Curious RNG stalemate [was: use of cpunks]

Cathal Garvey (Phone) cathalgarvey at cathalgarvey.me
Fri Oct 18 00:16:51 PDT 2013


Accepted, entirely, but if "noisy diodes" are all you need for quantum entropy, why are designs for OSHW entropy generators so scarce? I suggested smoke alarms not through radioactivity-fetishism but because of ubiquity and low cost, likely low difficulty to adapt.

Jon Callas <jon at callas.org> wrote:
>Be aware in all of this of the Heisenberg-Schödinger Credulity Effect.
>That effect is that the word "quantum" sucks people's brains out, and
>otherwise sensible people suffer from impaired reasoning.
>
>It is certainly true that radioactivity is a random effect, and is
>quantum in nature. That does not mean that in order for a random
>sampling to be quantum, it must be based on radioactivity; there are
>other quantum sources of randomness. Noisy diodes, resister noise, CCD
>noise, etc. are all quantum. If you want to get picky, *all* physical
>effects are quantum, even ones that aren't usefully random. There is
>nothing magic about one physical source or other that makes it more
>suited for crypto. Thinking that a hardware source should be
>radioactive is affirming the consequence, as well.
>
>Not does it mean that a radioactive (or other) source is suitable for
>cryptography without some sort of conditioning. Hardware sources are
>often biased in distribution, or have other numeric flaws that can be
>fixed with a whitening function.
>
>In short, radioactivity is neither necessary nor sufficient for
>cryptographic use. If you want to use a source for crypto, you want to
>run it through a system like /dev/random or at the very least a DRBG to
>give clean outputs.
>
>Furthermore, what we really want in crypto is what I call
>"unguessability." This is both weaker than true randomness and
>stronger. It's stronger in that the numbers have to remain secret. A
>completely random process that everyone knows is completely unsuitable
>for crypto, but a weakly entropic input can be jiggered into
>suitability.
>
>To sum up -- don't get wrapped around the axle about radioactivity.
>It's not the only random process in the universe, and you have to do a
>lot of work once you have it. The sort of work that you need to do is
>precisely what a well-done OSRNG does.
>
>	Jon

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2574 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131018/2b1ea377/attachment-0001.txt>


More information about the cypherpunks mailing list