[13233] in cryptography@c2.net mail archive
Re: Randomness
daemon@ATHENA.MIT.EDU (David Wagner)
Fri May 9 21:56:43 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
X-Envelope-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 9 May 2003 15:47:01 GMT
X-Complaints-To: news@abraham.cs.berkeley.edu
Paul Onions wrote:
>Now assume I have two PRBGs of the same design. One is seeded with X, the
>other with Y. Assume that X, when considered on its own, has entropy H(X) =
>n, but that Y is related to X such that H(Y|X) < n. Now, if an adversary has
>access to the output streams of these two generators, is it able to
>distinguish them from the random case?
Absolutely. Suppose Y = X, for instance. More generally, if
H(Y|X) = k, then there could well be an attack of complexity 2^k or so.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
