**Publications**

- Yongge Wang and Tony Nicol:
Statistical Properties of
Pseudo Random Sequences and Experiments with PHP and Debian OpenSSL.
**Computers and Security (53):44-64**, September 2015. An extended abstract appeared in**ESORICS**2014, LNCS 8712, pp. 454--471. (pdf) Elsevier version. (LIL Software, 432KB). The JAR file runs on all platforms. For instructions, run: java -jar LILtest.jar - Yongge Wang: On the Design of LIL Tests for (Pseudo) Random Generators and Some Experimental Results (pdf)
- Yongge Wang: On Stochastic Security of Pseudorandom Sequences (pdf)
- C.Calude, P.Hertling, B.Khoussainov, and Y.Wang: Recursively enumerable
reals and Chaitin's
Ω numbers.
**Theoretical Computer Science**255:125--149, 2001. (pdf) - Y.Wang: Genericity, randomness, and polynomial time approximations.
**SIAM Journal on Computing**, 28(2):394-408, 1999. (pdf) - Y.Wang: A separation of two randomness concepts.
**Information Processing Letters**, 69(3):115--118, 1999. (pdf) - Y.Wang: Resource bounded randomness and computational complexity.
**Theoretical Computer Science**237(1-2):33--55, 2000. (pdf) - Y.Wang: Randomness, stochasticity, and approximations.
**Theory of Computing Systems**32:517--529, 1999. (pdf) - Y.Wang: A comparison of two approaches to pseudorandomness.
**Theoretical Computer Science**276(1-2):449--459, 2002. (pdf, 170K, publisher's version) - Y.Wang: Randomness and Complexity. PhD Thesis, 1996. (pdf)

- Yongge Wang: Java LIL Testing tool (LIL Software, 432KB). The JAR file runs on all platforms. For instructions, run: java -jar LILtest.jar

We have developed statistical distance based testing techniques for pseudorandom or random sources. The details of the techniques could be found in the above papers. In the following, we show some important testing results:

- Yongge Wang: the snapShot LIL test ideal results should look like this:

- Antony Nicol: It is reported in Debian security Advisory DSA-1571-1 that
the random number generator in Debian's openssl package is predictable
since the following line of code in md_rand.c has been removed by mistake
"MD_Update(&m,buf,j); /* purify complains */". We generated 10,000 sequences
(each sequence is 2GB long) using this version of the
Debian OpenSSL (with single thread).
The snapShot LIL test results show a significant distance from the
ideal results:

- Yongge Wang: We generated 10,000 sequences
(each sequence is 2GB long) using the NIST SP800 90A DRBG-SHA256.
The snapShot LIL test results show a reasonable though still larger
distance from the ideal results (if we compare this result with the
result for Debian openSSL, we conclude that snapshot LIL test
could be used to detect some of the weakness in pseudorandom generators)

- Yongge Wang: We generated 1,000 sequences
(each sequence is 2GB long) using the NIST SP800 90A DRBG-SHA256.
The snapShot LIL test results show a larger
distance from the ideal results

- Yongge Wang: the LIL curves for 100 pseudorandom sequences (each sequence is 1.34GB long) generated by the JavaAPI (with ShA1).

- Yongge Wang: the LIL curves for 100 pseudorandom sequences (each sequence is 1.34GB long) generated by theNIST SP800 90A DRBG-SHA1 .

- Yongge Wang: the LIL curves for 100 pseudorandom sequences (each sequence is 2GB long) generated by the NIST SP800 90A DRBG-SHA256.

- Yongge Wang: the LIL curves for 100 pseudorandom sequences (each sequence is 1.3GB long) generated by theFortuna-AES128.