Perry E. Metzger (perry@piermont.com)
Mon, 06 Jul 1998 21:41:58 -0400
Dave Emery writes:
> As someone with EE rather than mathematical cryptography
> background I am always a bit amazed at the problems that some software
> types see in finding randomness - for from an EE perspective it is
> everywhere in the form of random noise that has to be kept at bay by
> careful design techniques to keep it from causing errors every few
> thousand or million or billion operations of deterministic digital
> systems.
The problem is not in finding things that are random. The problem is
in very accurately characterizing how random those things are.
For instance, say you have some "noise" in a circuit. How much of that
is truly random noise? How much is recieved RF from some exterior
source? How much is coupling to some other part of the circuit?
To an EE, the distinction is unimportant. Noise is noise. Who cares
what kind of noise it is? To us, the distinction is life or
death. Some noise is really random. Some is disguised signal -- not
the signal an EE wants, perhaps, but none the less a signal. We want
just the random part.
> Any electrical resistive device at a temperature above zero
> kelvin has Johnson noise across its terminals, and this noise is just as
> theoretically statisticly random as the "noise" of radioactive decay.
Yup -- but try to figure out how many bits per second it means, and
you start getting trouble.
> And much easier to conveniantly and safely harvest than using radioactive
> sources and detectors. The roaring white noise that comes out of
> a FM radio tuned to an empty channel is an example of Johnson noise from
> the rf front end of the receiver amplified to high levels and should
> be a good source of random bits provided that there is no signal sneaking
> in.
"provided".
See what I mean?
> At the very most, simple minded approaches to harvesting Johnson
> noise may introduce very slight biases in the numbers of zero or one
> bits or corellations between adjacent bits, but there are a number of
> post processing techniques that eliminate these errors, and more
> sophisticated sampling techniques can eliminate most of them to
> begin with.
I'm not going to argue that you are wrong. I'm just going to argue
that a lot of this is dangerous stuff, and you have to be careful to
well characterize your sources. Often, it is safer just to assume the
source is far worse than it is and "distil" down so far that you are
safe (provided that our distilation techniques are okay -- we don't
have final word on that from the theoretical cryptographers yet.)
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:07 ADT