[Cryptography] Throwing dice for "random" numbers
Christian Huitema
huitema at huitema.net
Wed Aug 15 16:08:45 EDT 2018
On 8/14/2018 8:33 PM, Arnold Reinhold via cryptography wrote:
> *) Or is this supposed to be crypto engineering, as suggested
> by the Subject: line?
>
> In that case, you shouldn't be computing the sum at all.
> You can get log(6) = 2.58 bits of entropy per die per roll,
> and if you consider them all separately you get 12*log(6)
> = 31 bits per roll. That's a huge improvement in
> throughput. There's no need to distinctively mark the
> dice. We assume each die is statistically independent
> of the others.
There is a little twist there. If you do not mark the dice, then the
experimenter will input the 12 numbers "in whatever order they see fit".
Maybe left to right, maybe nearer to further, maybe even results first,
maybe odd, maybe smaller result to larger. The choice by the operator
may be unconscious, but it is still very likely to introduce a bias,
resulting in fewer than 12*log(6) bits of entropy.
-- Christian Huitema
More information about the cryptography
mailing list