In C++, how can we make std::uniform_int_distribution cryptographically secure? For example is the following code generate cryptographically secure uniformly random numbers? If not, how can we correct it?
#include <iostream>
#include <random>
int main(void){
std::default_random_engine generator;
std::uniform_int_distribution<int> distribution(0,9);
int p[10]={};
for (int i=0; i<10; ++i) {
int number = distribution(generator);
++p[number];
}
}
None of the random engines provided in the C++ standard are "cryptographically secure", and even std::random_device is specified only to generate "nondeterministic" random numbers (at best), without necessarily imposing any particular security requirements.
In particular, uniform_int_distribution (as with all other C++ distribution classes) has implementation-defined behavior. For example, an implementation of the C++ standard library may implement uniform_int_distribution using rejection sampling or another strategy. This means that uniform_int_distribution is not guaranteed to be "constant-time" from a security point of view (in the sense that differences in running time cannot be exploited in a security attack; for example, in a way that could recover the random seed).
