One thing I haven't seen from a PRNG or HWRNG library or device is an
unpredictable sequence which does not repeat; in other words, a
[cryptographically strong?] permutation.  This could be useful in all
sorts of places in the kernel and elsewhere to prevent replay (for
example, in DNS ID #s, in challenge-response protocols, for IVs where
you must never repeat an IV, etc.)  From what I can tell the common
practice is to pick a value at random, and hope that you don't get a
collision, but this has the problem of the birthday paradox.

The questions I have for you are:

1) What form should the API for this take?  I was thinking that there
could be a
create new sequence" operation, and the system could return an opaque
value to the client to store for its next value, and the "get next"
operator could take it as an input, freeing the PRNG from having to
remember state for every stream.

2) While CTR mode with a random key is sufficient for creating a
permutation of N-bit blocks for a fixed N, is there a general-purpose
way to create a N-bit permutation, where N is a variable?  How about
picking a cryptographically strong permutation on N elements, where N
is not necessarily a power of 2?

3) Is there any point in offering a permutation generator that is not
cryptographically strong?
--  -><- P=NP if (P=0 or N=1)
"My love for mathematics is unto 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to