Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Ivan Bjerre Damgård
It is not good to use the wrong kind of PRG, it should be fixed as soon as possible. But do we know that os.urandom will be OK on any platform, or is this OS -dependent at the end of the day? - Ivan On 06/07/2010, at 15.22, Thomas P Jakobsen wrote: VIFF itself as well as most protocols

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Thomas P Jakobsen
The urandom is os-specific: This function returns random bytes from an OS-specific randomness source. The returned data should be unpredictable enough for cryptographic applications, though its exact quality depends on the OS implementation. On a UNIX-like system this will query /dev/urandom, and

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Mikkel Krøigård
Indeed it should satisfy those properties. Say if you Shamir share something, the adversary might get t shares in order. If it can guess the next bit with non-negligible advantage, this will completely break our claim that the adversary has no information on the secret. Luckily it should

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Mikkel Krøigård
I had not seen the later replies before answering. My apologies. The way I've always understood urandom is exactly that. It's probably unpredictable but there's no actual proof of this, like there would be if you used for example Blum Blum Shub. I'm sure there are multiple implementations

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Marcel Keller
Thomas P Jakobsen wrote: The urandom is os-specific: This function returns random bytes from an OS-specific randomness source. The returned data should be unpredictable enough for cryptographic applications, though its exact quality depends on the OS implementation. On a UNIX-like system this

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Martin Geisler
Marcel Keller mkel...@cs.au.dk writes: Thomas P Jakobsen wrote: If not, I guess we'll have to use some external package (openssl?) or implement our own algorithm. viff.util.rand is used to make all randomness replayable, which already helped me to find bugs triggered by certain randomness.

Re: [viff-devel] VIFF and random numbers

2010-07-06 Thread Thomas P Jakobsen
I agree that tests should be reproducible. But it is also very important to use a cryptographically secure PRNG. I don't know whether these two requirements can be satisfied by the same number generator. If not, the best solution is to have two modes of operation: - A test mode where the