[Cryptography] Duh, why aren't most embedded TRNGs designed this way?
Peter Fairbrother
peter at tsto.co.uk
Mon May 24 08:04:16 EDT 2021
On 23/05/2021 22:33, Robert Wilson via cryptography wrote:
But in the real world, wherever
> that is, we may sometimes have to accept [probabilistic proofs].
Indeed. I don't like proofs involving more than a simple infinity, but
sometimes they have to be accepted too.
However in the case of TRNG's we have a requirement - unpredictability -
which is not susceptible to statistical proof of any kind.
A quick proof of this (which I'll probably get wrong, I did say quick):
Any statistical test can only test a finite stream. There are 2^N
possible streams of finite length N bits, but there are an infinite
number of predictable ways to generate each of the individual streams.
We can use statistical methods to show with some confidence whether or
not a TRNG has a biased output - but we cannot use them to prove that it
is unpredictable.
Von Neuman famously said "Anyone who attempts to generate random numbers
by deterministic means is, of course, living in a state of sin."
The same might be applied to those who accept probabilistic proofs of a
TRNGs unpredictability.
Peter Fairbrother
More information about the cryptography
mailing list