Cryptography-Digest Digest #343, Volume #9 Mon, 5 Apr 99 14:13:05 EDT
Contents:
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: quick RSA key generation question ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: SHA ("Chen Yijiang")
att. Aman ([EMAIL PROTECTED])
Re: PGPdisk or ScramDisk? (Nathan Kennedy)
Re: quick RSA key generation question (Ian Goldberg)
Re: quick RSA key generation question ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers (Herman Rubin)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 12:53:37 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 05 Apr 1999 07:50:24 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Herman Rubin wrote:
>> In article <[EMAIL PROTECTED]>,
>> R. Knauer <[EMAIL PROTECTED]> wrote:
>> >On Sat, 03 Apr 1999 10:10:06 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>> >wrote:
>> .................
>> >If you are talking about a physical device then you must treat it like
>> >a piece of scientific equipment and certify its performance using
>> >accepted scientific techniques, including a peer-reviewd design audit
>> >and diagnostic tests for each subsystem.
>
>Please check your attributions more carefully.
>I didn't say that, R. Knauer did.
There is nothing wrong with those attributions above. Anyone who has
been on Usenet for any length of time knows that the attributions
above clearly point to me as the author of that statement.
Bob Knauer
"People have criticized me because my security detail is larger
than the president's. But you must ask yourself: Are there more
people who want to kill me than who want to kill the president?
I can assure you there are."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: quick RSA key generation question
Date: Mon, 05 Apr 1999 14:04:19 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Bob, Also mention the SQROOT(2) method for sizes of p and q in X9.31.
> Don Johnson
>
Sure. Suppose one wants a 1024 bit modulus. It is not sufficient that
p,q, each be 512 bits, since their product might be either 1023 or 1024 bits.
To ensure a 1024 bit modulus, one requires that p,q be in [sqrt(2)2^1022,
2^1023-1]. This is a simple normalization condition.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 12:45:57 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 05 Apr 1999 07:35:31 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>> Yes, it holds for *most* distributions. But it does not hold for
>> distributions that are not square integrable.
>So what? No meaningful situation is going to have infinite energy.
QED has infinite energies. Yeah, renormalization dealt with them, but
nobody considers that scheme to be fundamentally correct.
>You must have the "Junior Miss" version of his book (he wrote
>several). He dwelt on it (in the main text) in the college-
>level book we were using last summer.
There are many editions of his book. The only one I could find at the
Houston Public Library was the 4th edition.
If he changes his position from one edition to the next, then he is
not a reliable author.
>> All the statistical tests in Trioli, both parametric and
>> non-parametric, require the CLT to be of any use.
>That's certainly not true. When are you going to bother
>to learn the subject before making claims about it?
You said that if I read Triola's book I would know all I need to know.
That statement above comes right out of his book.
>> >If it is supposed to output uniformly
>> >random bits, and the r.v. X is the value of a generated bit, then
>> >X has mean 0.5 and s.d. 0.5.
>> Prove that. But be careful about your assumptions, because if you go
>> off into classical statistical theory you will miss the mark.
>
>That's an elementary exercise for the beginning statistics
>student.
Yeah, one of those "back of the envelope" calculations.
>I suggest *you* work out the proof; it might be an
>opportunity to practice converting "word problems" into formal
>specification, after which computation of the answer is easy.
Here is an envelope - you work it out. You are the one making the
assertion.
>That's for sure, but only because it makes no sense.
>Here are some finite numbers:
> 42
> 0
> 1234566778901033909867041675
> -72
Those are integers and are part of the ensemble of random numbers.
>Here are some others:
> 0.3
> Pi
> 23/41
> -238408965034.7235876134
> 1-e
>If these are what is meant in your "spec", then TRNGs cannot
>exist.
You know better than that (I presume). The sequences that are
generated by a TRNG are integers. Pi is not an integer, and neither
are any of the other real numbers above. <jeez>
>What would "equidistribution" mean?
Fer chrissakes, you are being deliberately obtuse.
Equidistribution means that the sample space has a flat distribution.
>For that matter,
>what would "independent" mean if, as you claim, it is not
>the standard probabilistic meaning for this term?
Independent refers to the selection process, not the distribution.
>I took the liberty of *stating* the specific property that a
>*meaningful* specification might include (outputting uniformly
>random bits), which I used to compute the parameters that you
>requested.
Parametric tests are not applicable to testing true randomness or lack
of true randomness.
>If your TRNG isn't supposed to include at least
>*that* property among whatever else it is, then "True Random"
>is certainly a misnomer.
True Random can be stated in an absolute manner. It is the process
which produces true random numbers like a quantum computer programmed
to calculate true random numbers.
>I don't recall anybody disputing that QM can be used to build
>a genuinely random number generator, although it doesn't have
>to take the form of a computer (or, presumably, you mean a
>particular algorithm for a particular quantum computer).
Yes, that is exactly what I mean.
>Indeed, if you understand classical statistical mechanics,
>you should appreciate that thermal noise can be used just as
>well, any "sensing" of the past environment having been
>utterly buried in the noise beyond any chance of recovery,
>no matter how many resources are employed for no matter how
>long a time. Since that is 100% practical, that is in fact
>the basis of virtually all genuine random sources that are
>on the market today.
Such processes are truly random only by virtue of the underlying
quantum processes characterize them. Classical chaotic systems may be
exceedingly random to a level that cannot be distinguished from true
randomness, but they are still not truly random. Only quantum
processes are truly random.
Bob Knauer
"People have criticized me because my security detail is larger
than the president's. But you must ask yourself: Are there more
people who want to kill me than who want to kill the president?
I can assure you there are."
- Marion Barry, Mayor of Washington DC
------------------------------
From: "Chen Yijiang" <[EMAIL PROTECTED]>
Subject: Re: SHA
Date: Mon, 5 Apr 1999 20:41:15 +0800
i don't know. (test)
Thomas Mehring wrote in message <[EMAIL PROTECTED]>...
>Is SHA free?
>
>bye
> Thomas Mehring
------------------------------
From: [EMAIL PROTECTED]
Subject: att. Aman
Date: Mon, 05 Apr 1999 12:29:35 GMT
Version 2.02h. Corrupted file.
Drausio.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Nathan Kennedy <[EMAIL PROTECTED]>
Subject: Re: PGPdisk or ScramDisk?
Date: Tue, 06 Apr 1999 00:13:15 +0800
Michael wrote:
>
> Which of these programms is better?
ppdd, hands down.
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: quick RSA key generation question
Date: 5 Apr 1999 16:54:04 GMT
In article <7eafsu$n4q$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (DJohn37050) wrote:
>> Bob, Also mention the SQROOT(2) method for sizes of p and q in X9.31.
>> Don Johnson
>>
>
>Sure. Suppose one wants a 1024 bit modulus. It is not sufficient that
>p,q, each be 512 bits, since their product might be either 1023 or 1024 bits.
>To ensure a 1024 bit modulus, one requires that p,q be in [sqrt(2)2^1022,
>2^1023-1]. This is a simple normalization condition.
You meant [sqrt(2) 2^511, 2^512-1], of course.
The method I mentioned earlier (set the top two bits of a 512-bit string
to 1) is just a "poor-man's" version of this; effectively, you're forcing
p,q to be in [1.5 2^511, 2^512-1]. The only difference is in the 1.5
(= 1.1 binary) instead of the sqrt(2) (~ 1.0110101 binary).
- Ian
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: quick RSA key generation question
Date: Sun, 04 Apr 1999 14:35:09 GMT
In article
<[EMAIL PROTECTED]>, Fritz
J Schneider <[EMAIL PROTECTED]> wrote:
> On Sat, 3 Apr 1999, Michael Sierchio wrote:
>
> > By definition, a bit string of length n has the nth bit set. That's
> > another way of saying the most significant bit is always set. Leading
> > zeroes don't count. Now thank Dr. Bob for his grandmotherly kindness.
>
> Right. I think the way I posed the question led to confusion.
There is still confusion.
A bit string does NOT, repeat NOT necessarily have its MSB set.
A bitstring is simply a sequence of 0's and 1's and it has a given length.
A NUMBER, on the other hand does have its MSB set. This is vacuously
true since the MSB is alsways the leftmost bit that is set.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 5 Apr 1999 11:22:45 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 4 Apr 1999 09:13:35 GMT, [EMAIL PROTECTED] (Bryan G. Olson; CMSC (G))
>wrote:
>>I haven't written anything that implies no statistician will write
>>about abnormal phenomena or fluctuations. You simply have not
>>understood what theory applies where.
Statisticians will write about such.
.................
>I claim that true randomness cannot be modeled by classical analytical
>processes like those discussed in standard statistics. One must go to
>processes that are quantum mechanical in nature, and that means a
>completely different kind of statistics, namely quantum statistics,
>which has very little to do with standard statistics.
This is completely false. Random processes were understood well
before quantum mechanics. In fact, current quantum models state
that any set of actual observations will have a joint probability
distribution, in the classical probability sense. The output of
a generator is a set of actual observations.
.................
>>: IOW, I am challenging your contention that true randomness can even be
>>: modeled mathematically, even to the extent that you can determine with
>>: reasonable certainty tbat a process is not truly random based on
>>: statistical tests.
>>But your doing it by not defining your terms.
>I believe I have.
>True randomness is a process which is capable of generating all
>possible finite sequences equiprobably, namely in an independent and
>equidistributed manner.
This is a well-known mathematical model, about which probabilists
have been getting results for a long time. Whether anything in
nature satisfies this is highly problematical, if indeed it is
possible at all.
................
>>I'll assert that statistical hypothesis testing can show that some
>>bad candidate TRNGs are in fact bad.
>You can only do that if the Central Limit Theorem (CLT) applies. All
>of classical statistics, even non-parametric statistical tests,
>require that the CLT applies.
This is nonsense. Much of classical statistics does not use
normality in any way. Some of it may appear to, but even this
need not be the case.
If, however, a distribution is not
>square integrable all the way to infinity, for example, then the CLT
>is not applicable and all your beloved statistical tests, parametric
>and non-parametric alike, go straight to hell in a handbasket.
Statistics does not deal with quantum wave functions. But one
cannot give an entire course on probability and statistics in
postings on this newsgroup. Non-parametric tests, in particular,
make no use of the CLT. Tests for contingency tables do use it
for large values of the sizes, and the CLT here follows from
equally likely selection, and nothing else.
...............
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 17:31:07 GMT
Reply-To: [EMAIL PROTECTED]
On 5 Apr 1999 11:30:46 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>>I am not relying on any measurements to certify the intrinsic
>>randomness of the source of randomness itself. I am relying on the
>>fact that it is quantum mechanically random for that. Since all other
>>subsystems are deterministic, there are no accuracy requirements just
>>diagnostic requirements.
>I will grant that it is a random process. But this does not
>mean that the process has the particular distribution you
>want it to be.
The ensemble contains one and only instance of a sequence of all
possible types. For 1-bit sequences it contains one and only one
instance of all possible 1-bit sequences, namely {0,1}. For 2-bit
sequences it contains one and only one instance of all possible 2-bit
sequences, namely {00, 01,10,11}. And so on for all possible finite
lengths of sequences. One of these is selected from the ensemble to
serve as the keystream.
I have no problem with the fact that these sequences are distributed
normally with regard to bit bias. I have never indicated otherwise,
when the entire ensemble is taken into account. What I have questioned
is the applicability of infinitesimally small statistical sampling as
an accurate characterization of the ensemble distribution.
I have challenged that on a few fronts, in particular on the basis
that the random walk (a direct measure of bit bias) has a significant
number of "abnormal" sequences present that can fool you into a false
sense of confidence when using statistical measures on infinitesimally
small samples.
If you really believe that you can use the various statistical tests
that gain their significance from the CLT, then I need to see the
exact rationale for that. Saying "garbage" or "that is completely
wrong" or "go read a book" when I ask a question or posit an assertion
for comment, are not professional ways to provide that rationale.
In fact, tapping off of my experience over the years, especially my
experience as a practicing scientist many years ago, I see those
unprofessional gambits as thinly disguised coverups for the fact that
people do not know how to address the issues critically. The more
people hide behind smoke and mirrors like those above, the more I know
that they do not know what they are talking about with regard to the
issues I have raised.
>>A quantum computer can calculate true random numbers with no accuracy
>>issues involved whatsoever.
>A computer calculates, it does not, as a computer, generate
>random numbers.
The word "calculate" means to generate the output of an algorithmic
procedure. I think we are getting a bit nitpicky here, don't you?
Bob Knauer
"People have criticized me because my security detail is larger
than the president's. But you must ask yourself: Are there more
people who want to kill me than who want to kill the president?
I can assure you there are."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 17:04:36 GMT
Reply-To: [EMAIL PROTECTED]
On 5 Apr 1999 11:22:45 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>>I claim that true randomness cannot be modeled by classical analytical
>>processes like those discussed in standard statistics. One must go to
>>processes that are quantum mechanical in nature, and that means a
>>completely different kind of statistics, namely quantum statistics,
>>which has very little to do with standard statistics.
>This is completely false.
Which part?
> Random processes were understood well
>before quantum mechanics.
Pseudo-random processes, you mean. There is no a priori reason to
believe that pseudo-randomness is the same as true randomness.
I define true randomness in two ways, one by the TRNG specification
and the other by the output of a quantum computer programmed to
calculate true random numbers.
>>True randomness is a process which is capable of generating all
>>possible finite sequences equiprobably, namely in an independent and
>>equidistributed manner.
>This is a well-known mathematical model, about which probabilists
>have been getting results for a long time.
Please point me to a reference where it is discussed in detail.
>Whether anything in
>nature satisfies this is highly problematical, if indeed it is
>possible at all.
Why do you not believe that a quantum computer cannot calculate true
random numbers? What reasons do you have for not expecting that to
happen perfectly? I realize that such a quantum computer has not yet
been built, but the algorithm for calculating true random numbers has
been described in full detail.
>>You can only do that if the Central Limit Theorem (CLT) applies. All
>>of classical statistics, even non-parametric statistical tests,
>>require that the CLT applies.
>This is nonsense. Much of classical statistics does not use
>normality in any way. Some of it may appear to, but even this
>need not be the case.
I made that statement to point out that Triola's exposition is far
from comprehensive. The statement only applies to the tests in his
book, save one - the Runs Test.
>Non-parametric tests, in particular, make no use of the CLT.
Triola does, in some instances.
>Tests for contingency tables do use it
>for large values of the sizes,
and that includes non-parametric tests too.
>and the CLT here follows from
>equally likely selection, and nothing else.
It is my understanding (from vague recollection) that the CLT places
certain requirements on the population distribution, such as square
integrability.
If you do not know anything about the population distribution, how can
you be sure it is suitable for the CLT? It seems that taking a small
sample, calculating some things that seem to indicate that it is
suitable for the CLT, and then using the CLT to make inferences, is
circular reasoning.
You are using the CLT to make inferences that the CLT is suitable.
Bob Knauer
"People have criticized me because my security detail is larger
than the president's. But you must ask yourself: Are there more
people who want to kill me than who want to kill the president?
I can assure you there are."
- Marion Barry, Mayor of Washington DC
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
