How to build a random number sensor with human participation?
An approach is proposed to construct a biological random number sensor, that is, a sensor generating a random sequence by implementing random tests based on the random nature of the repeated interaction of a person with a personal computational tool. The approach is based on the calculation of a number of variables related to the user's random response to a pseudo-random process displayed on the screen of a personal or tablet computer.
Relevance for cryptographic applications issues related to the generation of random sequences (SP), due to their use in cryptographic systems for generating key and auxiliary information. The concept of chance itself has philosophical roots, which indicates its complexity. In mathematics, there are various approaches to the definition of the term "randomness", their review is given, for example, in our article "Accidents are not random?" . Information about the known approaches to the definition of "randomness" is systematized in table 1.
Table 1. Approaches to the definition of randomness
When studying the synthesis of a biological random number sensor (hereinafter - BioCHR), it is advisable to take into account the following condition: a sequence is considered random if the randomness of a physical source is proved, in particular, the source is locally stationary and generates a sequence with specified characteristics. Such an approach to the definition of randomness is relevant in the construction of BioHDH, it can be conventionally called "physical". The fulfillment of the conditions determines the suitability of the sequence for use in cryptographic applications.
There are various options for generating random numbers on a computer, involving the use of meaningful and meaningless user actions as a source of randomness. Such actions include, for example, pressing keys on the keyboard, moving or clicking with the mouse, etc. The entropy is a measure of the randomness of the generated sequence. The disadvantage of many well-known approaches is the difficulty of estimating the amount of entropy obtained. The approaches associated with measuring the characteristics of human non-meaningful movements make it possible to obtain a relatively small fraction of random bits per unit of time, which imposes certain restrictions on the use of generated sequences in cryptographic applications.
Consider the generation of joint ventures using meaningful reactions of the user to some rather complex pseudo-random process. Namely: at random times, the values of a certain set of variables varying in time are measured. Then the random values of the process values are represented as a random sequence of bits. The features of the cryptographic application and the operating environment identified a number of requirements for BioHD:
')
We describe the construction principle of a single BioHDF class. The working area is the area located in the center of the screen of the personal or tablet computer and occupying most of the screen in order to provide the user with a convenient visual analysis of the pseudo-random process. In the center of the workspace at the time of mouse clicks (in the case of a tablet — finger presses), N geometric figures are sequentially generated, which begin a rectilinear movement in different directions. When colliding, the figures are reflected from each other and from the borders of the working area, often changing the direction of movement and simulating the generally chaotic process of movement on the working area.
As geometric shapes, for example, you can use circles that move like projections of balls on a billiard table. Figure 1 shows the trajectories of the movement of the centers of circles within the working area.
Figure 1. The trajectories of the movement of the centers of circles within the working area
The task of the user is to generate a certain number of random bits. After the last figure appears in the work area, the user must quickly remove all N moving figures by clicking in an arbitrary sequence into the area of each figure with the mouse (in the case of the tablet, by clicking with the finger). The session of generating a certain number of bits of the joint venture ends after the removal of all the figures. If the number of bits generated in one session is not enough, the session is repeated as many times as necessary to generate the required number of bits.
SP generation is performed by measuring a number of characteristics of the described pseudo-random process at random points in time, determined by the user's reaction. At the moment the circle enters the area of the figure (a successful click or finger pressure), a number of process characteristics, the so-called sources of entropy, are measured. The bit generation rate is the higher, the more independent characteristics are measured. The measured values are converted to binary representation, the elements of which are then filtered when included in the resulting bit sequence. Independence of measured characteristics means unpredictability of the value of each characteristic based on known values of other characteristics.
In order to determine the parameters of the priority implementation of the BioHR, various executors of the order of 10 4 sessions were conducted by different performers. The implemented experiments allowed to determine the areas of suitable values for the parameters of the BioHDF model: the size of the working area, the number, size and speed of movement of the figures, etc.
When analyzing the results of the BioHR, the following assumptions were made:
Estimation of confidence intervals for the values of the calculated values of the process corresponds to a significance level of 0.05. To recognize the uniform distribution of characters of the received sample (after reduction to binary form), the chi-square agreement criterion with a uniform distribution was applied.
The number of bits obtained from the values of the measured values of the process (sources of entropy) was determined empirically based on the analysis of the information entropy of the values of a number of process characteristics. It is empirically found that successful hit in the area of the figure allows to get about 30 bits of a random sequence. Therefore, to generate the key and the initialization vector of the algorithm GOST 28147-89 in 1-2 sessions of BioHDH operation, it is enough to use 10-12 figures.
Directions for improving the characteristics of biological generators should be associated both with the optimization of the considered approach and with the study of other approaches to the construction of BioHRF.
Introduction
Relevance for cryptographic applications issues related to the generation of random sequences (SP), due to their use in cryptographic systems for generating key and auxiliary information. The concept of chance itself has philosophical roots, which indicates its complexity. In mathematics, there are various approaches to the definition of the term "randomness", their review is given, for example, in our article "Accidents are not random?" . Information about the known approaches to the definition of "randomness" is systematized in table 1.
Table 1. Approaches to the definition of randomness
| Approach name | The authors | The essence of the approach |
| Frequency | von Mises, Church, Kolmogorov, Loveland | In the joint venture, the frequency of occurrence of elements should be observed. For example, the signs 0 and 1 must occur independently and with equal probabilities not only in the binary SP, but also in any subsequence chosen randomly and independently of the initial generation conditions. |
| Difficult | Kolmogorov, Chaitin (Chaitin) | Any description of the implementation of the joint venture can not be significantly shorter than this implementation. That is, the joint venture must have a complex structure, and the entropy of its initial elements must be large. A sequence is random if its algorithmic complexity is close to the length of the sequence. |
| Quantitative | Martin-Lof | The partitioning of the probabilistic space of sequences into non-random and random, that is, into sequences “not passing” and “passing” a set of specific tests designed to identify patterns. |
| Cryptographic | Modern approach | A sequence is considered random if the computational complexity of finding patterns is not less than a given value. |
When studying the synthesis of a biological random number sensor (hereinafter - BioCHR), it is advisable to take into account the following condition: a sequence is considered random if the randomness of a physical source is proved, in particular, the source is locally stationary and generates a sequence with specified characteristics. Such an approach to the definition of randomness is relevant in the construction of BioHDH, it can be conventionally called "physical". The fulfillment of the conditions determines the suitability of the sequence for use in cryptographic applications.
Approach to building BioHDF
There are various options for generating random numbers on a computer, involving the use of meaningful and meaningless user actions as a source of randomness. Such actions include, for example, pressing keys on the keyboard, moving or clicking with the mouse, etc. The entropy is a measure of the randomness of the generated sequence. The disadvantage of many well-known approaches is the difficulty of estimating the amount of entropy obtained. The approaches associated with measuring the characteristics of human non-meaningful movements make it possible to obtain a relatively small fraction of random bits per unit of time, which imposes certain restrictions on the use of generated sequences in cryptographic applications.
Consider the generation of joint ventures using meaningful reactions of the user to some rather complex pseudo-random process. Namely: at random times, the values of a certain set of variables varying in time are measured. Then the random values of the process values are represented as a random sequence of bits. The features of the cryptographic application and the operating environment identified a number of requirements for BioHD:
')
- The generated sequences should be close in statistical characteristics to ideal random sequences, in particular, for a binary sequence, the probability p of the sign “1” or “0” should be close to 1/2, that is, the deviation b of probability from 1/2 should not exceed some fixed value of b0, close to zero, for example, | p-1/2 | = b≤b0, where b0≤10 -2 .
- During the implementation of the process by the average user, the generation rate should be at least 10 bit / s.
- The duration of an average user generation of 320 bits (which correspond to the sum of key length (256 bits) and sync sending length (64 bits) in the GOST 28147-89 algorithm) should not exceed 30 seconds.
- User experience with the BioHDB program.
We describe the construction principle of a single BioHDF class. The working area is the area located in the center of the screen of the personal or tablet computer and occupying most of the screen in order to provide the user with a convenient visual analysis of the pseudo-random process. In the center of the workspace at the time of mouse clicks (in the case of a tablet — finger presses), N geometric figures are sequentially generated, which begin a rectilinear movement in different directions. When colliding, the figures are reflected from each other and from the borders of the working area, often changing the direction of movement and simulating the generally chaotic process of movement on the working area.
As geometric shapes, for example, you can use circles that move like projections of balls on a billiard table. Figure 1 shows the trajectories of the movement of the centers of circles within the working area.
Figure 1. The trajectories of the movement of the centers of circles within the working area
The task of the user is to generate a certain number of random bits. After the last figure appears in the work area, the user must quickly remove all N moving figures by clicking in an arbitrary sequence into the area of each figure with the mouse (in the case of the tablet, by clicking with the finger). The session of generating a certain number of bits of the joint venture ends after the removal of all the figures. If the number of bits generated in one session is not enough, the session is repeated as many times as necessary to generate the required number of bits.
SP generation is performed by measuring a number of characteristics of the described pseudo-random process at random points in time, determined by the user's reaction. At the moment the circle enters the area of the figure (a successful click or finger pressure), a number of process characteristics, the so-called sources of entropy, are measured. The bit generation rate is the higher, the more independent characteristics are measured. The measured values are converted to binary representation, the elements of which are then filtered when included in the resulting bit sequence. Independence of measured characteristics means unpredictability of the value of each characteristic based on known values of other characteristics.
Experimental results
In order to determine the parameters of the priority implementation of the BioHR, various executors of the order of 10 4 sessions were conducted by different performers. The implemented experiments allowed to determine the areas of suitable values for the parameters of the BioHDF model: the size of the working area, the number, size and speed of movement of the figures, etc.
When analyzing the results of the BioHR, the following assumptions were made:
- logged events are independent in time, that is, the user's reaction to the process observed on the screen is difficult to replicate with high accuracy both to the other user and the user himself;
- the sources of entropy are independent, that is, it is impossible to predict the values of any characteristic based on the known values of other characteristics;
- the quality of the output sequence should be assessed taking into account known approaches to the definition of randomness (Table 1), as well as the “physical” approach.
Estimation of confidence intervals for the values of the calculated values of the process corresponds to a significance level of 0.05. To recognize the uniform distribution of characters of the received sample (after reduction to binary form), the chi-square agreement criterion with a uniform distribution was applied.
The number of bits obtained from the values of the measured values of the process (sources of entropy) was determined empirically based on the analysis of the information entropy of the values of a number of process characteristics. It is empirically found that successful hit in the area of the figure allows to get about 30 bits of a random sequence. Therefore, to generate the key and the initialization vector of the algorithm GOST 28147-89 in 1-2 sessions of BioHDH operation, it is enough to use 10-12 figures.
Directions for improving the characteristics of biological generators should be associated both with the optimization of the considered approach and with the study of other approaches to the construction of BioHRF.
Source: https://habr.com/ru/post/303698/
All Articles