[Cryptography] Uncorrelated sequence length, was: A TRNG review per day

dj at deadhat.com dj at deadhat.com
Fri Oct 31 15:09:00 EDT 2014


> If we want protection from unforeseen mathematical insights into
> the PRNG, we can obtain it (to some extent) by using PRNGs which
> have an uncorrelated sequence length strictly longer than the length
> of any single output we intend to generate. In exactly the same way
> that a one-time pad is immune to any cryptanalysis no matter how
> advanced but can protect only messages shorter than itself, a PRNG
> of long uncorrelated sequence length is immune to any possible way
> to distinguish a PRNG output sequence from a random sequence, but
> that immunity is limited to output sequences shorter than that
> length.
>

I'm confused. Wouldn't any CAZAC code meet this definition without being
remotely useful for cryptography.

Presumably the term 'uncorrelated' isn't sufficiently precisely defined. A
optimal CS-PRNG should produce both correlated and uncorrelated outputs
for any definition of which output strings are correlated and which are
not.



More information about the cryptography mailing list