[docs] Improvement of explanation of Mersenne Twister in 9.6 random section
smeng9 at illinois.edu
Sun Oct 22 02:37:44 EDT 2017
In section 9.6 the reason of not to use Mersenne Twister for the
cryptographic purpose is overly generalized. "The Mersenne Twister is one
of the most extensively tested random number generators in existence.
However, being completely deterministic, it is not suitable for all
purposes, and is completely unsuitable for cryptographic purposes"
We should not use Mersenne Twister for the cryptographic purpose not
because it is completely deterministic (PRGs are deterministic once given a
seed) but because it cannot pass the "next bit test". "Next bit test" means
that the next bits cannot be determined *even after seeing all the previous
bits*, and even if the function is indeed deterministic. The problem with
Mersenne Twister is that after seeing enough samples, it may be possible to
learn some information about the seed and guess some of the next bits.
What we need to analyze are two concepts: the generator function itself,
and the process for choosing the seed. All random number generators,
including Mersenne Twister, but also including the provably-secure
constructions, are deterministic functions of the seed. If "completely
deterministic" means unsuitable for cryptographic use, then we've gotten
nowhere. A deterministic function can be used for cryptography.
These two sentences should be better changed to "The Mersenne Twister is
one of the most extensively tested random number generators in existence.
However, it is not suitable for all purposes and is completely unsuitable
for cryptographic purpose because after observing the previous bits
generated for a long time, next bit may be guessed correctly with chance
larger than 1/2"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the docs