From: Pierre-Cyrille Heam Date: Wed, 5 Sep 2012 14:02:19 +0000 (+0200) Subject: pch X-Git-Url: https://bilbo.iut-bm.univ-fcomte.fr/and/gitweb/prng_gpu.git/commitdiff_plain/d5edcd3d7b79a64307eacf4352400b1ee48c7bbb pch --- diff --git a/prng_gpu.tex b/prng_gpu.tex index f7499d9..ce0bcc5 100644 --- a/prng_gpu.tex +++ b/prng_gpu.tex @@ -40,6 +40,9 @@ \newcommand{\alert}[1]{\begin{color}{blue}\textit{#1}\end{color}} + +\newcommand{\PCH}[1]{\begin{color}{blue}#1\end{color}} + \title{Efficient and Cryptographically Secure Generation of Chaotic Pseudorandom Numbers on GPU} \begin{document} @@ -1600,7 +1603,16 @@ as it is shown in the next sections. \section{Security Analysis} \label{sec:security analysis} - +\PCH{This section is dedicated to the analysis of the security of the + proposed PRNGs from a theoretical point of view. The standard definition + of {\it indistinguishability} used is the classical one as defined for + instance in~\cite[chapter~3]{Goldreich}. It is important to emphasize that + this property shows that predicting the future results of the PRNG's + cannot be done in a reasonable time compared to the generation time. This + is a relative notion between breaking time and the sizes of the + keys/seeds. Of course, if small keys or seeds are chosen, the system can + be broken in practice. But it also means that if the keys/seeds are large + enough, the system is secured.} In this section the concatenation of two strings $u$ and $v$ is classically denoted by $uv$. diff --git a/reponse.tex b/reponse.tex index e8a1acf..8d1a2ab 100644 --- a/reponse.tex +++ b/reponse.tex @@ -109,7 +109,24 @@ impracticable in practice. To sum up, being cryptographically secure is not a question of key size. \begin{color}{green} -PCH, tu peux broder là-dessus? +Most of theoretical cryptographic definitions are somehow an extension of the +notion of one-way function. Intuitively a one way function is a function + easy to compute but which is practically impossible to +inverse (i.e. from $f(x)$ it is not possible to compute $x$). +Since the size of $x$ is known, it is always possible to use a brute force +attack, that is computing $f(y)$ for all $y$'s of the good size until +$f(y)\neq f(x)$. Informally, if a function is one-way, it means that every +algorithm that can compute $x$ from $f(x)$ with a good probability requires +a similar amount of time than the brute force attack. It is important to +note that if the size of $x$ is small, then the brute force attack works in +practice. The theoretical security properties don't guaranty that the system +cannot be broken, it guaranty that if the keys are large enough, then the +system still works (computing $f(x)$ can be done, even if $x$ is large), and +cannot be broken in a reasonable time. The theoretical definition of a +secure PRNG is more technical than the one on one-way function but the +ideas are the same: a cryptographically secured PRNG can be broken + by a brute force prediction, but not in a reasonable time if the + keys/seeds are large enough. \end{color} \bigskip