[14047] in cryptography@c2.net mail archive
Re: cryptographic ergodic sequence generators?
daemon@ATHENA.MIT.EDU (Greg Rose)
Sat Sep 6 19:17:11 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 07 Sep 2003 07:56:46 +1000
From: Greg Rose <ggr@qualcomm.com>
To: cryptography@metzdowd.com
In-Reply-To: <87llt14wm9.fsf@snark.piermont.com>
At 02:09 PM 9/6/2003 -0400, Perry E. Metzger wrote:
>For making things like IP fragmentation ids and other similar protocol
>elements unpredictable, it would be useful to have what I'll call a
>cryptographic ergodic sequence generator -- that is, a generator that
>will produce a sequence of n bit numbers such that there are no
>repeats until you pass the 2^nth number in the sequence (that is, the
>sequence is a permutation of all 2^n bit numbers) and such that it is
>very difficult to predict what the next number in the sequence might
>be beyond the fact that it will not be one of the numbers seen earlier
>in the sequence. It is also rather important that the generator be
>computationally inexpensive.
The characteristic you ask for is exactly that of an n-bit block cipher in
Counter Mode. For example, that's exactly why we developed Skip32, which is
on our web page; we needed an unpredictable but non-repeating 32 bit nonce.
If you aren't prepared to accept the cost of a (scaled down) block cipher,
then you'll have to restate your requirements.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
