Cicero (cicero@redneck.efga.org)
20 Jul 1998 08:58:30 -0000
I spoke too fast my last post.
Since this was all in response to:
>are there tools for taking a set of random
>numbers dispersed according to a non-uniform distribution, like a
>poisson or normal distribution, and turning them into a set of random
>numbers over a uniform distribution?
>> >>What do you see as the problems with:
>> >> 1. Hash the data
>> >> 2. Encrypt the data in CBC mode with the hash as key
>> >>If the hash and cipher are both strong, this should be good.
it follows that my retort that:
>I had said:
>
>>>If I were to retain the value of the hash, I could later decrypt the
>>>CBC-encrypted data, returning it to its original state. This
>>>invertibility proves conservation of entropy.
>
>When I used the word "retain", I meant to imply the map:
>
> X --> (X',hash(X))
>
won't work, because I would then not be returning a set with the same
cardinality as the input X, which is implicitly required. Adding the
hash expands the output. So my construction is X --> X', and that
is a hash (of sorts), and does decrease entropy.
In my defense, I still think that X'= E_K(x) is "a set of random
numbers over a uniform distribution". The entropy of X' is less than
that of X, though, as you point out.
I could encrypt with a fixed key, which did not depend on X. This
would not spread the entropy of X around as well as the first
construction might. That is, as well as it would if the hash had
output as big as X, and the cipher allowed a key that large. It would
be invertible, though, and hence conserve the entropy. The original
requirement said nothing about the distribution of entropy in X,
though, or conserving it.
So either will fit the original requirement.
The output will, for a large class of input, look random. One can
construct pathological inputs by decryption,if the key is constant. I
don't think that these pathological cases are likely to come up as the
output from a physical RNG.
Cicero
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:39 ADT