[14044] in cryptography@c2.net mail archive
Re: cryptographic ergodic sequence generators?
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Sat Sep 6 19:15:38 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 06 Sep 2003 11:35:34 -0700
From: Jim Gillogly <jim@acm.org>
To: cryptography@metzdowd.com
In-Reply-To: <87llt14wm9.fsf@snark.piermont.com>
Perry E. Metzger wrote:
> For making things like IP fragmentation ids and other similar protocol
> elements unpredictable, it would be useful to have what I'll call a
> cryptographic ergodic sequence generator -- that is, a generator that
> will produce a sequence of n bit numbers such that there are no
> repeats until you pass the 2^nth number in the sequence (that is, the
> sequence is a permutation of all 2^n bit numbers) and such that it is
> very difficult to predict what the next number in the sequence might
> be beyond the fact that it will not be one of the numbers seen earlier
> in the sequence. It is also rather important that the generator be
> computationally inexpensive.
>
> Anyone know how to produce such a thing?
How about Hasty Pudding Cipher on an n-bit block encrypting an n-bit
counter? See http://www.cs.arizona.edu/~rcs/hpc/ .
If 'n' is too small, I suppose you'd run into attacks like the
blackjack 10-count, where you can get a little leverage if the
previous picks have been randomly overconcentrated. For reasonable
n that shouldn't be a problem.
--
Jim Gillogly
Highday, 9 Halimath S.R. 2003, 00:00
12.19.10.9.17, 7 Caban 5 Mol, Eighth Lord of Night
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
