Curious RNG stalemate [was: use of cpunks]
Andy Isaacson
adi at hexapodia.org
Wed Oct 23 23:18:26 PDT 2013
On Wed, Oct 23, 2013 at 03:01:31AM -0700, Andrea Shepard wrote:
> On Thu, Oct 17, 2013 at 02:39:01PM -0700, Jon Callas wrote:
> > It is certainly true that radioactivity is a random effect, and is quantum
> > in nature. That does not mean that in order for a random sampling to be
> > quantum, it must be based on radioactivity; there are other quantum sources
> > of randomness. Noisy diodes, resister noise, CCD noise, etc. are all quantum.
> > If you want to get picky, *all* physical effects are quantum, even ones that
> > aren't usefully random. There is nothing magic about one physical source or
> > other that makes it more suited for crypto. Thinking that a hardware source
> > should be radioactive is affirming the consequence, as well.
>
> Radioactivity is almost uniquely insensitive to tampering through environmental
> influences, though, owing to the large energy scale of nuclear processes [1].
I'm not at all sure "uniquely insensitive to tampering" is true against
an attacker who can influence the RNGs physical environment. Suppose you're
timing alpha particles, using a clock accurate to microseconds, and the
attacker puts a microgram of 210-Polonium a few centimeters from your
detector; you'll have an event to measure every microsecond and your
detector saturates, resulting in an unending stream of 1s.
A similar attack (saturating a detector which is supposed to be secure
based on a "physical principle") defeats some "quantum key distribution"
systems (which seem to be snake oil for the most part); for example,
https://events.ccc.de/congress/2009/Fahrplan/events/3576.en.html
Certainly it's possible to add complexity to the system to ensure that
"everything is as it should be" and "nothing odd is going on"; this
complexity negates the putatively "simple" nature of systems that are
"uniquely immune" or whatever.
-andy
More information about the cypherpunks
mailing list