Thesis / Dissertation

Too Important to Leave to Chance: Pseudorandom Number Generator Standardization & Security

Shaanan Cohney, Nadia Heninger (ed.), Jonathan M Smith (ed.), Matthew Blaze (ed.)

Published : 2019


This dissertation addresses the security of pseudorandom number generators (PRGs), illustrating that flaws persist within key standards despite the purported effectiveness of standardization and certification processes. By evaluating three standardized designs and developing real-world attacks against each, I show how an adversary who is able to introduce flaws into a standard can compromise real implementations. Such' pre-supply chain operations '(PSYCHOs) are within the capabilities of state actors who, as I evidence, may have already incorporated similar attacks into their strategic portfolios.