isUniformRNG
Nick Sabalausky via Digitalmars-d
digitalmars-d at puremagic.com
Sun May 4 11:56:25 PDT 2014
On 5/4/2014 2:10 PM, Joseph Rushton Wakeling via Digitalmars-d wrote:
> On 04/05/14 19:42, Nick Sabalausky via Digitalmars-d wrote:
>> Just a string of random bits. Effectively unsigned integers.
>
> Ahh, OK. So in practice you can probably template it on an unsigned
> integral type (which could include bool) and it'll just take the
> appropriate number of bits from the stream, no ... ? Cf. what I did
> with /dev/urandom etc.:
> https://github.com/WebDrake/std.random2/blob/master/std/random2/device.d#L122
>
Well, Hash_DRBG isn't really a normal stream since, based on my reading
of its spec, it sounds like (for example) requesting one byte four times
will give a different result than requesting four bytes all at once
(assuming you're starting from the same internal state and there's no
reseeding).
But aside from that minor detail, yes, that's essentially correct. And
much like /dev/(u)random, you could even make the number of bytes/bits
requested a per-call runtime parameter (although that would diverge from
the existing std.random interfaces and would require either allocating
or taking an output sink, so I don't know whether I'll bother).
>>
>> Then again, wouldn't the only alternative to uniform distribution be a
>> weighted
>> distribution? I can't imagine an RNG intended for crypto would be
>> deliberately
>> weighted (unless maybe there were some randomness to the weights...if
>> that even
>> makes any sense at all).
>>
>> Maybe I'm just overthinking it?
>
> Probably :-) Let's put it this way: if you think in terms of the
> individual bits being generated, there obviously has to be, from the
> point of view of the user of the algorithm, no way to decide which bit
> value is more likely, which corresponds to a uniform distribution of
> individual bit values. And that in turn will map to a uniform
> distribution of bit sequences of any length.
Yea. Plus, this doc about testing these crypto PRNGs...
http://csrc.nist.gov/groups/ST/toolkit/rng/documents/SP800-22rev1a.pdf
...does mention the importance of "uniformity".
So I think it's probably safe to figure this is a uniform distribution
unless some expert chimes in and says otherwise.
Thanks for the help.
More information about the Digitalmars-d
mailing list