[Cryptography] An interesting little pseudorandom number generator
Jacob Christian Munch-Andersen
nohat at nohatcoder.dk
Fri Jul 30 07:37:57 EDT 2021
It is an intriguing design, but it produces an even output 257 out of 512 times. The variable value lookup looks kind of side-channely, I'm not sure if it is exploitable, but the general consensus in modern cryptography is that we avoid such things completely, because it is devilishly hard to assert that there is no way to exploit that. The variable lookup is on the other hand the only thing that makes this not trivially linearly solvable, but I'm not sure if that is enough.
Using only addition has two major issues, you stick everything in the same linear space, and the higher order bits never get to influence the lower order bits.
While I'm no fan of creeping it to the absolute minimum, 2 kB of state for an rng might be a bit excessive.
You seem to have defined the size of integers to depend on the platform, you can make multiple different versions optimized for different platforms, but you should generally let the user choose which one to use so that they can get the same result across different platforms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210730/ffda8111/attachment.htm>
More information about the cryptography
mailing list