\bigskip
-\textit{The BBS-based generator of section 9 is anything but cryptographically secure.}
+\textit{The BBS-based generator of section 9 is anything but cryptographically secure. A 16-bit modulus (trivially factorable) gives out a period of at most $2^{16}$, which is neither useful nor secure. Its speed is irrelevant, as this generator as no practical applications whatsoever (a larger modulus, at least 1024-bit long, might be useful in some situations, but it will be a terrible GPU performer, of course).}
+
This claim is surprising, as this result is mathematically proven in the article:
either there is something wrong in the proof, or the generator is cryptographically
achieve to break it. It is only a question of time: with sufficiently large primes,
the time required to break it is astronomically large, making this attack completely
impracticable in practice. To sum up, being cryptographically secure is not a
-question of key size,
-
-
-
-\bigskip
-\textit{A 16-bit modulus (trivially factorable) gives out a period of at most $2^{16}$, which is neither useful nor secure. Its speed is irrelevant, as this generator as no practical applications whatsoever (a larger modulus, at least 1024-bit long, might be useful in some situations, but it will be a terrible GPU performer, of course).}
-
+question of key size.
+\begin{color}{green}
+Most of theoretical cryptographic definitions are somehow an extension of the
+notion of one-way function. Intuitively a one way function is a function
+ easy to compute but which is practically impossible to
+inverse (i.e. from $f(x)$ it is not possible to compute $x$).
+Since the size of $x$ is known, it is always possible to use a brute force
+attack, that is computing $f(y)$ for all $y$'s of the good size until
+$f(y)\neq f(x)$. Informally, if a function is one-way, it means that every
+algorithm that can compute $x$ from $f(x)$ with a good probability requires
+a similar amount of time than the brute force attack. It is important to
+note that if the size of $x$ is small, then the brute force attack works in
+practice. The theoretical security properties don't guaranty that the system
+cannot be broken, it guaranty that if the keys are large enough, then the
+system still works (computing $f(x)$ can be done, even if $x$ is large), and
+cannot be broken in a reasonable time. The theoretical definition of a
+secure PRNG is more technical than the one on one-way function but the
+ideas are the same: a cryptographically secured PRNG can be broken
+ by a brute force prediction, but not in a reasonable time if the
+ keys/seeds are large enough.
+\end{color}
\bigskip
\textit{To sum it up, while the theoretical part of the paper is interesting, the practical results leave much to be desired, and do not back the thesis that chaos improves some quality metric of the generators.}
+We hope now that, with the new sections added to the document, we have convinced the reviewers that to add chaotic properties in
+existing generators can be of interest.
+
\bigskip
\textit{On the theoretical side, you may be interested in Vladimir Anashin's work on ergodic theory on p-adic (specifically, 2-adic) numbers to prove uniform distribution and maximal period of generators. The $d_s(S, \check{S})$ distance loosely resembles the p-adic norm.}
-We have already established the uniform distribution in \cite{FCt}.
+Thank you for this information. However, we have already established the uniform distribution in \cite{bcgr11:ip} (recalled in Theorem 2).
\bigskip
\textit{Typos and other nitpicks:\\
\bigskip
\textit{ [1] Howes, L., and Thomas, D. "Efficient random number generation and application using CUDA." In GPU Gems 3, H. Nguyen, Ed. NVIDIA, 2007, Ch. 37. }
+
+\bibliographystyle{plain}
+\bibliography{mabase}
+
\end{document}
