Entropy and PRNGs
John Denker
jsd at av8n.com
Tue Jan 11 11:17:49 EST 2005
Ed Gerck wrote:
> Let me comment, John, that thermal noise is not random
When did you figure that out? If you'd been paying attention,
you'd know that I figured that out a long time ago.
First of all, the phrase "not random" is ambiguous. I said
>> Some people think “random” should denote 100% entropy density,
>> and anything less than that is “non-random” even if it
>> contains a great deal of unpredictability. Other folks think
>> that “random” refers to anything with an entropy density
>> greater than zero, and “non-random” means completely
>> predictable.
Reference:
http://www.av8n.com/turbid/paper/turbid.htm#sec-s-density
Thermal noise, as it comes off the hardware, has an entropy
density greater than zero and less than 100%, as I said at
http://www.av8n.com/turbid/paper/turbid.htm#sec-hesg
and elsewhere.
> There are several quantities that can be estimated in thermal
> noise, reducing its entropy according to what you seem to expect
> today. See "photon bunching", as an example that is usually ignored.
> Another, even though trivial, example is due to the observation that
> thermal noise is not white noise. Yet another observation is that no
> noise is really white, because of causality (in other words, it's
> duration must be finite). The noise that is due to photon fluctuations
> in thermal background radiation, for another example, depends
> also on the number of detectors used to measure it, as well as
> single- or multiple-mode illumination, and both internal and external
> noise sources.
Stop wasting our time. All that doesn't change the fact that
thermal noise, as it comes off the hardware, has a nonzero
entropy density. And it is easy to arrange situations where
I can calculate a very useful lower bound on the entropy density.
> Yes, it's entirely possible that someone in the future will know
> more about your entropy source than you do today! Even thermal
> noise.
That's tantamount to saying the second law of thermodynamics will
be repealed. By that standard, it's "entirely possible" that the
sun will rise in the west tomorrow morning. But I wouldn't bet
on it.
> OTOH, why are nuclear decay processes considered safe as a source
> of entropy? Because the range of energies preclude knowing or
> tampering with the internal state. These processes are, however,
> not free from correlations either.
Nuclear decay processes are not in any practical sense safer than
thermal noise. As I discuss at
http://www.av8n.com/turbid/paper/turbid.htm#sec-hesg-attack
nuclear is in the same category as thermal: entropy density
greater than zero and less than 100%.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list