• Aucun résultat trouvé

(1)random bits in practice and theory random bits in practice and theory RaCAF project (2

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "(1)random bits in practice and theory random bits in practice and theory RaCAF project (2"

Copied!
199
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

random bits in practice and theory

random bits in practice and theory RaCAF project

(2)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

random objects?

paradox of individual random objects

fair coin assumption says that all sequences ofNbits are equiprobable as outcomes of fair coin tossing

still some of them refute the fair coin model while other (“random bit sequences”) do not

Is randomness real?

(3)

random bits in practice and theory random objects?

paradox of individual random objects

fair coin assumption says that all sequences ofNbits are equiprobable as outcomes of fair coin tossing

still some of them refute the fair coin model while other (“random bit sequences”) do not

Is randomness real?

(4)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

random objects?

paradox of individual random objects

fair coin assumption says that all sequences ofNbits are equiprobable as outcomes of fair coin tossing

still some of them refute the fair coin model while other (“random bit sequences”) do not

Is randomness real?

(5)

random bits in practice and theory random objects?

paradox of individual random objects

fair coin assumption says that all sequences ofNbits are equiprobable as outcomes of fair coin tossing

still some of them refute the fair coin model while other (“random bit sequences”) do not

Is randomness real?

(6)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

random objects?

randomness around us

(7)

random bits in practice and theory random objects?

more serious efforts

(8)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

random objects?

electronic devices

(9)

random bits in practice and theory relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, thenxfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(10)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, thenxfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(11)

random bits in practice and theory relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(12)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(13)

random bits in practice and theory relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(14)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”: unclear but essential

Bonferroni correction

(15)

random bits in practice and theory relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”:

unclear but essential

Bonferroni correction

(16)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

I: probability theory

test: a set ofT⊂ {0,1}N that has very small probability

ifx∈A, then xfails the test

large deviations theorems

limit theorems

statistics (χ2, Kolmogorov–Smirnov, …)

“test should be fixed before the experiment”:

unclear but essential

Bonferroni correction

(17)

random bits in practice and theory relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(18)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(19)

random bits in practice and theory relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(20)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(21)

random bits in practice and theory relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(22)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(23)

random bits in practice and theory relevant mathematics

II: algorithmic information theory

randomnessincompressibility

no program shorter than the sequence can produce it

Kolmogorov complexity length

obstacle I: non-computability of complexity (one can prove non-randomness but not randomness)

obstacle II: arbitrary constants

still the choice ofprogramming languagein advance is more reasonable than the choice of thetest

(24)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(25)

random bits in practice and theory relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(26)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(27)

random bits in practice and theory relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute

(all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(28)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(29)

random bits in practice and theory relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(30)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

exist iff one-way functions exist (Hastad, Impagliazzo, Luby, Levin)

(31)

random bits in practice and theory relevant mathematics

III: computational complexity

not individual sequences but mappings (Yao, Blum–Micali)

G

:

shortn-bit seed7→longN-bit sequence

mapping Geasy to compute (all images compressible)

no easily computable test T⊂ {0,1}N can distinguish the output from randomNbits:

x∈{

Pr

0,1}n

[

G

(

x

)

T

]

Pr

y∈{0,1}N

[

y∈T

]

easily computablepolynomial-size circuits

(32)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

also two independent weakly random sources

(33)

random bits in practice and theory relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

also two independent weakly random sources

(34)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

also two independent weakly random sources

(35)

random bits in practice and theory relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

also two independent weakly random sources

(36)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

also two independent weakly random sources

(37)

random bits in practice and theory relevant mathematics

IV: combinatorics, randomness extractors

D

:

Bn×BdBm:

D

(

reasonable random long,short independent random

)

almost random and rather long

ifξis a random variable inBnwith large

min-entropy,ρ is an independent uniform random variable inBd, thenD

(

ξ,ρ

)

has distribution that is statistically (L1) close to the uniform onBm

existence can be proven

some explicit constructions

(38)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(39)

random bits in practice and theory randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(40)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(41)

random bits in practice and theory randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(42)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(43)

random bits in practice and theory randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(44)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(45)

random bits in practice and theory randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(46)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

cryptographic protocols (one-time pad, secret sharing)

(47)

random bits in practice and theory randomness generators

random bits needed for:

random sampling in statistics

draws, lotteries,…

Monte-Carlo computations

more general, simulations

randomized algorithms could be more efficient:

quick sort with random pivot

primality testing

computing an average of some array

(48)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(49)

random bits in practice and theory randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(50)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(51)

random bits in practice and theory randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(52)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(53)

random bits in practice and theory randomness generators

“deterministic random bits”

fixf

:

BnBn, letxn+1

=

f

(

xn

)

von Neumann: middle digits of a square

linear/affine mapping in a finite field

not random in any reasonable sense (computable, predictable)

but still could have good convergence for Monte-Carlo etc.

(54)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(55)

random bits in practice and theory randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(56)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(57)

random bits in practice and theory randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(58)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(59)

random bits in practice and theory randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(60)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness generators

hardware randomness

also called “non-deterministic random generators”

some process (thermal noise, radioactive decay, photons reflection, environment, …) is used

physics claims some probability distribution

usually some conditioning/whitening is needed

“centaurs”: hardware seed generation plus deterministic transformation (Yao, Blum–Micali)

a special type of “whitening”: no hope to get uniform randomness, just computably indistinguishable

(61)

random bits in practice and theory randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(62)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(63)

random bits in practice and theory randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(64)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(65)

random bits in practice and theory randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(66)

. . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . .

. .

. . . . . . . random bits in practice and theory

randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

(67)

random bits in practice and theory randomness tests

what is a test?

hardware RNG: special case of statistical testing

null hypothesisH0 = uniform distribution

test: a small set of binary strings

its elementsfailthe test

should be specified in advance…

or be so simple that itcould bespecified in advance

“deterministic RNG” may also pass some tests

conjecture: digits ofπform a normal sequence

Références

Télécharger maintenant ( PDF - 199 Page - 40.59 MB )

Documents relatifs

Les bits

Proposez une méthode pour transmettre d’une personne à une autre le résultat d’un lancer de dé (lancer caché par la première personne, la deuxième doit pouvoir énoncer

Les bits

Proposez une méthode pour transmettre d’une personne à une autre le résultat d’un lancer de dé (lancer caché par la première personne, la deuxième doit pouvoir énoncer

The place of random processes and random fields in quantum theory

a model by showing that « white noise », derived from Brownian motion, is the only GRF which allows us to represent states by random variables having properties

1 Measure theory and random variables

At each step, one customer may appear on the left (resp. right) bank with probability p (resp.. The ferryman can take only one passenger from one bank to the other, and a customer

Close to Uniform Prime Number Generation with Fewer Random Bits

By contrast, the PRIMEINC algorithm studied by Brandt and Damg˚ard [4] (basically, pick a random number and increase it until a prime is found) only consumes roughly as many random

Chiffrement AES 128 bits ou 256 bits

Bien que ces tailles de clés soient jugées accepta- bles à l’heure actuelle, l’analyse a permis d’arriver à la conclusion que 14 bits supplémentaires dans la longueur de

La taille effective de la clé est de 56 bits (Un total de 64 bits avec 8 bits de parité).

• Effort nécessaire à réaliser les attaques: 2 57 opérations pour établir les deux listes + 2 56 blocs de 64 bits de stockage pour mémoriser les résultats

Random matrix theory and random uncertainties modeling

This nonparametric approach differs from the parametric and stochastic finite element methods for random uncertainties modeling and has been devel- oped in introducing a new ensemble