Criticism of a proposed floating point (cs)prng requested.
in [Cryptography]
|
Prev: Criticism of a proposed stream cipher requested.
Next: Question about pass phrase cracking through brute force
From: Maaartin on 4 Jun 2010 18:20 On Jun 4, 10:48 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Note the word "many" that I wrote. Consider e.g. the case where > different branch officies of a firm are to confidentially communicate > with one another. If that involves a PRNG that is based on computations > in R, then almost surely the firm could afford to purchase compatible > hardware, if not exactly identical hardware, for that purpose. In > more general situations, Intel-compatible PCs are sufficiently > "ubiquitous" and cheap, so that the problem in question could be > considered to be practically solved, I would say. Probably yes. But one day Microsoft decides to set default rounding mode differently and nothing more works - unless the programmer took care of it while implementing the PRNG, but maybe he did not, and one half of the can't communicate with the other. Would you take the chance? What if the company fuses with another one using the same PRNG on incompatible HW. Is it worth the hassle. But the most important reason is simple: As I already said, the PRNG won't be analyzed thoroughly enough, so no sane company would use it. On Jun 4, 11:23 pm, Phoenix <ribeiroa...(a)gmail.com> wrote: > The incompatibility bettween i.e. (Intel/SUN) communications, is for > all areas (Chemistry, Trigonometry, Biology, Geometry, etc) or only > for crypto? The question makes no sense, unless you use chemistry for securing your communication. > If answer is only for crypto, what is the solution to pass accurate > and compatible values in R from one system to another? This again makes no sense. Both communicating parties need the same PRNG for encrypting and decrypting their communication. The values generated by the PRNG are used as the keystream, so they mustn't be sent anywhere.
From: Phoenix on 4 Jun 2010 18:36 On 4 Jun, 22:20, Maaartin <grajc...(a)seznam.cz> wrote: > The question makes no sense, unless you use chemistry for securing > your communication. > > > If answer is only for crypto, what is the solution to pass accurate > > and compatible values in R from one system to another? > > This again makes no sense. Both communicating parties need the same > PRNG for encrypting and decrypting their communication. The values > generated by the PRNG are used as the keystream, so they mustn't be > sent anywhere. No Maaartim, you don't undertand the question. Supose one do some calculation with Intel system: i.e. I=LOG(SQR(2)*PI...a big expression) Another one make the same calculation with SUN system: S=LOG(SQR(2)*PI...a big expression) Acording to you, I is different form S. Thats what I mean.
From: Mok-Kong Shen on 4 Jun 2010 18:38 Phoenix wrote: > Mok-Kong Shen wrote: > >> Note the word "many" that I wrote. Consider e.g. the case where >> different branch officies of a firm are to confidentially communicate >> with one another. If that involves a PRNG that is based on computations >> in R, then almost surely the firm could afford to purchase compatible >> hardware, if not exactly identical hardware, for that purpose. In >> more general situations, Intel-compatible PCs are sufficiently >> "ubiquitous" and cheap, so that the problem in question could be >> considered to be practically solved, I would say. Certainly, if >> one partner uses Intel hardware and the other hardware from SUN, >> I don't know for sure but I guess there could be incompatibility >> problems. But that's outside of the "many" I meant. > At this point, my question is: > > The incompatibility bettween i.e. (Intel/SUN) communications, is for > all areas (Chemistry, Trigonometry, Biology, Geometry, etc) or only > for crypto? > If answer is only for crypto, what is the solution to pass accurate > and compatible values in R from one system to another? For many common scientific and engineering computations slight differences due to rounding are tolerable. But there are also quite some exceptions. In crypto one as a rule needs exact computations. As I said, I know practically nothing of the IEEE standard you mentioned. It is well possible that it in fact guarantees the rounding to be same from different hardware so that the suspected difficulty doesn't exist (assuming, of course, hardware having same size of arithmetic units). In the other case, the problem is not trivial, I am afraid, because there is the issue of propagation of rounding errors, i.e. for your computation the error from the first application of the equation could "magnify" the error of the second application. With my poor knowledge, a (maybe fairly non-optimal solution) that I would employ is to use double-precision to evaluate the RHS of your equation and round the result to become the LHS, for that is evidently safe for the type of expressions of the RHS. M. K. Shen
From: Phoenix on 4 Jun 2010 18:54 On 4 Jun, 22:38, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > For many common scientific and engineering computations slight > differences due to rounding are tolerable. But there are also > quite some exceptions. In crypto one as a rule needs exact > computations. As I said, I know practically nothing of the IEEE > standard you mentioned. It is well possible that it in fact guarantees > the rounding to be same from different hardware so that the suspected > difficulty doesn't exist (assuming, of course, hardware having same > size of arithmetic units). In the other case, the problem is not > trivial, I am afraid, because there is the issue of propagation of > rounding errors, i.e. for your computation the error from the first > application of the equation could "magnify" the error of the second > application. With my poor knowledge, a (maybe fairly non-optimal > solution) that I would employ is to use double-precision to evaluate > the RHS of your equation and round the result to become the LHS, for > that is evidently safe for the type of expressions of the RHS. > > M. K. Shen Yes. Completely agree.
From: Mok-Kong Shen on 4 Jun 2010 19:16
Maaartin wrote: > Mok-Kong Shen wrote: >> Note the word "many" that I wrote. Consider e.g. the case where >> different branch officies of a firm are to confidentially communicate >> with one another. If that involves a PRNG that is based on computations >> in R, then almost surely the firm could afford to purchase compatible >> hardware, if not exactly identical hardware, for that purpose. In >> more general situations, Intel-compatible PCs are sufficiently >> "ubiquitous" and cheap, so that the problem in question could be >> considered to be practically solved, I would say. > > Probably yes. But one day Microsoft decides to set default rounding > mode differently and nothing more works - unless the programmer took > care of it while implementing the PRNG, but maybe he did not, and one > half of the can't communicate with the other. Would you take the > chance? > > What if the company fuses with another one using the same PRNG on > incompatible HW. Is it worth the hassle. Are you aware that incompatibility is ubiquitous in CS? Files of Microsoft and of Apple are in different formats, if I don't err. I can't read PS-documents, because I have Adobe Reader on my PC. Currently I have the 64 bit version of Windows 7 and can no longer run the exe-files I previously got using Windows XP on a 32 bit PC. My point was that, 'if' the algorithm turns out to be 'sufficiently' superior, 'then' it could well find application areas that it deserves. One should not "always" demand standards that apply in all cases, remembering that even the metric system is not yet employed everywhere. To my knowledge, even different versions of certain ISO Standards may also not be (entirely) upwards compatible. In real life, one has often to accept compromises, right? M. K. Shen |