
On the subject of RNGs. Thinking about conditioning. Suppose you have a "poor" random number stream, e.g., FM hiss digitized at say 8 Ksamples/sec. Can you get a crypto-secure random-number stream by "whitening" the stream with a good block cipher? This scheme uses the RNG to "kick" the cipher out of the deterministic cycle its in, which is determined by the cipher key and initialialization vector. Poor RNG ----> XOR ----> BlockCipher ----> improved RNG? ^ | |____________________| The output of a good block cipher in feedback mode will pass Diehard tests, though it is not crypto-secure.
From an information theoretic perspective, in the above scheme, you are slowly adding entropy to the output stream, at a rate determined by the actual number of bits/iteration and the bits/symbol of your poor random numbers.
If you fed 64 bits of pure random values into a 64 bit cipher you would have a true RNG, filtered by the xor/ciphering, but still crypto-secure. With fewer true bits, you have a 'smooth' way to introduce variable amounts of true entropy. If your RNG is 'stuck at' a constant value you are back to a deterministic PRNG. How do you cryptanalze the mix of a keyed PRNG and a true entropy source here? Is there any mathematical literature on this? Thanks honig@alum.mit.edu "Speech is not protected simply because it is written in a language" Federal Misjudge Gwin on the Bernstein Case