A Distinguisher for RNGs with LFSR Post-processing.

Random number generator (RNG) is a fundamental element in modern cryptography. If the quality of the outputs generated by RNGs is not as well as expected, the cryptographic applications which use the random number service are vulnerable to security threats. In reality, the entropy source of RNGs could be impressible by the changes of environmental factors, resulting in defects in the generated data, such as poor statistical properties. Thus, RNG is generally designed with a preset post-processing module to improve the quality of the output sequences. Linear feedback shift register (LFSR) is one of the frequently used methods for post-processing thanks to the characteristic of simplicity and no reduction in output throughput. However, we point out that even if the statistical properties of the outputs of the entropy source are extremely poor, the sequences processed by LFSR can still pass the statistical test. This undoubtedly increases the security risks in the usage of RNGs. In this work, we propose a distinguisher for the RNGs with LFSR post-processing for the first time. The distinguisher can be used to detect the RNGs with LFSR post processing, and we theoretically prove the sequences before processing can be recovered. On this basis, we design a new statistical test via combining the distinguisher with the Frequency Test in the NIST test suite. The experimental results show that if the sequence is biased before being processed by LFSR, our proposed method can detect it, but the NIST SP 800-22 Test Suite cannot.