public class NonBlockingCSPRNG
extends RandomSource
Non-blocking cryptographically secure pseudo random number generator (CSPRNG) for applications
where the system is mostly idle, and the call time of nextBytes() is truly random. The former
condition (idle) causes SecureRandom to block due to lack of entropy from operating system
events. This is mitigated by managing entropy collection within the application according to
use cases. For contact tracing applications, system uptime is truly unpredictable because the
attacker cannot know when the app first started, or restarted. Furthermore, the elapsed time
between requests for random data (to generate the pseudo device address) is also truly
unpredictable because it depends on the state of the currently registered devices in the
BLEDatabase, and also the proximity and processing speed of devices in the user environment.
Finally, for additional assurance, entropy can also be gathered from the mac addresses of
encountered devices, where the majority of, if not all, addresses should have been generated
from their own SecureRandom source.
As an overview, this CSPRNG is based on:
- Random seed derived from entropy gathered from truly random events
- Deterministic PRNG offering uniform distribution of random values given the initial seed
- Crytographic hash function for separating random values from the random seed
The expectation is that it will be possible to identify a random seed that yielded an individual
observation, and also a seed that yielded consecutive values using brute force methods. However,
this is intentional as the design aims to ensure observations are associated with most candidate
seeds (2^61 out of 2^64). This deliberate strategy makes an attack unattractive due to the level
of uncertainty. The ability to rapidly find one of the seeds is evidence to show the attacker
that little information has been gained for exploitation, as the identified seed is just one of
many candidates. Running the process for a long period will show there are multiple seeds that
can yield the observations.