[Cryptography] Photon beam splitters for "true" random number generation ?

Bill Cox waywardgeek at gmail.com
Mon Dec 28 11:24:12 EST 2015

On Sun, Dec 27, 2015 at 11:59 AM, Ron Garret <ron at flownet.com> wrote:

> On Dec 27, 2015, at 6:54 AM, ianG <iang at iang.org> wrote:
> > The process we developed at CAcert was:
> >
> > 1.  Everyone brings their favourite RNG on their laptop.  I used laptop
> photos of a white card in lowlight, similar to above, and hashed every
> photo.  One person used John Denker's audio device.  Another used the
> OpenSSL RNG ;-)
> >
> > 2.  Each feed was then transferred on USB stick to a single offline
> computer.
> >
> > 3.  All feeds were then combined (XOR'd together and hashed) by a 1 page
> C program.  Result was fed into the key generation process.

Very cool!

> Concatenation would be more secure than XOR.  XOR can actually lose
> entropy if two of your sources are correlated.  Concatenation (followed by
> a hash) doesn’t have that problem.

In the game above, if one attacker could see all the random numbers from
the other people before committing to their own random number, the attacker
could simply submit the XOR of the other random values, then XORed with the
value the attacker desires to be the seed to the hash function.

Your scheme of concatenation, then feeding into a cryptographically strong
hash algorithm, seems to defeat this attack.  What if the attacker hacks
the hash algorithm on the air-gapped computer?  The nice part about the
simple 1-page C program concept is the result could theoretically be
manually verified.  On the other hand, do we really want all the
participants looking at the resulting seed, or should it be kept secret?
Fun stuff.  I guess at some point we just have to accept some level of risk
and move on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151228/ee76793b/attachment.html>

More information about the cryptography mailing list