Top

Published in:

2018 | OriginalPaper | Chapter

The New Randomness Beacon Format Standard: An Exercise in Limiting the Power of a Trusted Third Party

Author : John Kelsey

Published in: Security Standardisation Research

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We discuss the development of a new format for beacons–servers which provide a sequence of digitally signed and hash-chained public random numbers on a fixed schedule. Users of beacons rely on the trustworthiness of the beacon operators. We consider several possible attacks on the users by the beacon operators, and discuss defenses against those attacks that have been incorporated into the new beacon format. We then analyze and quantify the effectiveness of those defenses.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Great Expectations: A Critique of Current Approaches to Random Number Generation Testing & Certification

There are other ways to get public random numbers. Many also depend on some trusted third party; others introduce other practical problems–ambiguity about correct values, lack of a fixed schedule, etc. Overall, we believe beacons are the best way to get practical public randomness for real-world applications.

The localRandomValue is the locally-produced random value, but the actual random value of the pulse is outputValue–this is what almost any application should use, as discussed below.

It’s possible for a beacon to suffer an outage, during which scheduled pulses are not produced. Gaps in a sequence of pulses are reflected in the statusCode of the first pulse produced immediately following an outage.

The use of brand or company names does not imply any endorsement on the part of NIST; they are included only to clearly explain how the NIST beacon operates at present.

While these are not the only possible ways for a beacon to misbehave, they are the ways that undermine the security guarantees of a beacon service.

There must be some lag time between when the random value is generated and when the pulse is output, since the beacon engine must sign its pulse, compute outputValue, and propagate the pulse to the frontend.

That system is doing password cracking attacks. Trying to control some bits of the output of the beacon is very similar to password cracking.

This might be an outsider who has compromised the beacon engine, or an insider with access to the engine but not the HSM or RSA keys.

A skiplist [3] is a data structure for efficiently accessing and maintaining sorted records; the data structure in this section is a cryptographic one using a hash function, which is based loosely on the original skiplist. A hash skiplist bears the same relationship to a skiplist as a Merkle tree does to an ordinary binary tree.

8x Nvidia GTX 1080 Hashcat Benchmarks. Accessed 09 July 2018

Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, 21–24 March 2016, pp. 292–302 (2016). https://doi.org/10.1109/EuroSP.2016.31

Black, P.E.: Skip List. Dictionary of Algorithms and Data Structures. [online], Pieterse, V., Black, P.E. (eds.) https://xlinux.nist.gov/dads/HTML/skiplist.html. Accessed 17 Nov 2017

Cooper, D., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. In: RFC 5280, pp. 1–151 (2008). https://doi.org/10.17487/RFC5280

Laurie, B., Langley, A., Käsper, E.: Certificate transparency. In: RFC 6962, pp. 1–27 (2013). https://doi.org/10.17487/RFC6962

Mell, P., Kelsey, J., Shook, J.M.: Cryptocurrency smart contracts for distributed consensus of public randomness. In: Stabilization, Safety, and Security of Distributed Systems - 19th International Symposium, SSS 2017, Boston, MA, USA, 5–8 November 2017, pp. 410–425 (2017). https://doi.org/10.1007/978-3-319-69084-1_31

Newman, C., Klyne, G.: Date and Time on the Internet: Timestamps. RFC 3339, July 2002. https://doi.org/10.17487/RFC3339. https://rfc-editor.org/rfc/rfc3339.txt

NIST Randomness Beacon (2018). https://www.nist.gov/programs-projects/nist-randomness-beacon. Accessed 09 July 2018

Percival, C., Josefsson, S.: The scrypt password-based key derivation function. In: RFC 7914, pp. 1–16 (2016). https://doi.org/10.17487/RFC7914

10.

Powerball. https://www.powerball.com/games/home. Accessed 19 Sep 2018

11.

Rabin, M.O.: Transaction protection by beacons. J. Comput. Syst. Sci. 27(2), 256–267 (1983). https://doi.org/10.1016/0022-0000(83)90042-9MathSciNetCrossRefMATH

12.

Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. Technical report Cambridge, MA, USA (1996)

13.

Schelling, T.C.: The Strategy of Conflict. Oxford University Press, Oxford (1960)MATH

14.

National Institute of Standards and Technology. FIPS 180–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180–4. Technical report. Department of Commerce (2015). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

15.

National Institute of Standards and Technology. FIPS 186–4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 186–4 Digital Signature Standard (DSS. Technical report Department of Commerce (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

16.

Szabo, N.: Trusted Third Parties are Security Holes (2001). Accessed 09 July 2018

17.

Wikipedia contributors. Dow Jones Industrial Average—Wikipedia, The Free Encyclopedia (2018). https://en.wikipedia.org/w/index.php?title=Dow_Jones_Industrial_Average&oldid=860019957. Accessed 19 Sep 2018

Title: The New Randomness Beacon Format Standard: An Exercise in Limiting the Power of a Trusted Third Party
Author: John Kelsey
Publisher: Springer International Publishing
Book: Security Standardisation Research
Print ISBN: 978-3-030-04761-0

Electronic ISBN: 978-3-030-04762-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-030-04762-7_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner