X-Git-Url: https://bilbo.iut-bm.univ-fcomte.fr/and/gitweb/prng_gpu.git/blobdiff_plain/3c28e0c80a3569a0d18a1127df221303e6888d63..fbd01ece23dac6b48c01009d7cdb8dd98dd647ce:/reponse.tex diff --git a/reponse.tex b/reponse.tex index dbe927a..afa4a2d 100644 --- a/reponse.tex +++ b/reponse.tex @@ -27,7 +27,7 @@ In section 1, we have added a small summary of test measurements performed with \textit{Section 9: The authors say they replace the xor-like PRNG with a cryptographically secure one, BBS, but then proceed to use extremely small values, as far as a cryptographer is concerned (modulus of $2^{16}$), in the computation due to the need to use 32 bit integers in the GPU and combine bits from multiple BBS generated values, but they never prove (or even discuss) how this can be considered cryptographically secure due to the small individual values. At the end of 9.1, the authors say $S^n$ is secure because it is formed from bits from the BBS generator, but do not consider if the use of such small values will lead to exhaust searches to determine individual bits. The authors either need to remove all of section 9 and or prove the resulting PRNG is cryptographically secure.} -A new section (namely, Section 8.2) and a discussion at the end of Section 9.1 have been added to measure practically the security of the generator. +A section in the Annex document (namely, Section~3) and a discussion at the end of Section 9.1 have been added to measure practically the security of the generator. \bigskip \textit{In the conclusion: @@ -47,7 +47,7 @@ Done. \bigskip \textit{There seems to have been no effort in showing how the new PRNG improves on a single (say) xorshift generator, considering the slowdown of calling 3 of them per iteration (cf. Listing 1). This could be done, if not with the mathematical rigor of chaos theory, then with simpler bit diffusion metrics, often used in cryptography to evaluate building blocks of ciphers.} -A large section (Section 5) has been added, using and extending some previous works. It explains with more details why topological chaos +A large section (Section 2 of the Annex document) has been provided, using and extending some previous works. It explains with more details why topological chaos is useful to pass statistical tests. This new section contains both qualitative explanations and quantitative (experimental) evaluations. Using several examples, this section illustrates that defective PRNGs are always improved, according to the NIST, DieHARD, and TestU01 batteries. @@ -102,7 +102,7 @@ generator is not cryptographically secure in the example disputed by the reviewer, we cannot apply this result. Indeed the first part of the document does not deal with security, but it investigates the speed, chaos, and statistical quality of PRNGs. A sentence has been added to clarify this point -at the end of Section 5.4. +at the end of Section 5. \bigskip @@ -142,11 +142,11 @@ ideas are the same: a cryptographically secured PRNG can be broken Nevertheless, new arguments have been added in several places of the revision of our paper, concerning more concrete and practical aspects of security, like the -$(T,\varepsilon)-$security notion of Section 8.2. Such a practical evaluation +$(T,\varepsilon)-$security notion of Section 3 of the Annex document. Such a practical evaluation has not yet been performed for the GPU version of our PRNG, and the reviewer is right to think that these aspects are fundamental to determine whether the proposed PRNG can or cannot face the attacks. A similar formula to what has been -computed for the BBS (as in Section 8.2) must be found in future work, to +computed for the BBS (as in Section 3 of the Annexe document) must be found in future work, to measure the amount of time need by an attacker to break the proposed generator when considering the parameters we have chosen (this computation is a difficult task). Sentences have been added in several places (like at the end of Section @@ -156,7 +156,8 @@ task). Sentences have been added in several places (like at the end of Section \textit{To sum it up, while the theoretical part of the paper is interesting, the practical results leave much to be desired, and do not back the thesis that chaos improves some quality metric of the generators.} -We hope now that, with the new sections added to the document (like Section 5), we have convinced the reviewers that adding chaotic properties in +We hope now that, with the new pieces of information added to the documents +(like Section 3 of the Annex document), we have convinced the reviewers that adding chaotic properties in existing generators can be of interest. \bigskip