\usepackage{subfigure}
\usepackage{xr-hyper}
\usepackage{hyperref}
-\externaldocument{prng_gpu}
+\externaldocument[M-]{prng_gpu}
%\usepackage{hyperref}
\label{The generation of pseudorandom sequence}
-Let us now explain why we have reasonable ground to believe that chaos
+Let us explain in this annex why we have reasonable ground to believe that chaos
can improve statistical properties.
We will show in this section that chaotic properties as defined in the
mathematical theory of chaos are related to some statistical tests that can be found
\begin{itemize}
- \item \textbf{Regularity}. As stated in Section~\ref{subsec:Devaney} of the main document, a chaotic dynamical system must
+ \item \textbf{Regularity}. As stated in Section~\ref{M-subsec:Devaney} of the main document, a chaotic dynamical system must
have an element of regularity. Depending on the chosen definition of chaos, this element can be the existence of
a dense orbit, the density of periodic points, etc. The key idea is that a dynamical system with no periodicity
is not as chaotic as a system having periodic orbits: in the first situation, we can predict something and gain a
\end{itemize}
-We have proven in our previous works~\cite{guyeux12:bc} that chaotic iterations satisfying Theorem~\ref{Th:Caractérisation des IC chaotiques} of the main document are, among other
+We have proven in our previous works~\cite{guyeux12:bc} that chaotic iterations satisfying Theorem~\ref{M-Th:Caractérisation des IC chaotiques} of the main document are, among other
things, strongly transitive, topologically mixing, chaotic as defined by Li and Yorke,
and that they have a topological entropy and an exponent of Lyapunov both equal to $ln(\mathsf{N})$,
where $\mathsf{N}$ is the size of the iterated vector.
\section{Practical Security Evaluation}
\label{sec:Practicak evaluation}
-Pseudorandom generators based on Eq.~\eqref{equation Oplus} of the main document are thus cryptographically secure when
+Pseudorandom generators based on Eq.~\eqref{M-equation Oplus} of the main document are thus cryptographically secure when
they are XORed with an already cryptographically
secure PRNG. But, as stated previously,
such a property does not mean that, whatever the
-Suppose now that the PRNG of Eq.~\eqref{equation Oplus} of the main document will work during
+Suppose now that the PRNG of Eq.~\eqref{M-equation Oplus} of the main document will work during
$M=100$ time units, and that during this period,
an attacker can realize $10^{12}$ clock cycles.
We thus wonder whether, during the PRNG's
We consider that $N$ has 900 bits.
Predicting the next generated bit knowing all the
-previously released ones by Eq.~\eqref{equation Oplus} of the main document is obviously equivalent to predicting the
+previously released ones by Eq.~\eqref{M-equation Oplus} of the main document is obviously equivalent to predicting the
next bit in the BBS generator, which
is cryptographically secure. More precisely, it
is $(T,\varepsilon)-$secure: no
A direct numerical application shows that this attacker
-cannot achieve its $(10^{12},0.2)$ distinguishing
+cannot achieve his $(10^{12},0.2)$ distinguishing
attack in that context.
