Commit 780297d2 authored by Paul Wayper's avatar Paul Wayper

Fixing odd formatting of info caused by unnecessary indentations.

parent 0634e5de
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
* ISAAC (Indirect, Shift, Accumulate, Add, and Count) is the most advanced of * ISAAC (Indirect, Shift, Accumulate, Add, and Count) is the most advanced of
* a series of pseudo-random number generators designed by Robert J. Jenkins * a series of pseudo-random number generators designed by Robert J. Jenkins
* Jr. in 1996: http://www.burtleburtle.net/bob/rand/isaac.html * Jr. in 1996: http://www.burtleburtle.net/bob/rand/isaac.html
*
* To quote: * To quote:
* No efficient method is known for deducing their internal states. * No efficient method is known for deducing their internal states.
* ISAAC requires an amortized 18.75 instructions to produce a 32-bit value. * ISAAC requires an amortized 18.75 instructions to produce a 32-bit value.
...@@ -16,7 +17,9 @@ ...@@ -16,7 +17,9 @@
* It generates a 64-bit result every 19 instructions. * It generates a 64-bit result every 19 instructions.
* All cycles are at least 2**72 values, and the average cycle length is * All cycles are at least 2**72 values, and the average cycle length is
* 2**16583. * 2**16583.
*
* An additional, important comment from Bob Jenkins in 2006: * An additional, important comment from Bob Jenkins in 2006:
*
* Seeding a random number generator is essentially the same problem as * Seeding a random number generator is essentially the same problem as
* encrypting the seed with a block cipher. * encrypting the seed with a block cipher.
* ISAAC should be initialized with the encryption of the seed by some * ISAAC should be initialized with the encryption of the seed by some
...@@ -26,20 +29,10 @@ ...@@ -26,20 +29,10 @@
* I have in ISAAC. * I have in ISAAC.
* *
* A number of attacks on ISAAC have been published. * A number of attacks on ISAAC have been published.
*
* [Pudo01] can recover the entire internal state and has expected running time * [Pudo01] can recover the entire internal state and has expected running time
* less than the square root of the number of states, or 2**4121 (4.67E+1240). * less than the square root of the number of states, or 2**4121 (4.67E+1240).
* [Auma06] reveals a large set of weak states, consisting of those for which *
* the first value is repeated one or more times elsewhere in the state
* vector.
* These induce a bias in the output relative to the repeated value.
* The seed values used as input below are scrambled before being used, so any
* duplicates in them do not imply duplicates in the resulting internal state,
* however the chances of some duplicate existing elsewhere in a random state
* are just over 255/2**32, or merely 1 in 16 million.
* Such states are, of course, much rarer in ISAAC-64.
* It is not clear if an attacker can tell from just the output if ISAAC is in
* a weak state, or deduce the full internal state in any case except that
* where all or almost all of the entries in the state vector are identical.
* @MISC{Pudo01, * @MISC{Pudo01,
* author="Marina Pudovkina", * author="Marina Pudovkina",
* title="A Known Plaintext Attack on the {ISAAC} Keystream Generator", * title="A Known Plaintext Attack on the {ISAAC} Keystream Generator",
...@@ -47,6 +40,11 @@ ...@@ -47,6 +40,11 @@
* year=2001, * year=2001,
* note="\url{http://eprint.iacr.org/2001/049}", * note="\url{http://eprint.iacr.org/2001/049}",
* } * }
*
* [Auma06] reveals a large set of weak states, consisting of those for which
* the first value is repeated one or more times elsewhere in the state
* vector.
*
* @MISC{Auma06, * @MISC{Auma06,
* author="Jean-Philippe Aumasson", * author="Jean-Philippe Aumasson",
* title="On the Pseudo-Random Generator {ISAAC}", * title="On the Pseudo-Random Generator {ISAAC}",
...@@ -55,13 +53,28 @@ ...@@ -55,13 +53,28 @@
* note="\url{http://eprint.iacr.org/2006/438}", * note="\url{http://eprint.iacr.org/2006/438}",
* } * }
* *
* These induce a bias in the output relative to the repeated value.
*
* The seed values used as input below are scrambled before being used, so any
* duplicates in them do not imply duplicates in the resulting internal state,
* however the chances of some duplicate existing elsewhere in a random state
* are just over 255/2**32, or merely 1 in 16 million.
*
* Such states are, of course, much rarer in ISAAC-64.
*
* It is not clear if an attacker can tell from just the output if ISAAC is in
* a weak state, or deduce the full internal state in any case except that
* where all or almost all of the entries in the state vector are identical.
*
* Even if one does not trust the security of this PRNG (and, without a good * Even if one does not trust the security of this PRNG (and, without a good
* source of entropy to seed it, one should not), ISAAC is an excellent source * source of entropy to seed it, one should not), ISAAC is an excellent source
* of high-quality random numbers for Monte Carlo simulations, etc. * of high-quality random numbers for Monte Carlo simulations, etc.
*
* It is the fastest 32-bit generator among all of those that pass the * It is the fastest 32-bit generator among all of those that pass the
* statistical tests in the recent survey * statistical tests in the recent survey
* http://www.iro.umontreal.ca/~simardr/testu01/tu01.html, with the exception * http://www.iro.umontreal.ca/~simardr/testu01/tu01.html, with the exception
* of Marsa-LFIB4, and it is quite competitive on 64-bit archtectures. * of Marsa-LFIB4, and it is quite competitive on 64-bit archtectures.
*
* Unlike Marsa-LFIB4 (and all other LFib generators), there are no linear * Unlike Marsa-LFIB4 (and all other LFib generators), there are no linear
* dependencies between successive values, and unlike many generators found in * dependencies between successive values, and unlike many generators found in
* libc implementations, there are no small periods in the least significant * libc implementations, there are no small periods in the least significant
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment