[136302] in cryptography@c2.net mail archive
Re: combining entropy
daemon@ATHENA.MIT.EDU (Dave Howe)
Mon Oct 27 21:39:32 2008
Date: Mon, 27 Oct 2008 22:03:54 +0000
From: Dave Howe <DaveHowe@gmx.co.uk>
To: John Denker <jsd@av8n.com>, Email@piermont.com,
List@piermont.com:Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4901BFB0.2080403@av8n.com>
John Denker wrote:
> On 09/29/2008 05:13 AM, IanG wrote:
>> My assumptions are:
>>
>> * I trust no single source of Random Numbers.
>> * I trust at least one source of all the sources.
>> * no particular difficulty with lossy combination.
>
>
>> If I have N pools of entropy (all same size X) and I pool them
>> together with XOR, is that as good as it gets?
>
> Yes.
>
> The second assumption suffices to prove the result,
> since (random bit) XOR (anything) is random.
unless you have a possible case where (say) for any given pool,
alternate bits are predictable; XORing all 'n' pools would still give a
maximum entropy of 50%, as the XOR of all 'n' predictable bits is
predictable.
using a hash which performs error diffusion, I would expect that 'n'
equal to 3 would give a suitable combined stream in that case (assuming
the 50% of random bits *are* random of course) 2 is possibly good
enough, but I would probably over-engineer at 3, in case one pool went
non-random.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
