[Cryptography] mathematical constants
Christian Huitema
huitema at huitema.net
Mon Jun 8 02:50:03 EDT 2026
On 6/7/2026 5:57 PM, Peter Gutmann via cryptography wrote:
> Pierre Abbat <phma at bezitopo.org> writes:
>
>> Is there a place where we can collect mathematical constants for use as
>> nothing-up-my-sleeve numbers?
> The problem is that with any kind of famous irrational number you're mostly
> relying on people believing that the hex string you're using somehow
> corresponds to an encoding of Noodleheinz's Constant or whatever [0]. I'd go
> with either some well-known piece of text ("Friends, Romans, countrymen...")
> if low entropy is OK or the same thing run through HKDF if you need high
> entropy, that's pretty easy for anyone to verify.
If the goal is "nothing up my sleeve", one of the problem is the number
of possible inputs. For example, assume a hidden attack that is blocked
if the standard constants are derived from the digits of Pi, but enabled
if they are derived from the HKDF of "a well known piece of text".
Imaging an attacker willing to try finding one of the multiple thousands
"well known pieces of text" until finding one that meets the desired goal...
-- Christian Huitema
More information about the cryptography
mailing list