[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat

Kent Borg kentborg at borg.org
Mon Sep 8 16:14:48 EDT 2025 

On 9/8/25 1:45 AM, Pierre Abbat wrote:
> as long as randomness is properly extracted

Ah, one of the many dragon lairs on the path to random numbers.

I long ago decided that it doesn't matter whether the number is "truly" 
random (whatever that is), only that it be unguessable by whomever one 
wants to keep out of ones business.


Were I told to build a super-duper-secure random number generator I 
would worry a ton about issues of security that have nothing directly to 
do with random numbers. I would worry a ton about quality control issues 
that have nothing directly to do with random numbers (for example, a 
completely faulty random number stream can look very much like an 
excellent one).

Then, at the core, would be the simple part: Generating the actual 
random numbers.

In a secure (!) place I would corral several random number generators 
together. With some of my RNGs (admitting to be) quite pseudo and some 
(claiming to be) quite true. I would want the theoretical basis and 
practical implementation of each to be independent of all the others. 
And then I would xor them all together. As long as they are not 
correlated, each RNG adds security. If one RNG is good the result is 
good. If enough are somewhat good enough, then also the result is good.

Because I can't put a number on how much xor-ing in any one RNG helps 
the result, some would say means that RNG should not be xor-ed in. But 
that is as wrong as the once-upon-a-time Linux random.c maintainer who 
busily worked his way through the entire Linux kernel carefully removing 
every source of entropy he could not quantify, leaving /dev/urandom 
starved for entropy. But at least he thought he could put a number on it.


I admit the time I /*was*/ paid to build an RNG this xor-ing approach is 
not what I did. Because that RNG only had to be casino-grade. (And at 
least at the time the regulatory technical requirements were laughable, 
I'm convinced I well exceeded them.)


-kb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250908/bb1131bc/attachment.htm>

More information about the cryptography mailing list