Re: Strong PRNG with AES or 3-DES

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Wed, 21 Oct 1998 11:15:03 +0100

• Next message: Vin McLellan: "Re: Performance figures for RSH/DH?"
• Previous message: Bodo Moeller: "Re: Performance figures for RSH/DH?"
• In reply to: John Kelsey: "Re: Performance figures for RSH/DH?"
• Next in thread: Adam Back: "Re: Strong PRNG with AES or 3-DES"
• Reply: Adam Back: "Re: Strong PRNG with AES or 3-DES"
• Reply: Niels Möller: "Re: Strong PRNG with AES or 3-DES"

Niels Möller wrote:
>

> In the eurocrypt-98 rump session, Adi Shamir proposed the following
> construction:
>
> Given some pseudorandom function F (iirc, Shamir used a hash function,
> but the same should apply to a block cipher with a fixed (secret)
> key), construct a sequence by iterating
>
> x_0 = some secret seed value
> x_{i+1} = F(x_i) + i (where + is addition or bitwise xor).
>
> This simple construction guarantees that there are no short cycles,
> because if i != j, then x_i = x_j implies x_{i+1} != x_{j+1}. The
> sequence can't repeat until the counter wraps around.

I haven't yet understood the stuff. The above does not seem to
exclude the possibility of, say, x_{i+2} = x_{j+2}.

M. K. Shen

• Next message: Vin McLellan: "Re: Performance figures for RSH/DH?"
• Previous message: Bodo Moeller: "Re: Performance figures for RSH/DH?"
• In reply to: John Kelsey: "Re: Performance figures for RSH/DH?"
• Next in thread: Adam Back: "Re: Strong PRNG with AES or 3-DES"
• Reply: Adam Back: "Re: Strong PRNG with AES or 3-DES"
• Reply: Niels Möller: "Re: Strong PRNG with AES or 3-DES"