[Cryptography] ideas for (long) Nothing up my sleeve numbers

Albert Lunde atlunde at panix.com
Tue Apr 1 20:10:24 EDT 2014

On 4/1/2014 5:27 PM, Sampo Syreeni wrote:
> Essentially, you want a trusted source of well behaved bits you can be
> sure of isn't under suspicion. The binary development of pi serves well
> there for at least three separate reason. First, it's a fundamental
> constant with a history of study considerable longer than that of the
> other likely candidate, e.[...]
> That means you could probably take any thus far unused part of the
> development as your source. But I think it might just pay off to put in
> an extra step which guarantees that not only do you have to use the next
> portion nobody used yet, but to also expend an amount of effort doing
> so. Also, you probably shouldn't be able to choose where you start your
> extraction, at leaast if you get to choose how many bits you're going to
> extract at the same time. And of course the effort should be roughly
> (asymptotically) equal, whether you took two bits separately or a single
> two bit chunk.  [...]

In this kind of construction, the "something up my sleeve" may appear to 
be how you picked the starting point and other details.

Also note there are algorithms to compute the Nth digit of pi in various 
bases without computing the previous digits, so there is no particular 
reason to stick with digits in published literature.

But I'd argue you might as well start at the first non-zero binary digit 
of pi, and reduce the degrees of freedom in the choice.

     Albert Lunde  albert-lunde at northwestern.edu
                   atlunde at panix.com  (address for personal mail)

More information about the cryptography mailing list