[Cryptography] ideas for (long) Nothing up my sleeve numbers

Viktor Dukhovni cryptography at dukhovni.org
Mon Mar 31 14:20:57 EDT 2014

On Mon, Mar 31, 2014 at 10:47:19AM -0500, Judd Storrs wrote:

> For "nothing up your sleeve" what about using well-known data to
> reproducibly derive the numbers? For example you could use one of the
> typical image processing test images[1] such as cameraman, peppers,
> mandril or Lena using versions taken from curated databases[2].
> Similarly, you could use census data or other government publications
> that are widely archived and curated. The bitcoin blockchain is also a
> possibility--you could process the first 1000 or so bitcoin blocks.
> Whatever processing would have to be simple and the data you rely on
> would have to be unlikely to be crafted by you.

Too many degrees of freedom in choosing real-world data sources.
One really should stick to the *initial* sequence of binary digits
of one of the 3 or so best known irrational numbers.

    * sqrt(2)	(First to be proved irrational)
    * e		(First of the well known constants proved transcendental)
    * pi	(Most famous transcendental)

If none of these yield a sufficiently *generic* (as opposed to
random) sequence of bits, the problem requirements are likely too
narrow to admit a nothing up my sleeve sequence.

If the problem involves algebraic operations on the bit string (as
a large integer rather than bit-wise) one might want to avoid
sqrt(2) since its square is certainly not terribly generic.


More information about the cryptography mailing list