New Random Number Generator for encryption
in [Cryptography]
|
Prev: Scalable Key Cryptography - The Universal Model.
Next: New Generation Lossless Data Representations
From: Lev Dymchenko on 11 Aug 2010 22:38 orz "I think that you are not actually doing anything that a proper CSPRNG would consider seeding in MDWP, instead relying on the internal RNGs seeding function." Current source code does not include encryption key setting, just some example of creating seed for testing.
From: Mok-Kong Shen on 12 Aug 2010 05:02 Greg Rose wrote: > Mok-Kong Shen wrote: >> >> BTW, in case you are interested to compare your design with others, >> there is a PRNG by G. Marsaglia named Super KISS, which is claimed to >> have very large period and good statistical qualities. (You could >> Google to find it. I personally have unfortunately no knowldege of it.) > > But it is cryptographically unsound, so not worth > mentioning in sci.crypt. I have a different opinion. Even an unsecure element (taking singly) could well be at the base (be a component) of a secure system, right? Anyway, xoring with a statistically good bit stream could generally improve another stream in its statistical qualtity, if I don't err. M. K. Shen
From: Joseph Ashwood on 12 Aug 2010 04:52 "Lev Dymchenko" <levdymchenko(a)gmail.com> wrote in message news:09124ddb-8255-48d6-b32c-7c8b2ab25784(a)p7g2000yqa.googlegroups.com... > Joseph Ashwood > > "It works easily in this case becase there is a known counter >> involved, from past the counter is only a single round. > " > > If counter is known, it does not necessary mean that attack is > successful. You really should try to understand what I say. The foundation criteria was building how to mount a differential attack on a pRNG. I gave the method I used to model it as a block cipher with a chaining mode. I'm not giving the details of the attack because it is a simple attack, but it is important that, if you are going to build a good pRNG, you need to learn how to find the attacks yourself. Once you understand how to mount a differential cryptanalytic attack, the attack is easy to see. You just need to read up on differential attacks until you understand them. Joe
From: Mok-Kong Shen on 12 Aug 2010 05:10 Joseph Ashwood wrote: > "Mok-Kong Shen" wrote: >> A question quite OT: Could you give a pointer to a good >> (easy to understand) paper on differential attacks on PRNGs? > > I don't know of any convenient reference. I actually modeled it as a > 1-bit block cipher in CTR mode. I used the internal counter (I.e. the > label for the particles and a loop count) as the plaintext, the pRNG > output is the ciphertext, from there it is a fairly standard block > cipher differential attack. It works easily in this case becase there is > a known counter involved, from past the counter is only a single round. I surmise that the analysis techniques of block ciphers of n bit blocks generally tacitly assume that n >> 1. Lacking knowledge, I am not very sure whether everything performed there applies to the special case n=1 without problems. M. K. Shen
From: unruh on 12 Aug 2010 05:10
On 2010-08-12, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > Greg Rose wrote: >> Mok-Kong Shen wrote: >>> >>> BTW, in case you are interested to compare your design with others, >>> there is a PRNG by G. Marsaglia named Super KISS, which is claimed to >>> have very large period and good statistical qualities. (You could >>> Google to find it. I personally have unfortunately no knowldege of it.) >> >> But it is cryptographically unsound, so not worth >> mentioning in sci.crypt. > > I have a different opinion. Even an unsecure element (taking singly) And exactly what is that worth? > could well be at the base (be a component) of a secure system, right? > Anyway, xoring with a statistically good bit stream could generally > improve another stream in its statistical qualtity, if I don't err. When you have a choice of a bunch of secure PRNG, why in the world would you pick an insecure one for any reason? > > M. K. Shen > > > |