Re: Good enough for crypto?
From: Scott Wilber (swilber_at_comscire.com)
Date: 11/28/03
- Next message: Jan Panteltje: "Re: "Numbers to be patentable""
- Previous message: Tom St Denis: "Re: Motorola smartcard micros erased information. Why?"
- In reply to: Mok-Kong Shen: "Re: Good enough for crypto?"
- Next in thread: Mok-Kong Shen: "Re: Good enough for crypto?"
- Reply: Mok-Kong Shen: "Re: Good enough for crypto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Nov 2003 10:47:40 -0800
Mok-Kong Shen <mok-kong.shen@t-online.de> wrote in message news:<3FC71287.4B1C92EA@t-online.de>...
> Scott Wilber wrote:
> >
>
> > QNG is a recognized trademark from our years on the market. The PC
> > part just stands for Personal Computer. "QNG" does indeed stand for
> > Quantum Number Generator, but this does not mean that our generators
> > derive their entropy entirely from pure quantum sources. This would
> > have been prohibitively expensive, and hard to manufacture. All our
> > generators do have a quantum component in their entropy source. This
> > comes primarily from shot noise in semiconductor junctions, and to a
> > much smaller extent from thermal noise, which, as I mentioned earlier
> > in this thread, provides mostly chaotic noise.
> >
> > As our generators advance, the portion of entropy derived from quantum
> > sources increases. Our latest hardware generator, the ComScire QNG
> > Model J1000KU, (1Mbps) derives most of its entropy from shot noise.
> > Hence its entropy source is almost entirely quantum.
> >
> > The quantum component in the PCQNG is smaller, since we were
> > constrained to use only the hardware components programatically
> > available in a typical personal computer. This compromise was made in
> > order to provide a high quality, very low cost TRNG for convenient use
> > by anyone with a PC running Windows. The PCQNG is a true random
> > number generator in the sense that is commonly in use today.
>
> I still think that the use of the term 'quantum' tends
> unfortunately to suggest that the technology is in the
> direction of what is currently done in 'quantum
> cryptography'. Anyway, would other hardware generation
> of randomness, e.g. Lavalamp etc, be also appropriately
> qualified with 'quantum'? (I don't think that's good.)
> Another difficulty I have is with the term 'mathematical
> analysis'. In my humble view, that would mean in the
> present context building a (purely) mathematical model
> to interpret/evaluate the data (i.e. the bit sequences
> obtained), like employing the ARIMA model in time
> series analysis, which apparently isn't the case, if
> I don't err.
>
> M. K. Shen
There are many so-called random number generators that contain
virtually no quantum components. Certainly the Lava Lamp generator,
which is based on turbulent flow in a heated viscous liquid, is one of
them. Another important example is the mechanical systems used to
select numbers in most lotteries. These employ plastic or rubber
balls that are "mixed" by air flow or rolling drums. Again, these are
totally chaotic, and therefore not in the least truly random. This is
not to say that they are significantly biased or that they can be
predicted to any profitable degree. The parameters involved are
extremely complex and we have no present methods of measuring them.
Also, it would do no good to be able to predict each ball real-time
since all lotteries close before the drawings begin.
Unfortunately, we have no other tool than mathematical analysis to
assess the quality of any sequence of bits. If we know the generated
sequence was based on a deterministic or a non-deterministic process,
it is possible to use slightly different approaches. Most of the
analysis is, of course, statistical in nature. There is NO analytical
method that can distinguish between a deterministically- and a
non-deterministically-generated sequence, providing there is no
significant defect in the statistical properties of either.
If we know that a sequence is deterministic (pseudorandom), than it is
possible to search for patterns that would only occur in this type of
sequence. This type of analysis can only succeed if the generator
produces significant statistical defects that can be analyzed further,
or if the actual generating algorithm can be guessed or otherwise
determined.
If a sequence is non-deterministic, it will exhibit certain
properties. The most important of these relates to its
autocorrelation function.
The autocorrelation function of a non-deterministic sequence will
always decrease with increasing order. The decrease will either be
monotonic or the function will oscillate, and the amplitude of the
oscillations will decrease monotonically. This is proved by proving
the behavior of the generalized autocorrelation function of the random
process, including its measurement device - something I will not try
to show in this setting.
If a sequence is analyzed and is shown to violate this property, than
it is at least partly or entirely deterministic. An obvious example
is if a pseudorandom sequence is tested for autocorrelation with order
equal to its period, where the AC will jump to 1.0.
To the best of my knowledge, this theorem on non-deterministic
sequences is original and has never been published before. But, its a
big world and if anyone has seen this before, I would like to know.
Scott Wilber
- Next message: Jan Panteltje: "Re: "Numbers to be patentable""
- Previous message: Tom St Denis: "Re: Motorola smartcard micros erased information. Why?"
- In reply to: Mok-Kong Shen: "Re: Good enough for crypto?"
- Next in thread: Mok-Kong Shen: "Re: Good enough for crypto?"
- Reply: Mok-Kong Shen: "Re: Good enough for crypto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
