[11224] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jul 29 10:45:31 2002
From: David Wagner <daw@cs.berkeley.edu>
To: decoy@iki.fi (Sampo Syreeni)
Date: Sat, 27 Jul 2002 18:19:25 -0700 (PDT)
Cc: daw@mozart.cs.berkeley.edu (David Wagner),
cryptography@wasabisystems.com
In-Reply-To: <Pine.SOL.4.30.0207280150320.21638-100000@kruuna.Helsinki.FI> from "Sampo Syreeni" at Jul 28, 2002 02:18:23 AM
> However, what we're working with in the case of a typical RNG isn't
> functions between finite buffer-fulls of data, but functions between
> infinite sets of entire bitstreams which need to be implemented within a
> finite memory constraint. Whatever the algorithm, it can have state.
That obviously can't help. Introducing the notion of streams of data
can't make the problem any easier. Just look at the first n bits of
output; they are going to be a deterministic function of the first n' bits
of input, and we can simply let f be the function mapping the first n'
bits of input to the first n bits of output. (Or, the function mapping
the entire input stream to the first n bits of output.) Then we're back
to the same problem: since there is no way to guarantee that the first
n bits of output will be uniform if the input distribution is arbitrary,
there is no way to solve the streaming problem, either.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
