Cryptography-Digest Digest #139, Volume #9 Thu, 25 Feb 99 15:13:03 EST
Contents:
Re: Quantum Computation and Cryptography (Anthony Stephen Szopa)
Re: Define Randomness (R. Knauer)
Re: Testing Algorithms (R. Knauer)
Re: Define Randomness (Patrick Juola)
Re: Quantum Computation and Cryptography (R. Knauer)
Re: Testing Algorithms (R. Knauer)
Re: Pentium III Hardware Random Numbers (R. Knauer)
Re: Define Randomness (R. Knauer)
need help (JEANNINE)
Re: Testing Algorithms (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: Testing Algorithms (R. Knauer)
Re: Quantum Computation and Cryptography (Medical Electronics Lab)
Re: True Randomness - DOES NOT EXIST!!! ("hapticz")
Outlook Express ("s kearney")
Re: Define Randomness (Jim Felling)
Re: True Randomness - DOES NOT EXIST!!! (Medical Electronics Lab)
Call For Participation in Factoring ([EMAIL PROTECTED])
Re: Define Randomness (Patrick Juola)
Re: Define Randomness (Patrick Juola)
Re: Pentium III Hardware Random Numbers (Terry Ritter)
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: Quantum Computation and Cryptography
Date: Thu, 25 Feb 1999 08:49:29 -0800
Reply-To: [EMAIL PROTECTED]
Benjamin Johnston wrote:
> I read somewhere, a while ago, that Quantum computers, if or when they are
> created, will turn an otherwise difficult factorization into a trivial task.
>
> Will all the current cryptosystems be outdated, the instant a stable and
> practical quantum computer is created?
>
> Are there any cryptographic algorithms designed to be secure against quantum
> computers?
> What about algorithms secure against quantum computer cryptanaysis, but
> require a quantum computer for encryption?
>
> Does anybody have any personal opinions/predictions about the ramifications
> of such new technology/s.
>
> Thanks,
> Benjamin Johnston
> [EMAIL PROTECTED]
Even a quatum computer has a finite switching time or time per instruction, etc.
What is the expected order of magnitude increase in performance? 5? 10?
100???
So, come up with a number: how fast might a quantum computer be? Give us an
educated guess. Or go to a university and ask one of the computer science /
electrical engineer / physic types in solid state. Perhaps even a seasoned
graduate student.
There must be some university students out there. Go and ask for us.
Then get back to us, please.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Thu, 25 Feb 1999 17:17:56 GMT
Reply-To: [EMAIL PROTECTED]
On 25 Feb 1999 10:28:38 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>I flip the first bit of a (random) sequence and leave the rest unchanged.
>What sort of pattern does this introduce?
If you call that an algorithm, then I have to concede your point. But
there is no rhyme or reason behind flipping that bit, so I do not see
anything effective being accomplished.
I suppose you will now claim that a radioactive decay event that just
took place is also an algorithm, since it resulted in some bit being
flipped somewhere.
I am going to stick with the conventional definition of an algorithm.
>From Websters online:
+++++
algorithm: a procedure for solving a mathematical problem (as of
finding the greatest common divisor) in a finite number of steps that
frequently involves repetition of an operation; broadly : a
step-by-step procedure for solving a problem or accomplishing some end
especially by a computer.
+++++
It bit-didling is the same as "solving a problem", then I sure want to
know what problem that is.
>That's why I included "spurious." A "random", in the sense of
>Kolmogorov-complexity, sequence *will* include spurious patterns
>at odd and unpredictable intervals -- for example, there will (with
>probability one) be sub-sequences of any finite length that are
>all zeros, or alternating zeros and ones, or all ones, or 100100100
>in waltz time, or whatever.
Yes, that's because a Kolmogorov random number is normal and infinite.
Normality guarantees that all possible patterns will be present,
including bizarre ones that would never pass statisitical tests for
randomness.
>Something is "algorithmic" if the way that it operates on these
>particular patterns (as it finds them) is deterministic and predictable;
>it doesn't mean that the particular patterns are found in any predictable
>way or that the sequence *after* this algorithmic processing is any
>more patterned than it was previously.
You are saying that any procedure is algorithmic. Are you absolutely
sure that is true? A radioactive decay TRNG is a procedure, but it is
not algorithmic.
>No. Each pair is operated upon independently, so the actions of one
>pair cannot affect the actions of any other pair. The input sequence
>to the von Neumann transformation is assumed correlation-free, and
>the transformation is stateless so it cannot introduce any correlations.
That answers 1/2 the question, namely if the vN procedure intorduces
correlations itself. But there is the possibility that by removing
bits it could result in correlations emerging from the bitstream.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Thu, 25 Feb 1999 17:29:06 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 11:46:13 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Well, he found non-local phenomena, but he didn't find a way to pass a signal
>AFAIK.
He found that information was being communicated at a FTL rate. I am
not sure that implies a signal per se, in the conventional sense of a
signal.
>Waveguides are a simple case of apparent FTL events in that the phase
>velocity inside such a guide may exceed c. But the signal velocity is still
>constrained to <= (usually =) c.
Yes, but information is contained in the phases, otherwise there would
be no reason to include them in the description of an electromagnetic
wave.
>There were also a number of tachyon seaches conducted in the early eighties that
>produced a number of interesting particel events. But subsequent analysis
>indicated that the results were too explicable to be statistically signifigant.
Just like that pesky unicorn, eh.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Define Randomness
Date: 25 Feb 1999 11:45:14 -0500
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>> >>
>> >> 2) I have not been convinced that anti-skewing does not introduce
>> >> correlations, which would make the output unsuitable for crypto-grade
>> >> ciphers. After all, the anti-skewing procedure is algorithmic, so
>> >> there is always the opportunity to introduce correlation(s).
>> >>
>> >> The von Neumann method looks innocent on the surface since the
>> >> probability of dibits 01 and 10 are the same, namely p*(1-p). But that
>> >> says nothing about the correlations inherent in their appearance. If
>> >> you start throwing out bits like in the von Neumann method, who knows
>> >> what patterns are left behind.
>> >
>> >That is exactly the point. No one knows. I.e., it is unpredictable.
>>
>> No. The point is that the vN method does not *introduce* patterns.
>>
>> If there are longer-range correlations in the input data, the vN method
>> will not remove long-range correlations. What it *will* do is remove
>> bias from independent bits.
>>
>> It's an easy proof; I've sent it to you.
>
>Wrong. The initial questioned what patterns are left behind, i.e., not
>eliminated by the vN filtration. It did not imply the creation of patterns.
I quote Mr. Knauer : "I have not been convinced that anti-skewing does
not INTRODUCE correlations...."
-kitten
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum Computation and Cryptography
Date: Thu, 25 Feb 1999 17:36:15 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 08:49:29 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Even a quantum computer has a finite switching time or time per instruction, etc.
>What is the expected order of magnitude increase in performance? 5? 10?
>100???
A quantum computer results in an exponential increase in computing
capability. That's because it contains all eigenstates simultaneously,
like a massively parallel classical machine. These eigenstates
interact in an exponentially large manner as the computer steps along.
>So, come up with a number: how fast might a quantum computer be? Give us an
>educated guess. Or go to a university and ask one of the computer science /
>electrical engineer / physic types in solid state. Perhaps even a seasoned
>graduate student.
>There must be some university students out there. Go and ask for us.
>Then get back to us, please.
Read "Explorations In Quantum Computing" by Colin Williams.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Thu, 25 Feb 1999 16:50:58 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 26 Feb 1999 01:20:01 +0100, fungus
<[EMAIL PROTECTED]> wrote:
>Beyond classical physics we tend to find chaos, not
>the order needed to build reliable computers.
Quantum computers are about to become a reality, if they are already
not one now.
See "Explorations In Quantum Computing" by Colin Williams.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Pentium III Hardware Random Numbers
Date: Thu, 25 Feb 1999 17:41:09 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 08:47:51 -1000, Somniac <[EMAIL PROTECTED]> wrote:
>It is not necessary for it to pass all statistical tests
>that are possible,
It can be shown that a number cannot exist if it can pass all
statistical tests for randomness. See the book by Li & Vitanyi on
Kolmogorov Complexity. They present a proof on at least two separate
occasions in their book IIRC.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Thu, 25 Feb 1999 17:47:13 GMT
Reply-To: [EMAIL PROTECTED]
On 25 Feb 1999 11:45:14 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>I quote Mr. Knauer : "I have not been convinced that anti-skewing does
>not INTRODUCE correlations...."
That is an ambiguous statement out of context.
There are two ways a procedure can "introduce" something. First, it
can insert something directly into the output. Secondly it can remove
something from the output, resulting in the emergence of something
that was not present before.
A perfect example of that latter procedure is the creation of a hole
in a semiconductor. The missing electron causes a hole to appear which
has the properties of an actual particle.
I accept that the vN procedure does not introduce correlations in the
first sense - it does not directly insert correlations. I am not
convinced that the vN procedure does not cause correlations to emerge
- although I suspect that it does not.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: JEANNINE <[EMAIL PROTECTED]>
Subject: need help
Date: Thu, 25 Feb 1999 11:41:42 -0500
Hi everyone..I am a student in a Coding and Signal Processing
Class at Bloomsburg University. I am supposed to do a project, and i
chose Magnetic ID Cards. I have a bunch of questions.
-what is stored on the magnetic strip
-how is it stored
-how does the reader verify the ID
I am a junior, secondary ed math major, so I am not too familiar
with Coding or Computer Science
If anyone can help me out, i would really appreciate it..thank you
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Thu, 25 Feb 1999 17:32:21 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 11:56:28 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Since this interpretation seems to forbid the practice of time travel rather
>than the physics of time travel, and time travel is strongly connected to FTL
>travel. I'd guess that FTL cannot be practiced even if the physics of the
>universe permits it.
Does that mean we aren't gonna have any more Star Trek Voyager movies?
Dammit. Just when you find something you like, someone comes along and
tells you that it can't exist.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Thu, 25 Feb 1999 16:00:28 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 04:17:42 GMT, "H. Cheng" <[EMAIL PROTECTED]> wrote:
>I believe true randomness can be achieved by using a radioactive source. The
>decay is VERY random and subjected to quatum mechanics. Also to predict anything,
>you must know the initial condition, which is impossible once you start dealing
>with the real world. There are just too many factors and then there's the
>Uncertainty Priniciple, which I believe makes the radioactive decay random.
Yes, radioactive decay is one process that is proveably random.
It arises from second order perturbation theory in Quantum Mechanics.
Radioactive nuclei decay completely independently of one another with
a probability per unit time that is a constant.
This results in a first order exponential decay in time and a
Lorentzian lineshape for the Mossbauer energy spectrum - two physical
processes which can be measured experimentally to high precision.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Thu, 25 Feb 1999 16:48:20 GMT
Reply-To: [EMAIL PROTECTED]
On 25 Feb 1999 09:07:12 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>If FTL communication is possible,
It is possible, as was shown by Alain Aspect.
>Unrealistic? Perhaps. But my gut feeling is that transmutation of lead
>into gold is also pretty unrealistic.
Ironically, that is one of the actual transmutations that can occur.
The Philosopher's Stone is a nuclear reactor.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Quantum Computation and Cryptography
Date: Thu, 25 Feb 1999 12:58:59 -0600
Benjamin Johnston wrote:
>
> I read somewhere, a while ago, that Quantum computers, if or when they are
> created, will turn an otherwise difficult factorization into a trivial task.
>
> Will all the current cryptosystems be outdated, the instant a stable and
> practical quantum computer is created?
No, only the PK math based systems. The symmetric key systems may
fall after we learn how to use QC's and get a good handle on how
to deal with the algebra.
>
> Are there any cryptographic algorithms designed to be secure against quantum
> computers?
Not designed for it certainly. There may be people working on
algorithms designed for use with QC's.
> What about algorithms secure against quantum computer cryptanaysis, but
> require a quantum computer for encryption?
Not exactly practical yet. For the moment only a 2 bit QC has been
built. Getting above 10 bits is going to be very challenging. It will
be a few decades before you see a 128 bit QC.
>
> Does anybody have any personal opinions/predictions about the ramifications
> of such new technology/s.
I always have opinions :-) The rate of change will simply get faster.
We'll be able to compute chemical reactions, solid state materials,
and lots of other neat stuff we can't do now. That will allow us
to understand biochemistry to the point where we'll be able to manipulate
genetics. That will help us develop better soldiers, football players
and actors. Not to mention better materials for war, better food
and better transportaion. We'll be more efficient with materials
and will be more easily able to recycle things (since we'll know
exactly how to manipulate the chemical structure). QC's will help us
a lot!
Patience, persistence, truth,
Dr. mike
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Thu, 25 Feb 1999 10:33:04 -0500
human's understanding of the concept of randomness is randomly known.
absolute criteria are unknown to us, since we are not yet "finished".
einstein's approach to time was gently appreciative of this!
--
best regards
[EMAIL PROTECTED]
------------------------------
From: "s kearney" <[EMAIL PROTECTED]>
Subject: Outlook Express
Date: Thu, 25 Feb 1999 19:06:58 -0000
I've lost my password and have a copy in outlook express but it wont let me
copy it ouy any suggestions?
Loopy
------------------------------
Date: Thu, 25 Feb 1999 12:37:54 -0600
From: Jim Felling <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Define Randomness
How about this if that algorithm is too simple.
given a random bitstream B with b[n] being the nth bit of that stream.
I generate bitstream A with a[n] = b[2n] XOR b[2n+1]
in what way does this algorithm bias bitstream A?
"R. Knauer" wrote:
> On 25 Feb 1999 10:28:38 -0500, [EMAIL PROTECTED] (Patrick Juola)
> wrote:
>
> >I flip the first bit of a (random) sequence and leave the rest unchanged.
>
> >What sort of pattern does this introduce?
>
> If you call that an algorithm, then I have to concede your point. But
> there is no rhyme or reason behind flipping that bit, so I do not see
> anything effective being accomplished.
>
> I suppose you will now claim that a radioactive decay event that just
> took place is also an algorithm, since it resulted in some bit being
> flipped somewhere.
>
> I am going to stick with the conventional definition of an algorithm.
>
> From Websters online:
>
> +++++
> algorithm: a procedure for solving a mathematical problem (as of
> finding the greatest common divisor) in a finite number of steps that
> frequently involves repetition of an operation; broadly : a
> step-by-step procedure for solving a problem or accomplishing some end
> especially by a computer.
> +++++
>
> It bit-didling is the same as "solving a problem", then I sure want to
> know what problem that is.
>
> >That's why I included "spurious." A "random", in the sense of
> >Kolmogorov-complexity, sequence *will* include spurious patterns
> >at odd and unpredictable intervals -- for example, there will (with
> >probability one) be sub-sequences of any finite length that are
> >all zeros, or alternating zeros and ones, or all ones, or 100100100
> >in waltz time, or whatever.
>
> Yes, that's because a Kolmogorov random number is normal and infinite.
>
> Normality guarantees that all possible patterns will be present,
> including bizarre ones that would never pass statisitical tests for
> randomness.
>
> >Something is "algorithmic" if the way that it operates on these
> >particular patterns (as it finds them) is deterministic and predictable;
> >it doesn't mean that the particular patterns are found in any predictable
> >way or that the sequence *after* this algorithmic processing is any
> >more patterned than it was previously.
>
> You are saying that any procedure is algorithmic. Are you absolutely
> sure that is true? A radioactive decay TRNG is a procedure, but it is
> not algorithmic.
>
> >No. Each pair is operated upon independently, so the actions of one
> >pair cannot affect the actions of any other pair. The input sequence
> >to the von Neumann transformation is assumed correlation-free, and
> >the transformation is stateless so it cannot introduce any correlations.
>
> That answers 1/2 the question, namely if the vN procedure intorduces
> correlations itself. But there is the possibility that by removing
> bits it could result in correlations emerging from the bitstream.
>
> Bob Knauer
>
> "Democracy is the theory that the common people know what they
> want, and deserve to get it good and hard."
> --H.L. Mencken
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Thu, 25 Feb 1999 12:41:38 -0600
H. Cheng wrote:
>
> I believe true randomness can be achieved by using a radioactive source. The
> decay is VERY random and subjected to quatum mechanics. Also to predict anything,
> you must know the initial condition, which is impossible once you start dealing
> with the real world. There are just too many factors and then there's the
> Uncertainty Priniciple, which I believe makes the radioactive decay random.
It certainly seems to be so. As far as mathematical testing
can determine a radioactive source "appears" random. I personally
don't think random can be defined with words, it's much nicer as
a zen like concept. An axiom, like "point", which you can sort of
define with words, but not really.
for crypto, if nobody can predict the next bit from all the previous
ones, it's random enough. That's only a practical definition, I'll
stay out of the philosophy part :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.math.num-analysis,sci.math.symbolic
Subject: Call For Participation in Factoring
Date: Thu, 25 Feb 1999 19:07:41 GMT
Hello All,
There has been a lot of participation in the GIMPS project (Great Internet
Mersenne Prime Search). This post is a call for help on another distributed
project: the Elliptic Curve Factoring effort.
Please visit the following websites for code and data and to see what has been
done.
http://www.loria.fr/~zimmerma/records/ecmnet.html
http://www.loria.fr/~zimmerma/records/c120-355
Code is available for both Unix and Windoze.
We would particularly like help working on small values of 2^n-1
and 2^n + 1 for both prime and composite n. These have been (relatively)
ignored in favor of people finding small factors of 2^n-1 for very large n.
I must say I don't understand the puspose of this latter effort. One does
of course want to see if 2^n-1 has a small factor before testing it for
primality, but all 2^n-1 up to n = 3400000 have already been tested for
primality. I see little point in trying to find small factors of known
composites when there is no hope of finding the full factorization. For n up
to 1200, on the other hand, there is hope of finding full factorizations.
Let's put some effort into this.
See
http://www.mersenne.org/ecm.htm
for the details on this.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Define Randomness
Date: 25 Feb 1999 13:17:56 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 25 Feb 1999 10:28:38 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>I flip the first bit of a (random) sequence and leave the rest unchanged.
>
>>What sort of pattern does this introduce?
>
>If you call that an algorithm, then I have to concede your point. But
>there is no rhyme or reason behind flipping that bit, so I do not see
>anything effective being accomplished.
>From Websters online:
>
>+++++
>algorithm: a procedure for solving a mathematical problem (as of
>finding the greatest common divisor) in a finite number of steps that
>frequently involves repetition of an operation; broadly : a
>step-by-step procedure for solving a problem or accomplishing some end
>especially by a computer.
>+++++
>
>It bit-didling is the same as "solving a problem", then I sure want to
>know what problem that is.
It solves the "problem" of having the output sequence being identical
to the output by the raw RNG. Perhaps my copyright lawyers have been
chewing you out. No one said that the end or the problem had to be
sensible.
>>Kolmogorov-complexity, sequence *will* include spurious patterns
>>at odd and unpredictable intervals -- for example, there will (with
>>probability one) be sub-sequences of any finite length that are
>>all zeros, or alternating zeros and ones, or all ones, or 100100100
>>in waltz time, or whatever.
>
>Yes, that's because a Kolmogorov random number is normal and infinite.
>
>Normality guarantees that all possible patterns will be present,
>including bizarre ones that would never pass statisitical tests for
>randomness.
>
>>Something is "algorithmic" if the way that it operates on these
>>particular patterns (as it finds them) is deterministic and predictable;
>>it doesn't mean that the particular patterns are found in any predictable
>>way or that the sequence *after* this algorithmic processing is any
>>more patterned than it was previously.
>
>You are saying that any procedure is algorithmic. Are you absolutely
>sure that is true? A radioactive decay TRNG is a procedure, but it is
>not algorithmic.
No. I'm saying that any deterministic procedure is algorithmic. And
I don't know anyone else that would accept that radioactive decay
is a "procedure" -- what are the "steps" it follows?
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Define Randomness
Date: 25 Feb 1999 13:21:44 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 25 Feb 1999 11:45:14 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>I quote Mr. Knauer : "I have not been convinced that anti-skewing does
>>not INTRODUCE correlations...."
>
>That is an ambiguous statement out of context.
>
>There are two ways a procedure can "introduce" something. First, it
>can insert something directly into the output. Secondly it can remove
>something from the output, resulting in the emergence of something
>that was not present before.
>
>A perfect example of that latter procedure is the creation of a hole
>in a semiconductor. The missing electron causes a hole to appear which
>has the properties of an actual particle.
>
>I accept that the vN procedure does not introduce correlations in the
>first sense - it does not directly insert correlations. I am not
>convinced that the vN procedure does not cause correlations to emerge
>- although I suspect that it does not.
It can't cause correlations to emerge unless they were already there.
If you're asking whether it can possibly make an already correlated stream
worse, the answer is yes -- if I have a flawed generator that will only
output the bits in pairs (either 00 or 01), then I'll get a constant
output after running the vN procedure on it. That's a simple exercise
in GIGO; the stream was correlated to begin with ("correlation was present
before"). If you have an *independent* stream -- with no correlation --
then no correlation can possibly be introduced, by the proof I provided
earlier.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Pentium III Hardware Random Numbers
Date: Thu, 25 Feb 1999 19:51:51 GMT
On Thu, 25 Feb 1999 06:19:21 -0500, in
<7b3bjo$[EMAIL PROTECTED]>, in sci.crypt "Jay" <[EMAIL PROTECTED]>
wrote:
>Terry Ritter wrote in message <[EMAIL PROTECTED]>...
>>
>>On Wed, 24 Feb 1999 21:19:15 GMT, in
>><7b1qca$akc$[EMAIL PROTECTED]>, in sci.crypt [EMAIL PROTECTED]
>>wrote:
>>
>>>Is there some compelling reason why we should trust Intel?
>>
>>Nope. No more than we would trust, say, Schneier.
>>
>Schneier has a consistent history of supporting privacy. Intel, as we have
>recently seen, does not.
Possible conspiracy is beside the point. Either the design does what
we want, or not. I don't care whether the result was accidental,
incompetent or a clever conspiratorial ploy.
In my experience, it is often questionable to assume that one can
understand someone's motives from their actions. Often, a wide array
of motives and happenings can produce the exact same action.
>Also, I wonder about the assumptions in this list of "thermal noise=good."
Well, given the alternatives . . . .
>Theoretically yes, but with mass produced hardware needed to support the
>thermal noise generator, the signal coming out of such a generator is at
>best pink.
It is the role of most physically-random designs to transform the
detected randomness, with bias and correlation, into a flat
distribution of independent values. I can question whether that has
been accomplished, but that was the obvious intent. See: US Patent
5706218.
>In fact, the individual characteristics of particular chips may
>actually produce an inadvertent signature in the bit stream.
To some extent each chip will have its own particular set of secondary
(ring) oscillator frequencies. Should it ever become possible to
"solve for" (bound) those frequencies from exposed values, then, yes,
it might be possible to identify particular chips.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
