Prev: Test vectors for Diffie Hellman
Next: On the classification of ciphers
From: Mok-Kong Shen on 20 Mar 2010 13:19

Quite a time ago I had the humble idea of building a compound PRNG
consisting of a number of constituent PRNGs. I have recently updated
it in some details and would like very much to subject it again to
comments and critiques from the group. The scheme can be briefly
described in terms of four levels.

The 1st level is a PRNG, which we choose to be a higher degree
permutation polynomial mod 2^32 (assuming 32 bit words). More exactly,
it is to be one with full cycle in [0,2^32-1]. The coefficients of the
polynomial and the starting value (seed of PRNG) shall come from a
correspondingly long master key together with some time-varying
informations such as time and message number, so that the resulting
PRNG (termed master-PRNG below) is unique for each message that uses
our scheme.

The 2nd level uses the output of the master-PRNG to generate a pool of
PRNGs that are lower degree (e.g. 2nd degree) permutation polynomials
together with their seeds. Each such PRNG has an associated
pseudo-randomly determined constant value b in the range [0,31].

The 3rd level activates the PRNGs in the pool in a pseudo-random order
as follows: Each PRNG, when it gets activated, outputs a number R.
Using a bit mask, one obtains from R a value p as the index of the next
PRNG in the pool to be activated. R is subsequently cyclically shifted
by b bits to become R' for further treatment in the 4th level.

The 4th level consists of a single PRNG G(x), again a lower degree
permutation polynomial. It takes each R' from the 3rd level and outputs
G(R') as the external output of our scheme. (Currently I tend to think
that the 4th level may be unnecessary and thus left out or be optional.)

Thanks,

M. K. Shen
From: biject on 20 Mar 2010 15:26
On Mar 20, 11:19 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> Quite a time ago I had the humble idea of building a compound PRNG

I know I am wasting bandwidth even trying to communicate with you
but I want to know what a "humble idea" is. Does that mean it's
worthless and you are ashamed of it but have this inner need to
regurgitate it yet again?
I know what "humble pie" is. Is that similar to what you mean?
Sorry if the humble question is to complicated, if so I humbly ask for
your humble understanding of this humble question.


David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"

From: Mok-Kong Shen on 20 Mar 2010 15:38
biject wrote:

> I know what "humble pie" is.

And you seem not to know what the abbreviation IMHO is??

M. K. Shen
From: unruh on 20 Mar 2010 18:44
On 2010-03-20, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote:
>
> Quite a time ago I had the humble idea of building a compound PRNG
> consisting of a number of constituent PRNGs. I have recently updated
> it in some details and would like very much to subject it again to
> comments and critiques from the group. The scheme can be briefly
> described in terms of four levels.
>
> The 1st level is a PRNG, which we choose to be a higher degree
> permutation polynomial mod 2^32 (assuming 32 bit words). More exactly,
> it is to be one with full cycle in [0,2^32-1]. The coefficients of the
> polynomial and the starting value (seed of PRNG) shall come from a
> correspondingly long master key together with some time-varying
> informations such as time and message number, so that the resulting
> PRNG (termed master-PRNG below) is unique for each message that uses
> our scheme.
>
> The 2nd level uses the output of the master-PRNG to generate a pool of
> PRNGs that are lower degree (e.g. 2nd degree) permutation polynomials
> together with their seeds. Each such PRNG has an associated
> pseudo-randomly determined constant value b in the range [0,31].
>
> The 3rd level activates the PRNGs in the pool in a pseudo-random order
> as follows: Each PRNG, when it gets activated, outputs a number R.
> Using a bit mask, one obtains from R a value p as the index of the next
> PRNG in the pool to be activated. R is subsequently cyclically shifted
> by b bits to become R' for further treatment in the 4th level.
>
> The 4th level consists of a single PRNG G(x), again a lower degree
> permutation polynomial. It takes each R' from the 3rd level and outputs
> G(R') as the external output of our scheme. (Currently I tend to think
> that the 4th level may be unnecessary and thus left out or be optional.)

The purpose of all this is what? It is certainly not a fast prng. What
do you want to use it for?

You could just use your first prng to create say 5 bytes as the date for
the new york times, and then the next five bytes as the number of the
letter to take out of that issue for the next byte in teh PRNG. Now you
may have to wait a few centuries for the output, but since speed is not
of any concern to you....
Actually that output is liable to be biased, but you get the idea.

>
> Thanks,
>
> M. K. Shen
From: Mok-Kong Shen on 21 Mar 2010 05:48
unruh wrote:

> The purpose of all this is what? It is certainly not a fast prng. What
> do you want to use it for?

It is certainly unfavourable in computing efficiency (especially
when compared to such PRNGs as RC4). The purpose is show that, if
one needs for whatever reasons a fairly secure (hard to predict)
PRNG of very long period and has to implement one oneself from scratch
(without having/consulting and/or relying on expert's opinions), that
seems to be one (there certainly might be several others) of the
'practical' ways to go. (This is what I personally term the poorman's
situation.)

M. K. Shen

 |  Next  |  Last
Pages: 1 2
Prev: Test vectors for Diffie Hellman
Next: On the classification of ciphers