What problem does this paper attempt to address?

The problem that this paper attempts to solve is to analyze and verify the properties of the entropy - mixing function of the Linux Pseudo - Random Number Generator (PRNG), especially its **injectivity** and **longest - chain length**. Specifically, the author hopes to verify through SAT - solving and model - counting techniques: 1. **Whether the entropy - mixing function is injective**: that is, whether different inputs will produce different output states. 2. **The length of the longest chain**: that is, after how many bytes of input, the state of the entropy pool will remain unchanged under a given initial state. ### Background and Motivation of the Paper The Linux PRNG is a pseudo - random number generator widely used in security - related protocols and applications. It generates pseudo - random numbers by collecting unpredictable data from different entropy sources (such as keyboard, mouse, disk events, etc.). With the continuous update of the system, the code of the PRNG has also been modified many times to deal with known security attacks. However, there are still some unsolved problems regarding the design and security analysis of the PRNG. ### Main Research Objectives 1. **Understand the working principle of the Linux PRNG**: including its architecture, entropy accumulation and estimation process. 2. **Verify the entropy - preservation characteristics of the entropy - mixing function**: according to previous research, the entropy - mixing function should be able to preserve the entropy received from various entropy sources. The author hopes to verify this through SAT - solving and model - counting techniques. 3. **Analyze the injectivity and the longest - chain length of the entropy - mixing function**: - **Injectivity**: ensure that different inputs will not lead to the same output state. - **Longest - chain length**: determine after how many bytes of input, the state of the entropy pool will remain unchanged under a given initial state. ### Research Methods The author uses SAT - solvers (such as Cadical) and maximum - model counters (such as Maxcount) to analyze the following formulas: 1. **Formula 1**: Check whether two different sets of entropy - input bytes (of the same size) will produce the same state after being processed by the mixing function. \[ (i_1\neq i_2)\land(f(x, i_1) = f(x, i_2)) \] 2. **Formula 2**: Check whether the final entropy - storage state is the same even if the initial entropy - storage states are different or the entropy bytes used for mixing are different (but of the same size). \[ ((x_1\neq x_2)\lor(i_1\neq i_2))\land(f(x_1, i_1) = f(x_2, i_2)) \] ### Experimental Results - **Formula 1**: For up to 88 input entropy bytes, Formula 1 is unsatisfiable (UNSAT), which means that in these cases, different inputs will not produce the same state. - **Formula 2**: For up to 288 input entropy bytes, Formula 2 is satisfiable (SAT), which indicates that even if the initial states are different or the inputs are different, the final states may still be the same. ### Conclusions and Future Work The author has developed a tool named Entropy - Mixer to simulate the entropy - mixing function of the Linux PRNG and analyze its properties through SAT - solving and model - counting techniques. Although some progress has been made in the injectivity analysis, further research is still needed to fully verify its properties. In addition, the author plans to explore in the future how to find the input sequence of the longest chain in order to restore the original state. Through these studies, the author hopes to provide a deeper understanding of the security and reliability of the Linux PRNG and provide theoretical support for further improving the PRNG design.