A Proposed Impregnable 256-Bit Hash Producer

Abstract

This paper proposes a robust 256-bit hash producer. The underlying motivation is to overcome security-related limitations of pseudo-random number generators embedded in Linux and Windows, which render these widely used operating systems vulnerable to security breaches. The proposed approach is called Hash Bits Producer-256 (HBP-256). It produces outputs that look like random to an adversary who is unaware of its internal state. In addition, it provides forward and backward security in case its internal state is known to an adversary at any particular time. HBP-256 offers such protection by providing the following capabilities. Firstly, output pseudo-randomness. This is ensured by: (1) seeding and reseeding HBP256 from three sources of entropy input, of which two are non-deterministic hardware sources; and (2) maintaining a high-level entropy input. Secondly, provide forward security. This is ensured by using two one-way irreversible functions: the Secure Hash Algorithm-256 (SHA-256) and SHA-512. Thirdly, provide backward security. This is ensured by: (1) maintaining cumulative entropy; (2) sustaining rapid refreshment rates for the entropy pools; and (3) preserving uniqueness of bits input to the SHA-512 at any particular time. Security analysis is conducted by exposing HBP-256 to external and internal attacks. Based on the security analysis, it is concluded that HBP-256's individual and collaborative defenses successfully address adversaries' attempts to compromise HBP-256 from outside as well as from within its boundary. HBP-256 meets the intended security requirements, and achieves its objective