Tom Otvos (tomo@everyware.com)
Fri, 10 Jul 1998 15:51:09 -0400
>
>Having a large period is only one of the criteria needed for
>a cryptographically secure PRNG. As a reductio ad absurdum,
>consider a 256-bit counter running from your randomly-chosen
>256-bit key on up. The period is astronomical, but decryption
>is trivial. If the generator doesn't have much internal state
>one should eye it with suspicion... for cryptographic purososes.
>
> Jim Gillogly
>
Hmm, I can see that. Since asking the question, I have spent a bit more
time digging (in Schneier's "red book") and it appears that my innovative
idea is just a stream cipher, replacing an LFSR with the MT generator.
Looking at the MT paper, it looks like the internal state is 624 bytes. I
don't know if that is "big" or "little"; does it mean that with only 624
known plaintext bytes one could guess the internal state? What if, as in
the red book, multiple MTs are hooked together, as in the stop-and-go or
threshold generators?
According to the red book, "practical stream-cipher designs center around
LFSRs", but "they are very inefficient in software". If MT is faster than
LFSR, can enough of them be used to make guessing the state (currently)
impractical? Or, looked at another way, if a maximal length LFSR with an
internal state of 624 bytes has a period of 2^(8*624) - 1, and an MT has a
period of 2^19937 - 1, doesn't it make MT substantially better for stream
ciphers than LFSRs?
Tom Otvos
Director of Research, EveryWare Development Inc.
http://www.everyware.com/
"Try not! Do, or do not. There is no 'try'." - Yoda
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:16 ADT