combining entropy

Dave Howe DaveHowe at gmx.co.uk
Mon Oct 27 18:03:54 EDT 2008


John Denker wrote:
> On 09/29/2008 05:13 AM, IanG wrote:
>> My assumptions are:
>>
>>  * I trust no single source of Random Numbers.
>>  * I trust at least one source of all the sources.
>>  * no particular difficulty with lossy combination.
> 
> 
>> If I have N pools of entropy (all same size X) and I pool them
>> together with XOR, is that as good as it gets?
> 
> Yes.
> 
> The second assumption suffices to prove the result,
> since (random bit) XOR (anything) is random.

unless you have a possible case where (say) for any given pool,
alternate bits are predictable; XORing all 'n' pools would still give a
maximum entropy of 50%, as the XOR of all 'n' predictable bits is
predictable.

using a hash which performs error diffusion, I would expect that 'n'
equal to 3 would give a suitable combined stream in that case (assuming
the 50% of random bits *are* random of course) 2 is possibly good
enough, but I would probably over-engineer at 3, in case one pool went
non-random.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list