[Cryptography] Throwing dice for "random" numbers
Arnold Reinhold
agr at me.com
Mon Aug 20 07:09:58 EDT 2018
On Sat, 18 Aug 2018 02:42 John Denker wrote:
> On 08/15/2018 01:08 PM, Christian Huitema wrote:
>
>> If you do not mark the dice, then the
>> experimenter will input the 12 numbers "in whatever order they see fit".
>> Maybe left to right, maybe nearer to further, maybe even results first,
>> maybe odd, maybe smaller result to larger. The choice by the operator
>> may be unconscious, but it is still very likely to introduce a bias,
>> resulting in fewer than 12*log(6) bits of entropy.
>
> 0) Worrying about biasing the order is a very minor optimization.
>
> 1) Marking the dice and then reading them out in marked
> order is a pain in the neck.
>
> 2) If you are really worried about the order, it would
> be better to separate them mechanically in advance,
> using something like an egg carton or a spice rack
> with one die per cell.
Here is the advice I give on my Diceware page:
“...get a shoe box or a food storage box about the same size. Put [the] dice in the box, shake them up vigorously -- at least ten hard shakes -- and then tip the box to let all the dice slide down to one edge. Now open the box, read the dice from left to right, or front to back if a few line up.”
There will be occasional ambiguous situations, such as when a die ends up in a position were two faces are equally visible (a tap on the box will usually resolve this), but this method is fast and easy to use and eliminates almost all selection bias.
Arnold Reinhold
More information about the cryptography
mailing list