combining entropy
Stephan Neuhaus
neuhaus at st.cs.uni-sb.de
Fri Oct 24 09:37:45 EDT 2008
On Oct 24, 2008, at 14:29, John Denker wrote:
> On 09/29/2008 05:13 AM, IanG wrote:
>> My assumptions are:
>>
>> * I trust no single source of Random Numbers.
>> * I trust at least one source of all the sources.
>> * no particular difficulty with lossy combination.
>
>
>> If I have N pools of entropy (all same size X) and I pool them
>> together with XOR, is that as good as it gets?
>
> Yes.
>
> The second assumption suffices to prove the result,
> since (random bit) XOR (anything) is random.
Ah, but for this to hold, you will also have to assume that the N
pools are all independent. If they are not, you cannot even guarantee
one single bit of "entropy" (whatever that is). For example, if N =
2, your trusted source is pool 1, and I can read pool 1 and control
pool 2, I set pool 2 = pool 1, and all you get is zeros. And that
surely does not contain X bits of "entropy" for any reasonable
definition of "entropy".
Fun,
Stephan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list