Security of biased sources for cryptographic keys

Cryptographic schemes are based on keys that are highly involved in granting their security. It is in general assumed that the source producing these keys has uniform distribution, that is, it produces keys from a given key space with equal probability. Consequently, deviations from uniform distribution of the key source may be regarded a priori as a potential security breach, even if no dedicated attack is known, which might take advantage of these deviations. We propose in this paper a model for biased key sources and show that it is possible to prove some results about tolerance of biases, that have the property of being inherent to the bias itself and not requiring assumptions about unknown attacks, using these biases. The model is based on comparing the average case complexities of generic attacks to some number theoretical problems, with respect to uniform and to biased distributions. We also show the connection to information entropy based analysis of biased sources, which was used in earlier works, for suggesting the tolerance of biased sources.