618934:3(402-415)Online publication date: Jun-2023
https://doi.org/10.1109/TAI.2022.3161893
Branca EAbazari FCarranza RStakhanova N(2021)Origin Attribution of RSA Public KeysSecurity and Privacy in Communication Networks10.1007/978-3-030-90019-9_19(374-396)Online publication date: 3-Nov-2021
https://doi.org/10.1007/978-3-030-90019-9_19
Vano-Garcia FMarco-Gisbert H(2020)E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud SystemsIEEE Access10.1109/ACCESS.2020.29844148(61872-61890)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2984414
Reshmi TR (2019)Survey on Autoconfiguration Schemes in IPV6 Based ManetsEnabling Technologies and Architectures for Next-Generation Networking Capabilities10.4018/978-1-5225-6023-4.ch010(214-231)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-6023-4.ch010
Eckroth J(2018)Teaching cybersecurity and Python programming in a 5-day summer campJournal of Computing Sciences in Colleges10.5555/3205191.320519633:6(29-39)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.5555/3205191.3205196
(2018)Enhanced identity privacy in UMTSInternational Journal of Ad Hoc and Ubiquitous Computing10.1504/IJAHUC.2018.09332928:4(203-219)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJAHUC.2018.093329
Antoniadis KBlanchard PGuerraoui RStainer J(2018)The entropy of a distributed computation random number generation from memory interleavingDistributed Computing10.1007/s00446-017-0311-531:5(389-417)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s00446-017-0311-5
Rolland R(2015)Randomness in CryptographyComputation, Cryptography, and Network Security10.1007/978-3-319-18275-9_20(451-459)Online publication date: 2015
https://doi.org/10.1007/978-3-319-18275-9_20
Lee GPyo C(2014)GPUs as high-performance random sourcesElectronics Letters10.1049/el.2013.404750:8(602-604)Online publication date: 10-Apr-2014
https://doi.org/10.1049/el.2013.4047
Mahé EChauvet J(2014)Secrets from the GPUJournal of Computer Virology and Hacking Techniques10.1007/s11416-014-0202-210:3(205-210)Online publication date: 28-Jan-2014
https://doi.org/10.1007/s11416-014-0202-2
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents