steve b., perry m., and arnold r. all point out,
quite correctly, that hashing was used for noise-
whitening, long before sgi's lavarand and before
my disk-randomness paper. the difference that
sgi's work and mine offered was a more rigorous
notion of randomness. by explicitly drawing on
the strict mathematical definition of "chaos," we
could call our generators' outputs random per se.
thus, chaos-based rngs go beyond prior work on
noise-whitening, but the difference is perhaps
more important theoretically than practically.
both generators produced truly unpredictable bits,
though SGI & i differed in our statistical criteria.
my experiment produced asymptotically i.i.d. uniform
bits, while lavarand produced _effectively_ uniform
bits. in other words, both SGI and i offered truly
random bits, and not merely securely unpredictable
bits. note the contrast with prior work: while
arnold's DoD citation from 1985 does offer a
practical & effective way to seed a PRNG, the doc't
explicitly calls the product bits "pseudo-random."
our/my novel contribution was to justify dropping
the prefix "pseudo-". afaik, before my paper,
noone spoke of software "TRNGs". no-one believed
it was possible to produce truly random bits
without specialized hardware, though many of us
knew that hashing or encrypting an irregular or
secret input was necessary & sufficient for most
cryptographic purposes.
- don davis, boston
-
