Intel Security processor + a question
Major Variola (ret)
mv at cdc.gov
Mon Oct 21 17:48:56 PDT 2002
At 05:13 PM 10/21/02 -0400, Tyler Durden wrote:
>
>So I guess the follow on question is: Even if you can look at the code
of a
>RNG...how easy is it to determine if its output is "usefully random",
or are
>there certain "Diffie-approved" RNGs that should always be there, and
if not
>something's up?
Start with something analog, where no one knows the initial state
perfectly, and the dynamics are dispersive (chaotic). Digitize it.
You can use ping pong balls if you like.
1. Measure its entropy (eg see Shannon). Xor values together
(xor doesn't generate change (variation), but preserves it).
Go to 1 until you find that your measurments have asymptoted.
You should then hash ('whiten') your distilled 1bit/baud values,
to make it hard to go backwards throught the deterministic iterative
"distilling" in the above recipe.
In practice, you may feed a hashing digest function directly with your
raw
measurements and rely on the digest compressing the number of bits
in:out
to assure 1 bit/baud (even without the hash-whitening).
However the output of such a hash function will be noise-like even with
very low entropy input, e.g., successive integers. Ergo measuring after
hashing is pointless.
Discuss the results with your troopleader, and you will receive your
crypto merit badge in 4-6 weeks.
More information about the cypherpunks-legacy
mailing list