Mai Ƙirƙirar Kalmar Sirri Mai Tsaro Wanda Ya Dogara da Mai Ƙirƙirar Lambobi Na Ƙarya (PRNG)

1. Gabatarwa

Wannan binciken yana magance matsalar ci gaba da bayyana kalmomin sirri da haɗarin fallasa bayanan sirri da ke biyo baya. Duk da cewa tsaron gidan yanar gizo wani abu ne, amma ƙarfin ainihin kalmar sirri ita ce mafi mahimmanci. Raunin da aka saba da shi ya haɗa da kalmomin sirri da suka dogara da kalmomin mahimmanci, jimloli shahararrun, bayanan mai amfani, da sake amfani da kalmar sirri. Haɓakar AI da manyan harsunan harshe suna ƙara ƙarfafa maharan su yi tsammanin kalmomin sirri da kyau.

Don haka, wannan takarda tana ba da shawarar mai ƙirƙirar kalmar sirri mai tsaro wanda aka gina shi akan Mai Ƙirƙirar Lambobi Na Ƙarya (PRNG) mai tsaro. Ainihin PRNG an gina shi ta amfani da hanyoyin sirri kamar HMAC, CMAC, ko KMAC don ƙirƙirar lambobi na bazuwar masu inganci, waɗanda ake amfani da su don ƙirƙirar kalmomin sirri. Tsarin yana ba da damar zaɓin shigarwar mai amfani (Saƙon Da Zai Zama Hash, TBHM) don shuka tsarin. Babban gudunmawar su ne:

Gina PRNG masu tsaro dangane da HMAC, CMAC, da KMAC.
Binciken tsaro na kalmomin sirri da aka ƙirƙira a ƙarƙashin saiti na haruffa daban-daban da tsayi, kwatanta ƙarfinsu da AES-128 da AES-256.
Tabbatar da bazuwar ta hanyar gwaji ta amfani da NIST SP 800-90B, tare da mai da hankali kan gwajin Entropy da Gwajin Masu Zaman Kansu da Rarraba Irin Su (IID).

2. Bita na Adabi

2.1. Mai Ƙirƙirar Lambobi Na Ƙarya Wanda Ya Dogara da Mai Ƙirƙirar Haɗin Layi

Harsunan shirye-shirye na yau da kullun (C, Java) suna amfani da Masu Ƙirƙirar Haɗin Layi (LCG). Idan aka ba da iri $k$, ana ƙirƙira jerin kamar haka: $f_0(k) \equiv a \oplus k \ (\text{mod} \ m)$ da $f_i(k) \equiv a \times f_{i-1}(k) + c \ (\text{mod} \ m)$. Wannan hanyar ba ta da tsaro saboda ana iya juyar da yanayin: $f_{i-1}(k) \equiv (f_i(k) - c) \times a^{-1} \ (\text{mod} \ m)$, yana fallasa iri da duk jerin.

2.2. Mai Ƙirƙirar Lambobi Na Ƙarya Mai Tsaro

PRNG masu tsaro sun dogara ne akan hanyoyin sirri kamar yadda aka zayyana a cikin NIST SP 800-108 Rev. 1.

2.2.1. Dangane da HMAC

Tsaro ya dogara da kaddarorin hanyar hash guda ɗaya (misali, SHA2, SHA3). Don maɓalli $k$ da saƙo $M$, ana ƙididdige HMAC kamar haka: $r_{hmac}(k, M) = h((k \oplus opad) \ || \ h((k \oplus ipad) \ || \ M))$. Don ƙirƙirar raƙuman ragi na tsayi $L$, ana amfani da yanayin ƙidaya: $M_i = i \ || \ \text{KDF} \ || \ 0x00 \ || \ M \ || \ L$, yana samar da fitarwa $r_{hmac,i}$.

2.2.2. Dangane da CMAC

Tsaro ya dogara da cipher block na AES a yanayin CBC. Ana raba saƙon $M$ zuwa tubalan $M'_1, M'_2, ...$. Tsarin yana maimaitawa: $c_{i+1} = AES(k, c_i \oplus M'_{i+1})$ tare da $c_0 = Pad0(0)$. Fitowar ƙarshe $r_{cmac}$ ana samun ta daga block cipher na ƙarshe bayan takaitaccen padding (Pad1).

2.2.3. Dangane da KMAC

Yana amfani da aikin soso na KECCAK (tushen SHA-3), yana ba da aikin MAC mai sassauƙa da ƙarfi wanda ya dace don ƙirƙirar ragi na bazuwar da aka ƙaddara.

2.3. Hanyoyin Tabbatar da Bazuwar

Takarda ta ɗauki tsarin NIST SP 800-90B, wanda shine ainihin ma'auni don tabbatar da tushen entropy. Ya haɗa da rukunin tabbatarwa guda biyu masu mahimmanci:

Kima na Entropy: Yana kimanta adadin ƙarancin entropy a cikin raƙuman ragi da aka ƙirƙira, yana nuna rashin iya tsinkaya.
Gwajin IID (Masu Zaman Kansu da Rarraba Irin Su): Rukunin gwaje-gwajen ƙididdiga (misali, Chi-Square, Kolmogorov-Smirnov) don tantance ko ragi na fitarwa suna zaman kansu kuma suna bin rarraba iri ɗaya.

3. Mai Ƙirƙirar Kalmar Sirri Mai Tsaro da Aka Tsara

Tsarin tsarin da aka tsara yana da sauƙi amma yana da ƙarfi:

Shigarwa/Iri: Yana karɓar TBHM da mai amfani ya bayar na zaɓi. Idan an bayar, ana sarrafa shi; in ba haka ba, ana amfani da irin tsaro da tsarin ya ƙirƙira.
Ainihin PRNG Mai Tsaro: Ana ciyar da TBHM/iri ɗaya cikin ɗaya daga cikin gine-ginen PRNG na sirri guda uku (na tushen HMAC, na tushen CMAC, na tushen KMAC) don ƙirƙirar jerin ragi na ƙarya mai ƙarfi na sirri.
Gina Kalmar Sirri: Ana sanya ragi na bazuwar akan saitin haruffa da mai amfani ya ayyana ko tsarin ya ayyana (misali, lambobi da haruffa + alamomi) don samar da kalmar sirri mai tsayin da ake so.

Binciken Tsaro: Takarda tana jayayya cewa tsaron kalmar sirri da aka ƙirƙira ya dogara kai tsaye akan entropy na fitarwar PRNG da girman saitin haruffa. Tana yin nazarin kwatance, yana nuna cewa kalmar sirri mai haruffa 16 daga saitin haruffa 94 da wannan hanyar ta ƙirƙira na iya ba da juriya ga ƙarfin ƙarfi kwatankwacin ko fiye da na maɓallan AES-128 ko AES-256, idan aka ɗauka cewa fitarwar PRNG ta kasance bazuwar gaske.

4. Sakamakon Gwaji da Bincike

Tabbacin gwaji shine babban ƙarfin takarda.

Tabbacin Entropy: Jerin bazuwar da aka ƙirƙira daga dukkan nau'ikan PRNG guda uku (HMAC-SHA256, CMAC-AES256, KMAC256) sun wuce ƙimar entropy na NIST SP 800-90B, suna nuna babban ƙarancin entropy kusa da madaidaicin ragi 1 a kowace fitarwa.
Tabbacin IID: Jerin sun kuma wuce gwajin IID, suna tabbatar da cewa ragi suna zaman kansu kuma an rarraba su iri ɗaya, ba tare da ganuwar tsari ko son zuciya ba.
Aiki: Duk da yake ba shine babban abin da aka fi mayar da hankali ba, takarda ta lura da ingancin lissafi. HMAC-SHA256 da KMAC256 sun nuna saurin kwatankwacin, yayin da CMAC-AES256 ya ɗan yi jinkiri saboda ayyukan cipher block, amma duk sun kasance cikin iyakokin aiki don ƙirƙirar kalmar sirri.

Bayanin Chati (An fahimta): Chati na sandar zai yi tasiri sosai don kwatanta ƙididdigar ƙarancin entropy (a cikin ragi a kowace ragi) don hanyoyin PRNG guda uku daidai da ƙimar daidaitaccen 1.0. Duk sanduna za su kasance kusa da 1.0. Chati na biyu zai iya nuna ƙimar p daga manyan gwaje-gwajen IID (misali, Chi-Square, Kolmogorov-Smirnov), tare da duk ƙimomin da suka fi yawan mahimmancin mahimmancin (misali, 0.01), suna nuna wucewa.

5. Ƙarshe da Ayyukan Gaba

Binciken ya yi nasara wajen nuna tsarin ƙirƙirar kalmar sirri mai tsaro dangane da PRNG na sirri. Hanyoyin da aka tsara suna ƙirƙirar kalmomin sirri tare da isasshen bazuwar, kamar yadda ma'auni na NIST suka tabbatar da ƙarfi. Hanyoyin aiki na gaba sun haɗa da:

Haɗa mai ƙirƙira cikin ƙari na burauza ko manajoji na kalmar sirri.
Bincika algorithms na sirri bayan-quantum (misali, dangane da lattices, hashes) a matsayin tushen PRNG don tabbatar da tsaro na dogon lokaci.
Haɓaka hujjar tsaro na yau da kullun a ƙarƙashin daidaitattun ƙirar sirri.

6. Bincike Na Asali & Fahimtar Kwararru

Fahimtar Ainihi: Wannan takarda ba game da ƙirƙirar sabon farkon sirri ba ne; yana game da aikace-aikace da tabbatarwa na waɗanda suka wanzu, waɗanda aka tantance (HMAC, CMAC, KMAC) don magance matsalar ƙirƙirar kalmar sirri ta yau da kullun amma mai mahimmanci. Ainihin ƙimarsa yana cikin haɗa gibin tsakanin ilimin sirri na ka'ida da tsaftar tsaro na aiki, yana tabbatar da cewa fitarwarsa ya dace da manufa ta amfani da madaidaicin gwajin NIST.

Kwararar Ma'ana: Hujjar tana da inganci: 1) LCG na yau da kullun sun karye ta hanyar sirri. 2) PRNG masu tsaro da aka gina daga MAC na sirri suna da ƙarfi. 3) Don haka, kalmomin sirri da aka samo daga irin waɗannan PRNG sun gaji wannan ƙarfin. 4) An tabbatar da wannan da'awar ba kawai ta hanyar ka'ida ba, amma ta hanyar wucewa gwaje-gwaje masu tsauri (NIST SP 800-90B). Wannan tabbatarwa ta ƙarshe shine abin da yawancin kayan aikin "mai ƙirƙirar kalmar sirri mai tsaro" suka rasa.

Ƙarfi & Kurakurai:
Ƙarfi: Ƙaƙƙarfan hanyar yana da yabo. Yin amfani da NIST SP 800-90B don tabbatarwa nan da nan ya ɗaukaka amincinsa, kamar yadda ake tabbatar da algorithms na sirri ta hanyar CAVP (Shirin Tabbatar da Algorithm na Sirri). Kwatanta da ƙarfin maɓalli na AES ma'auni ne mai amfani, mai alaƙa ga ƙungiyoyin tsaro.
Kurakurai: Takarda tana aiki a cikin yanayi mai sarrafawa, mai kyau. Tana ɗauka cewa irin/TBHM na farko yana da isasshen entropy—mahada mai mahimmanci kuma sau da yawa rauni a cikin tsarin gaske. Shigarwar mai amfani na "zaɓi" wuka ce mai kaifi biyu; jimla mai rauni, mai iya tsinkaya (misali, "kalmar sirrina") na iya lalata duk ginin sirri, haɗarin da ba a ƙididdige shi ba. Bugu da ƙari, kamar yadda aka lura a cikin bita na 2023 "Sirri Bayan-Quantum: Tafiya Shekaru Goma" ta NIST, fannin yana tafiya zuwa algorithms masu juriya ga quantum. Gine-ginen takarda, duk da yake suna da tsaro daga kwamfutoci na gargajiya, sun dogara da SHA2/AES, waɗanda juriyar quantum na dogon lokaci ba ta da tabbas.

Fahimta Mai Aiki: Ga masu gine-ginen tsaro, wannan takarda tana ba da zane. Kada ku yi naku PRNG. Yi amfani da gine-ginen sirri da aka kafa a matsayin tubalan gini. Mafi mahimmanci, tabbatar, tabbatar, tabbatar. Haɗa ci gaba da tabbatar da entropy (kamar gwaje-gwajen NIST) cikin mahimman tsarin ƙirƙirar lambobi na bazuwar, al'adar da ƙungiyoyi kamar Ƙungiyar Linux ta CCC (Takaddun Shaida na Gama gari) suka jaddada. Don haɓaka samfur, abin da za a iya ɗauka nan da nan shine maye gurbin duk wani ƙirƙirar kalmar sirri na tushen LCG a cikin tsarin ku da mai ƙirƙira na tushen KMAC ko HMAC-SHA256, ta amfani da iri mai tsaro. Matakin tsaro na gaba shine fara yin samfuri tare da ƙira na tushen SHA-3/KECCAK (kamar KMAC) da kuma lura da juyin halittar ma'auni na sirri bayan-quantum na NIST don haɗawa a ƙarshe.

7. Cikakkun Bayanai na Fasaha & Tsarin Lissafi

An ayyana ainihin ayyukan lissafi a cikin Bita na Adabi (Sashe na 2). Mahimman dabarun sun haɗa da:

LCG (Mara Tsaro): $f_i(k) \equiv a \times f_{i-1}(k) + c \ (\text{mod} \ m)$
HMAC: $r_{hmac}(k, M) = h((k \oplus opad) \ || \ h((k \oplus ipad) \ || \ M))$
HMAC a cikin Yanayin Ƙidaya don PRNG: $M_i = i \ || \ \text{KDF} \ || \ 0x00 \ || \ M \ || \ L$
CMAC (CBC-MAC) maimaitawa: $c_{i+1} = AES(k, c_i \oplus M'_{i+1})$

Ƙirƙirar kalmar sirri tana sanya lamba bazuwar $R$ (daga fitarwar PRNG) zuwa fihirisar haruffa: $\text{index} = R \ \text{mod} \ |S|$, inda $|S|$ shine girman saitin haruffa.

8. Tsarin Bincike & Misalin Shari'a

Misalin Shari'a: Kimanta Mai Ƙirƙirar Kalmar Sirri na Tsarin Gadon
Yanayi: Tsohon aikace-aikacen gidan yanar gizo yana amfani da LCG da aka gyara don ƙirƙirar kalmomin sirri na ɗan lokaci na mai amfani. Ana buƙatar binciken tsaro.
Aikace-aikacen Tsarin:

Gano Nau'in PRNG: Duba tushen lambar. Nemo: iri = (a * iri + c) % m; Tabbatar cewa nau'in LCG ne.
Ƙimar Tsaron Sirri: LCG yana da ƙaddara kuma yana juyawa. Maharin da ya sami ƴan kalmomin sirri na gaba zai iya warware iri kuma ya annabta duk kalmomin sirri na gaba, yana keta jagororin NIST SP 800-63B akan bazuwar mai tantancewa.
Ba da Shawarar Gyara ta Amfani da Hanyar Takarda:
- Tushen Iri: Maye gurbin irin lokacin tsarin da CSPRNG (misali, /dev/urandom akan Linux, CryptGenRandom akan Windows).
- Ainihin Mai Ƙirƙira: Aiwatar da PRNG na tushen HMAC-SHA256 kamar yadda ƙirar takarda ta tsara.
- Tabbatarwa: Ƙirƙiri samfuri mai girma (ragi 1,000,000) daga sabon mai ƙirƙira kuma gudanar da NIST STS (Rukunin Gwajin Ƙididdiga) ko masu ƙididdige entropy daga SP 800-90B don tabbatar da bazuwar kafin turawa.

Wannan tsarin yana canza kimanta daga "shin yana kama da bazuwar?" zuwa "shin ya wuce tabbataccen sirri?"

9. Aikace-aikace na Gaba & Hanyoyin Ci Gaba

Ka'idodin sun wuce kalmomin sirri na mai amfani:

Ƙirƙirar Maɓalli & Alamar API: Ƙirƙiri maɓallan API da alamun zaman sirri na sirri ta atomatik a cikin tsarin microservices.
Daidaituwar Tsaro na Tsoho: Saka irin waɗannan masu ƙirƙira a cikin na'urorin IoT ko masu shigar da software don ƙirƙirar kalmomin sirri na admin na tsoho na musamman, masu ƙarfi, suna rage yawan harin daidaitattun shaida.
Juyin Halitta Bayan-Quantum: Gina na tushen KMAC ya dogara ne akan SHA-3 (KECCAK), wanda ake ɗauka yana da juriya ga quantum. Wannan mai ƙirƙira na iya zama tushen tsarin "sirri mai sassauƙa". Ayyukan gaba yakamata su haɗa PRNG dangane da daidaitattun algorithms bayan-quantum na NIST kamar CRYSTALS-Kyber ko sa hannu na tushen hash, yayin da al'ummar sirri ke shirye don zaman kwamfuta na quantum.
Haɗawa tare da Manajoji na Kalmar Sirri & SSO: Mai ƙirƙira zai iya zama babban ɓangare na buɗaɗɗen manajoji na kalmar sirri ko tsarin Shiga Guda (SSO), yana ba da tushen bazuwar kalmar sirri da za a iya tantancewa a sarari.

10. Nassoshi

M. Bishop, "Tsaron Kwamfuta: Fasaha da Kimiyya", Addison-Wesley, 2019.
NIST, "Buga Na Musamman 800-63B: Jagororin Asalin Dijital", 2020.
NIST, "Buga Na Musamman 800-90B: Shawarwari don Tushen Entropy Da Ake Amfani Da Su don Ƙirƙirar Ragi Na Bazuwar", 2018.
NIST, "Buga Na Musamman 800-108 Rev. 1: Shawarwari don Cire Maɓalli Ta Amfani da Ayyukan Ƙarya", 2022.
NIST, "FIPS 202: Ma'auni na SHA-3: Hash na Tushen Matsayi da Ayyukan Fitowa Mai Faɗaɗawa", 2015.
J. Kelsey, B. Schneier, D. Wagner, "Aikace-aikace masu Tsaro na Maɓallai Masu Ƙarancin Entropy", Taron Aiki na Tsaro na Bayanai, 1997.
M. Dworkin, "Shawarwari don Yanayin Aiki na Block Cipher: Yanayin CMAC don Tantancewa", NIST SP 800-38B, 2005.
NIST, "Rahoton Matsayi akan Zagaye na Uku na Tsarin Daidaita Sirri Bayan-Quantum na NIST", 2022. [Kan layi]. Ana samun: https://csrc.nist.gov/projects/post-quantum-cryptography
Gidauniyar Linux, "Takaddun Shaida na Gama gari da Buɗe Tushe", 2023. [Kan layi]. Ana samun: https://www.linuxfoundation.org/