# PA193 Seminar 07 - RNGs
This notebook contains code for several tasks treated in this seminar. The goal is to construct as secure RNG as possible with the available resources. 

## Task 0: LCG
Implement simple LCG generator that returns python `list` of the size `numbers` with values generated by LCG defined by parameters $a,b,m$ and the formula $s_{i+1} = a*s_i+b \pmod m$.

In [2]:
def LCG(s=0, a=1664525, b=1013904223, m=2**32, numbers=1):
    return res

## Task 1: Find the best parameters of LCG 
Use LCG generator with fixed $m = 256$. Try several combinations of **a,b** parameters and find the best values of a,b. 
- What does it means the best parameters? 
- What is the maximal length of the sequence?

In [2]:
a, b = 0, 0
LCG()

[1013904223]

## Task 2: Forward/backward predictability 
Attacker knows that LCG generated number $s_i$.
 - How he can compute/find the next value $s_{i+1}$? 
 - How he can compute/find the previous random value $s_{i-1}$?

 1. For   $s_{i}=123$ find the previous $s_{i-1}$ and next value $s_{i+1}$ of the LCG generator. 
  - Can we compute  $s_{i+1}, s_{i-1}$ same way for very large $m=2^{128} = 340282366920938463463374607431768211456$? 
 
 2. Find  $s_{i+1}, s_{i-1}$ for $s_i = 21$ and parameters $a, b, m = 7, 5, 2^{128}$
    - HINT: You can use python to compute inverse i.e. `pow(2, -1, 5)` is inverse of `2 mod 5` .

In [1]:
si = 123
prev_si = 1
next_si = 2
print(prev_si, next_si)

1 2


3

## Task 3: RNG improvements - hash function
 - Use hash function `hash_int2int` and improve the generator, the output of the generator should be again **one byte** long! 
 - Hash function can be used to protect: 
  - next or,
  - previous values,
  - or both?
 - Check the length of the sequence that is produced by the improved generator! 
   - If is not close to the maximal (as in TASK 1) change the design!

In [3]:
import hashlib
def hash_int2int(i):
    obj = hashlib.md5(bytes(i))
    h = obj.digest()
    h_int = int.from_bytes(h, "big")
    return h_int

hash_int2int(0)

def LCG_with_hash(s=0, a=1664525, b=1013904223, m=2**32, numbers=1):
    res = []
    for i in range(numbers):
        res.append(s)
    return res

## Task 4: entropy
 - The function `time_resolution` produces certain amount of entropy per call. 
 - "Analyse" (just print out several values) amount of entropy for two different resolutions `time_resolution(nano=False)` and `time_resolution(nano=False)`.   
 - Pick better options (`nano=False` or `nano=True`) and guess corresponding amount of entropy `time_resolution` it produces per call. 
 - Implement function`entropy` that will produce required bits (`req_bits`) of entropy per call.
 - What is the appropriate way how to combine more values together? 
  - Can we use XOR (bitwise operator: ^) to combine random values? 
  - Or we should use hash function? 
  - What are pros and cons of XOR and hash?

In [6]:
from datetime import datetime
import time

def time_resolution(nano=False):
    if nano:
        dt = time.time_ns()
    else:
        dt = datetime.now().microsecond
    return dt

def entropy(req_bits):
    pass

## Task 5: RNG improvements - entropy
 - Use function `entropy` and improve the generator `LCG_with_hash`, the output of the generator should be again **one byte** long! 
  - What is the appropriate value of `req_bits` and how to add the entropy to the state? 
  - How often you should add antropy to the RNG internal state?

In [None]:
#modify the function
def LCG_with_hash_and_entropy(s=0, a=1664525, b=1013904223, m=2**32, numbers=1):
    res = []
    for i in range(numbers):
        res.append(s)
    return res
    

## Task 6: linux dev/urandom
On your computer: 
- Read 100 bytes from the `dev/random` and `dev/urandom`. 
- Which of the files blocks you? 
- Check how fast the system collects the entropy. Use `for` loop and generate one random byte in each iteration and print the time in seconds. 

In [3]:
with open("/dev/random", 'rb') as f:
    print (repr(f.read(10)))

b'\xdd\xabc<)b\x9d\xebt\xd0'


## Task 7: linux dev/urandom - system
On your computer:
 - Check the values related to the entropy pool using `more /proc/sys/kernel/random`

## BONUS Task: ANSI X9.31
 - Use `/dev/random` and hash function and implement ANSI X9.31 generator (slide 22 of the lecture). The standard describes generator that uses AES and key but we will use hash function `hash_md5` and key instead.

In [4]:
def hash_md5(m):
    obj = hashlib.md5(m)
    h = obj.digest()
    return h