A simple scheme of combining PRNGs
in [Cryptography]
|
Prev: A notation convenience for certain non-linear expressions
Next: Criticism of a proposed stream cipher requested.
From: Mok-Kong Shen on 1 Jun 2010 12:18 The main idea of the scheme to be sketched below may be seen as essentially the same as that underlying two other recent threads of mine ("Dynamic Hillcipher" and "Foiling the known-plaintext attacks"), namely employing the principles of indirectness and indeterminancy (analogy for the latter: the one-equation-two-unknowns issue). Let there be two PRNGs generating output words denoted by r1 and r2. One first performs a mutual rotation (cyclical bit shifts) to get r1' and r2', i.e., assuming 32-bit hardware, one takes 5 bits from r1 to rotate r2 and 5 bits from r2 to rotate r1. Then one combines them: r3 = r1' xor r2' (alternatively one uses +). Finally one applies a rotation to r3, using bits from the same stream, i.e. one uses one r3 word to get 6 times 5 bits to rotate 6 other r3 words, giving r3' as the result. Additional application of von Neumann unbiasing to r3' would certainly be a very favourable enhancement. One could easily generalize the scheme to using more than 2 PRNGs, if desired. As to the PRNGs to be used, my personal preference is given in the two threads mentioned above and will not be repeated here. For comments and critiques I should be very grateful. M. K. Shen -------------------------------------------------------------------------- [OT] In an attempt to reduce annoyance to the general readers, I am unfortunately forced to forgo any opportunities of discussion with those, who have the unnice impulse to overload their posts with bandwidth-wasting personal stuffs, by placing them into my kill-file. Those who dislike my posts for whatever reasons are requested to kindly put me into their kill-files as well.
From: Mok-Kong Shen on 24 Jun 2010 08:09 Mok-Kong Shen wrote: [snip] In the literature on PRN generation there is a scheme known due MacLaren and G. Marsaglia (algorithm M in Knuth vol.2) of using one random number sequence to (pseudo-randomly) permute the elements of another with the goal to obtain from the latter sequence a result of better statistical quality. In our context, one could, employing the same principle, introduce a 'mutual' shuffling of r1 and r2 by using two buffers instead of one buffer as in algorithm M. This would further enhance the difficulty of analysis. M. K. Shen -------------------------------------------------------------------------- [OT] In an attempt to reduce annoyance to the general readers, I am unfortunately forced to forgo any opportunities of discussion with those, who have the unnice impulse (urge, "Drang" in German) to overload their posts with bandwidth-wasting personal stuffs and/or bad words, by placing them into my kill-file. Those who dislike my posts for whatever reasons are requested to kindly put me into their kill-files as well.
From: Mok-Kong Shen on 8 Jul 2010 06:48
Mok-Kong Shen wrote: [snip] > Then one combines them: r3 = r1' xor r2' (alternatively one uses +). [snip] One could also use here a non-linear combination: r3 = g * r1' * r2' + r1' + r2' where g is an even constant. Maybe I should clearly state the intention of my scheme of combining PRNGs, namely to obtain a resulting stream such that it should be practically infeasible to infer the parameters of the source PRNGs. M. K. Shen |