Prev: Primitive tri/pentanomials
Next: solutions manual
From: Tom St Denis on 30 Jul 2010 06:39 On Jul 30, 3:32 am, MrD <mrdemean...(a)jackpot.invalid> wrote: > unruh wrote: > > > While a crypto system is a chaotic system in some sense, most chaotic > > systems have attractor cycles, etc. There are organized structures > > within the chaos. Organized structures are anathema to crypto. > > Thus,most chaotic systems are useless for crypto. > > The HWRNGs built-in to some CPUs are based on two or more free-running > oscillators, commonly (so I understand) using a ring of gates to make an > oscillator. It strikes me that as a source of randomness such a circuit > is as much turbulent as random, and I understand that turbulence is more > a chaotic phenomenon than a truly random one. > > I'm pretty much out of my depth on this. I'd appreciate the views of > someone who knows something about the subject. I'm suspicious of this > type of TRNG on the grounds that Unruh has given; and because I believe > that the oscillators are exhibiting turbulence and not randomness. > > Are my suspicions reasonable? Ring oscillators [typically built out of a series of NOT gates] basically rely on meta instability to extract any sense of entropy out of the system. The idea being if you let them free run [unclocked] some of the NOT gates outputs won't reflect their periodic input, multiply that effect by having a long chain, or better yet, several co- prime length chains and you start seeing some entropy out of it. I don't know if that's considered "chaotic." In my mind a chaotic function is one which behaves highly non-linear even with respect to a great many sample points. Like I can know the temperature for the last 100 days but I still can't plot out to tomorrow let alone next week, let alone next month. In the oscillator case I suppose there are variables to be had in terms of the meta stability of the NOT gates, but I don't know if that's sufficient. There are attractor cycles to them, for instance they really need to be on their own power rails. Or you get something like http://www.youtube.com/watch?v=yysnkY4WHyM Happening. The switching NOT gates take power which influences other things on the same rail, which in turn actually drives them to produce lower entropy outputs. Tom
From: Mok-Kong Shen on 30 Jul 2010 08:20 Scott Contini wrote: > If one has a good solution that uses chaos theory > and solves important problems in crypto, then they > should propose it and let the crypto people analyse > it. If the crypto community likes it, then and only > then will chaos theory be considered a useful tool > for cryptography. I am not sure what I'll say below is correct but let me nonetheless say it anyway. Is there a known 'standard' place where scientific results/proposals in the field of crypto should/must be submitted in order for these to be recognized? I mean, it is commonly known that two different fields of sciences may have certain overlapping regions and it often deploringly happens that the communications between the two groups of scientists are much less than optimal. Hypothetically taking the standpoint of e.g. the authors of the paper I cited, I think they could say something like: "Our paper is published in a very reknown international scientific journal. Why are there many working in the field of crypto apparently so lazy as not to cast even a glance of it?". Couldn't they? M. K. Shen
From: Tom St Denis on 30 Jul 2010 09:04 On Jul 30, 8:20 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Scott Contini wrote: > > If one has a good solution that uses chaos theory > > and solves important problems in crypto, then they > > should propose it and let the crypto people analyse > > it. If the crypto community likes it, then and only > > then will chaos theory be considered a useful tool > > for cryptography. > > I am not sure what I'll say below is correct but let me nonetheless > say it anyway. Is there a known 'standard' place where scientific > results/proposals in the field of crypto should/must be submitted > in order for these to be recognized? I mean, it is commonly They're called journals. There are different crypto conferences like CRYPTO, CHES, FSE, SAC, PKC, etc... all with slightly different purposes. A chaos theory paper would probably be suited for CRYPTO. > known that two different fields of sciences may have certain > overlapping regions and it often deploringly happens that the > communications between the two groups of scientists are much less > than optimal. Hypothetically taking the standpoint of e.g. the > authors of the paper I cited, I think they could say something like: There are papers out there on using chaos theory in cipher design, it's just that it usually doesn't turn out to be effective and people stop working on it. There isn't some vast conspiracy going on here. Tom
From: unruh on 30 Jul 2010 11:49 On 2010-07-30, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > Scott Contini wrote: > >> If one has a good solution that uses chaos theory >> and solves important problems in crypto, then they >> should propose it and let the crypto people analyse >> it. If the crypto community likes it, then and only >> then will chaos theory be considered a useful tool >> for cryptography. > > I am not sure what I'll say below is correct but let me nonetheless > say it anyway. Is there a known 'standard' place where scientific > results/proposals in the field of crypto should/must be submitted > in order for these to be recognized? I mean, it is commonly Yes. Journals. > known that two different fields of sciences may have certain > overlapping regions and it often deploringly happens that the > communications between the two groups of scientists are much less > than optimal. Hypothetically taking the standpoint of e.g. the > authors of the paper I cited, I think they could say something like: > "Our paper is published in a very reknown international scientific > journal. Why are there many working in the field of crypto apparently > so lazy as not to cast even a glance of it?". Couldn't they? If they want to be noticed by the crypto community they should get off their buts and find the journals that the crypt people read. Noone has the time to read every journal in the world. Publishing your latest theory on quantum gravity in the journal of Molecular Biology, no matter how reputeable, will have zero impact. As I said, a crypto system IS a chaotic system, but of a very very special kind. Most chaotic systems are unsuitable for crypto because of things like limit cycles and other coherences. It is not the crypto people who are lazy, it is those authors who cannot bother to figure out exactly what is needed to create good crypto. > > M. K. Shen >
From: unruh on 30 Jul 2010 11:53
On 2010-07-30, Tom St Denis <tom(a)iahu.ca> wrote: > On Jul 30, 3:32?am, MrD <mrdemean...(a)jackpot.invalid> wrote: >> unruh wrote: >> >> > While a crypto system is a chaotic system in some sense, most chaotic >> > ?systems have attractor cycles, etc. There are organized structures >> > within the chaos. Organized structures are anathema to crypto. >> > Thus,most chaotic systems are useless for crypto. >> >> The HWRNGs built-in to some CPUs are based on two or more free-running >> oscillators, commonly (so I understand) using a ring of gates to make an >> oscillator. It strikes me that as a source of randomness such a circuit >> is as much turbulent as random, and I understand that turbulence is more >> a chaotic phenomenon than a truly random one. >> >> I'm pretty much out of my depth on this. I'd appreciate the views of >> someone who knows something about the subject. I'm suspicious of this >> type of TRNG on the grounds that Unruh has given; and because I believe >> that the oscillators are exhibiting turbulence and not randomness. >> >> Are my suspicions reasonable? > > Ring oscillators [typically built out of a series of NOT gates] > basically rely on meta instability to extract any sense of entropy out > of the system. The idea being if you let them free run [unclocked] > some of the NOT gates outputs won't reflect their periodic input, > multiply that effect by having a long chain, or better yet, several co- > prime length chains and you start seeing some entropy out of it. > > I don't know if that's considered "chaotic." In my mind a chaotic > function is one which behaves highly non-linear even with respect to a > great many sample points. Like I can know the temperature for the > last 100 days but I still can't plot out to tomorrow let alone next > week, let alone next month. Sure you can. The temp may well be chaotic, but that does not stop one being able to talk about climate. The earth's orbit is chaotic, but that does not stop us from being able to predict the earth's position next year (or even 1000 years) with amazing accuracy > > In the oscillator case I suppose there are variables to be had in > terms of the meta stability of the NOT gates, but I don't know if > that's sufficient. > > There are attractor cycles to them, for instance they really need to > be on their own power rails. Or you get something like > > http://www.youtube.com/watch?v=yysnkY4WHyM > > Happening. The switching NOT gates take power which influences other > things on the same rail, which in turn actually drives them to produce > lower entropy outputs. > > Tom |