[11229] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jul 29 10:54:35 2002
From: David Wagner <daw@cs.berkeley.edu>
To: decoy@iki.fi (Sampo Syreeni)
Date: Sun, 28 Jul 2002 10:46:07 -0700 (PDT)
Cc: daw@cs.berkeley.edu (David Wagner),
daw@mozart.cs.berkeley.edu (David Wagner),
cryptography@wasabisystems.com
In-Reply-To: <Pine.SOL.4.30.0207281150030.4829-100000@kruuna.Helsinki.FI> from "Sampo Syreeni" at Jul 28, 2002 12:21:56 PM
> An example: presume we take a simple first order statistical model. If our
> input is an 8-bit sample value from a noise source, we will build a 256
> bin histogram. When we see an input value, we look its probability up in
> the model, and discard every 1/(p(x)-1/256)'th sample with value x. When
> this happens, the sample is just eaten and nothing appears in the output;
> otherwise we copy.
I understand what you're trying to say, but this will not give a
general-purpose function that "doesn't waste entropy" regardless of the
input distribution. This only works when the distribution on the input
stream consists of independent, memoryless samples from some distribution
on 8-bit values.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
