[Cryptography] ideas for (long) Nothing up my sleeve numbers
Miroslav Kratochvil
exa.exa at gmail.com
Sun Mar 30 14:43:14 EDT 2014
Hello list,
so I am implementing a variant of XSYND The Provably Secure Stream Cipher
[1] derived from "better known" SYND [2] for my paranoid
quantum-computer-resistant pet project [3].
The problem is that I need a very big amount of provably random constants
for initialization of the content of some internal matrices (A_1 and A_2 in
the paper; only thing that the autors specify about them is that the bits
need to be uniformly random, not secret).
Therefore, the question: What is your favourite idea for a good,
random-enough Nothing Up My Sleeve data with size around 2^14 bits? (e.g.
long, reputable, randomly looking positive integer that is less than
2^(2^14))?
My best guess is "Pi and Euler's number to a very high percision", but that
seems boring.
Thanks for ideas,
-mk
(
end note for those who have read the paper:
I will certainly not use exactly these NUMS to fill up the syndrome
matrices, I instead want to feed them to "preparation" phase that will run
XSYND with NUMS and supplied key+IV several times to generate the contents
of new A_i matrices that will be used to generate the actual keystream.
Or should I use some simpler key expansion function, even when XSYND is
there already a key expansion function?
Or did I get it completely wrong?
)
Refs.:
[1]
http://www.cayrel.net/PublicationsCayrel/2012%20-%20Improving%20the%20performance%20of%20the%20SYND%20Stream-Cipher.pdf
[2] http://www.unilim.fr/pages_perso/philippe.gaborit/isit_synd_rev.pdf
[3] https://github.com/exaexa/codecrypt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140330/d585988d/attachment.html>
More information about the cryptography
mailing list