[Cryptography] mathematical constants
rcs at xmission.com
rcs at xmission.com
Mon Jun 8 02:40:20 EDT 2026
Quoting Peter Gutmann via cryptography <cryptography at metzdowd.com>:
> Pierre Abbat <phma at bezitopo.org> writes:
>
>> Is there a place where we can collect mathematical constants for use as
>> nothing-up-my-sleeve numbers?
>
> The problem is that with any kind of famous irrational number you're mostly
> relying on people believing that the hex string you're using somehow
> corresponds to an encoding of Noodleheinz's Constant or whatever [0]. I'd go
> with either some well-known piece of text ("Friends, Romans, countrymen...")
> if low entropy is OK or the same thing run through HKDF if you need high
> entropy, that's pretty easy for anyone to verify.
>
> Peter.
>
> [0] Has anyone ever verified things like the SHA-2 constants? How are the
> fractional parts of square/cube roots encoded to get the hex values?
I implemented Blowfish from the description, which (IIRC) needed
4x32x256 (=32768)
bits of pi-3. My routine used one of the simple infinite series for pi, using
bignum integers, with every term scaled by 2^(32768+100), and the
answer printed in hex.
To convert an ordinary fraction to hex, just multiply it by 2^64 and print the
integer part in hex. You can even do it a digit at a time: multiply
the fraction
by 16, and use the integer part as one digit. Then repeat--- multiply the
leftover fraction by 16, record the integer part as a hex digit, over
and over ...
You can do a crude eyeball check on the cube-root-of-prime stuff by
computing the
table of first differences. Suppose the primes begin after 343. Then
347, 349, 353,
359, 367, 373, 379, ... has deltas 2, 4, 6, 8, 6, 6, ... The deltas of
the cube
roots will be multiples of the sequence 1, 2, 3, 4, 3, 3, slightly diminished
(since the graph of cbrt(N) is concave downward). The formula for cbrt(343+N)
begins with 7 + N/147 - (N^2)/151263 + ..., which is close to linear
for small N.
Knuth volume 2, appendix B, has 40 digits of pi, e^gamma, zeta(3), etc.
Abramowitz & Stegun, table 1.1, has 40 digits of cube roots. etc., and
table 26.11
has 2500 5-digit random numbers. (This is the old printed version,
which is online, free.)
Rich
More information about the cryptography
mailing list