[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] Duh, why aren't most embedded TRNGs designed this way?
From: Jerry Leichter <leichter () lrw ! com>
Date: 2021-05-25 21:32:47
Message-ID: 04E020CC-83DE-4169-B42B-6A426AFAB996 () lrw ! com
[Download RAW message or body]
> Not disagreeing with the technical statements, just with a perceived attitude: \
> "probably the closest thing to a mathematical proof (albeit probabilistic IIRC)"
> The proofs we remember from high school geometry were not supposed to involve \
> probability, but for me that was 67 years ago. There has been a lot of acceptance \
> since then that some proofs could only involve probability, something like "This \
> has at most 0.00009% probability of being wrong" with rigorous, traditional \
> mathematical, arguments, to back that up....
I'm not even sure what "proof" (in the mathematical sense) has to do with "true \
random number generators."
A TRNG is a *physical object*. It exists out there in the real world. Sure, we can \
make mathematical arguments based on the existence of a "random source," but the \
mathematics doesn't do us any good unless we can realize the system in physical form.
"Proofs" about physical objects are not like mathematical proofs. The best you can \
hope for is reduction to some physical process - e.g., Johnson-Nyquist noise - for \
which we have a great deal of evidence about the world and the laws that govern it to \
tell us it really is random. But even then "Johnson-Nyquist noise" is an idealized \
description of what you would measure under certain conditions. Any physical \
realization won't exactly match that description. The idealized description, for \
example, assumes away interaction with external electromagnetic fields; the physical \
realization has to *build* a way to either avoid or negate that interaction or your \
reduction is gone. And, of course, once you have the noise you need to turn it into \
a bit stream - again using real-world, physical, not idealized parts.
So in the end, "proof" is the least of your problems. It's good engineering all the \
way down. Oh, sure, if you do all the good engineering and then feed in a source \
that isn't random to begin with, you've wasted your time. But that's just one small \
part.
And perhaps you could even do without the physical randomness. Physical objects have \
inherent variations that are hard to predict or even measure. Run the output of very \
high precision measurements through many steps of a chaotic process and the result \
won't be random, but it will be unpredictable to anyone who can't see as much of the \
initial state as the system itself can. There is perhaps something deeply \
unsatisfying here, but in fact it's a direct response to Von Neuman's comment about \
living in a state of sin when generating random numbers by a deterministic process: \
In fact, chaotic systems tell us that determinism and predictability are not quite \
the same thing in a world where inputs may not, even in principle, be exactly \
reproducible.
As has been commented, nothing in at least classical physics, or physical \
descriptions as such, talks about information leakage. You can have a perfect random \
number generator that leaks every bit it generates, and the proof of "randomness," \
such as it might be, will be just fine. But the resulting system is pointless.
Now QM does give you a way to say that some information inherently can't leak - or at \
least can't leak undetectably. But how much that helps - when the goal is to deliver \
a sequence of *classical* random bits - is not at all clear. Not much, most likely. \
This makes some sense for quantum communication protocols - but those assume (and \
really there's no way of avoiding the assumption) that the "red" rooms at both ends - \
which handle the decrypted data - never leak anything.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
https://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic