A Forkcipher-Based Pseudo-Random Number Generator

Good randomness is needed for most cryptographic applications. In practice pseudo-random number generators (PRNGs) are employed. $$\texttt {CTR\_DRBG}$$ is a popular choice and among the recommended PRNGs by NIST. It is defined for use with primitives like AES or TDEA, which are not always suited for lightweight applications. In this work we propose $$\texttt{FCRNG}$$ , a new PRNG, similar to $$\texttt {CTR\_DRBG}$$ , that is optimized for the lightweight setting (e.g. the Internet of Things). Our $$\texttt{FCRNG}$$ construction utilizes the expanding and tweakable forkcipher primitive instantiated with $$\textsf{ForkSkinny}$$ , which was introduced by Andreeva et al. at ASIACRYPT 2019. $$\texttt{FCRNG}$$ employs internally a forkcipher-based counter-style mode $$\mathsf {\texttt {FCTR}}$$ . We propose two $$\mathsf {\texttt {FCTR}}$$ variants: $$\texttt {FCTR\hbox {-}c}$$ for optimized speed and $$\texttt {FCTR\hbox {-}T}$$ for optimized security. We then show that $$\texttt{FCRNG}$$ with $$\textsf{ForkSkinny}$$ can be 33% faster than $$\texttt {CTR\_DRBG}$$ when instantiated with the AES blockcipher. $$\texttt{FCRNG}$$ achieves also a better security bound in the robustness security game - first introduced by Dodis et al. at CCS’13 and now the standard security goal for PRNGs. Contrary to the CRYPTO 2020 security bound by Hoang and Shen established for $$\texttt {CTR\_DRBG}$$ , the security of our construction with $$\texttt {FCTR\hbox {-}T}$$ does not degrade with the length of the random inputs, nor the amount of requested output pseudorandom bits. $$\texttt{FCRNG}$$ passes all tests of the NIST test suite for pseudorandom number generators.