Randomness
David Wagner
daw at mozart.cs.berkeley.edu
Fri May 9 11:47:01 EDT 2003
Paul Onions wrote:
>Now assume I have two PRBGs of the same design. One is seeded with X, the
>other with Y. Assume that X, when considered on its own, has entropy H(X) =
>n, but that Y is related to X such that H(Y|X) < n. Now, if an adversary has
>access to the output streams of these two generators, is it able to
>distinguish them from the random case?
Absolutely. Suppose Y = X, for instance. More generally, if
H(Y|X) = k, then there could well be an attack of complexity 2^k or so.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list