Re: Good enough for crypto?

From: Scott Wilber (swilber_at_comscire.com)
Date: 12/05/03 

Date: 5 Dec 2003 14:11:17 -0800

Mok-Kong Shen <mok-kong.shen@t-online.de> wrote in message news:<3FCFBF98.825BCE8A@t-online.de>...
> Scott Wilber wrote:
> >
> > Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
>
> ........
> [snip]
>
> > I must review my notes for a complete function; it's been a while
> > since I first derived this relationship. Sorry for assuming the
> > obviousness of certain functions. In electronics, its easy to imagine
> > that a step response must eventually decay to zero unless the reactive
> > elements are "perfect" and there is no radiative or thermal loss,
> > i.e., an electronic perpetual motion machine. This can never happen
> > except in a pure quantum system that is never observed.
>
> I don't yet see why you start your reasoning from a step
> response. You are in my view collecting randomness from
> a certain (sizeable) environment where apparently diverse
> 'forces' are acting. You could consider, I think, that
> the 'white noise' as commonly described in the literature
> (with the ACF fluctuating within a narrow band) as
> a model that your practically obtained randomness should
> (desirably) approach, just like you have to approach a
> distribution that is uniform. If that approximation turns
> out to be not very satisfactory, then one needs to do
> some adjustments in the design to render it better, I
> suppose.

The ACF is produced by the measurement system. We never see the
entropy "naked," we can only make a physical (macroscopic)
measurement. The ACF is not inherent in the energetic forces that may
be considered the actual entropy source. Take, for example, a
resistor as a thermal noise source. This may be modeled as a nearly
perfect gaussian (white) noise source with extremely high bandwidth.
The bandwidth is not infinite by any means since the electrons are
finite in number, they are highly correlated and the distribution of
their motions is bounded by physical constraints. This noise voltage
is further modeled by applying it to the input of an RC low pass
filter with R equal to the noise resistor and C equal to the parasitic
capacitance of the resistor. The capacitance is further increased by
the parasitic capacitance of the wiring and the input capacitance of
the amplifier that it is attached to. This resistive noise source has
a specific transfer function related to the noise voltage, R and C.
Additional transfer functions are multiplied by this first one as each
amplifier, which has its own transfer function, and filter are added.
Finally, An equation for the entire transfer function can be written
from beginning to end of the generation and processing of the entropy
source until a bit stream is produced. The produced bit stream will
have the same ACF as the total transfer function. The ACF of the
transfer can be calculated using know mathematical steps.
>
> BTW, you gave an URL where your entropy computation
> is described. Being extremely poor in knowledge of
> electronics, I must say that I could barely read that
> stuff and (even though I am not mathematician) I strongly
> doubt that the document is readily fully comprehensible
> to mathematicians. Allow me therefore to say something
> in general terms. Fig.2 seems to be showing a sequence
> of some regular signals rather than 'noises' in physical
> systems, which, from the limited literature I have
> seen, are quite different in 'nature' (being very
> irregular zigzag oscillations). Does this (in my view
> rather essential) difference affect your 'theory' of
> computing entropy?

Keep in mind that the PCQNG is based on the principal of a
high-frequency binary signal being clocked by a lower frequency binary
signal; one or both of them containing jitter. Since we are
describing the PCQNG in that link, we have made no attempt to describe
the other typical (continuous noise source with analog to binary
converter) type of generator. You may get more information about that
type from the description of the QNG Model J1000KU hardware true
random number generator.

> If you could display a picture of
> realistic noise and show the sample values that you get
> on that and then argue your 'adjustments' etc. etc., the
> reader would be better able to understand, I believe.
> You have the terms like 'transition value', 'effective
> value', 'jitter value', etc. These should be illustrated
> or defined. You say that you use manufacturers'
> specifications sheets. How good are these with respect
> to reality (e.g. how good is the Gaussian distribution
> actually, further does the distribution refer to your
> sampled values or is defined otherwise)? The theory
> behind the sentences beginning with 'The jitter values
> must first be properly adjusted' as well as the next
> paragraphs should be elaborated or else suffcient
> literature references be given. (I suppose that few
> readers in our group have expert knowledge in signal
> processing.) Overall, excuse me for saying that I yet
> consider the stuff to be more a technical/engineering
> description, with all the for engineering practice
> unavoidable sources of errors or deviations that
> presumably are to be neglected/tolerated via some
> more or less bold heuristic assumptions (clear and
> complete mentioning of these is needed) rather than
> a rigorous mathematical exposition, which I would have
> expected from terms like 'precise mathematical'. (I
> have tried to express what I actually feel as a
> (unknowlegeable) reader. Please don't interpret the
> above as anything of the genre 'attack', for there
> is absolutely none intended in there, I can assure you.)
>
> M. K. Shen

The description was written for more technically trained people so
that they could duplicate and independently confirm our computations.
We are not trying to convince anyone based on our word that this is a
"good" product; we are trying to reveal enough information so that
others may decide for themselves.

Scott

Loading