Randomness

David Wagner daw at mozart.cs.berkeley.edu
Fri May 9 11:47:01 EDT 2003


Paul Onions  wrote:
>Now assume I have two PRBGs of the same design.  One is seeded with X, the 
>other with Y.  Assume that X, when considered on its own, has entropy H(X) = 
>n, but that Y is related to X such that H(Y|X) < n.  Now, if an adversary has 
>access to the output streams of these two generators, is it able to 
>distinguish them from the random case?

Absolutely.  Suppose Y = X, for instance.  More generally, if
H(Y|X) = k, then there could well be an attack of complexity 2^k or so.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list