> > 3) Is determinism a good idea? > See Debian OpenSSL fiasco. I have heard Nevada gaming commission > regulations require non-determinism for obvious reasons. >
The Nevada rules don't convincingly demand non determinism. They do say things that probably unintentionally exclude non determinism. "4. The random number generator and random selection process must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference. A gaming device must use appropriate communication protocols to protect the random number generator and random selection process from influence by associated equipment which is conducting data communications with the gaming device. (Adopted: 9/89. Amended: 11/05; 11/17/05.) " An impossible requirement for a TRNG based on physical processes. This requirement pretty much demands determinism and in practice is untestable. Some definitions.. "23. Randomness is the observed unpredictability and absence of pattern in a set of elements or events that have definite probabilities of occurrence." and "20. Random Number Generator is a hardware, software, or combination hardware and software device for generating number values that exhibit characteristics of randomness." Definitions that both a TRNG and a PRNG can meet. They don't get down to the nitty gritty of what the observer might know, like the internal state of a PRNG, that would impact whether the data has 'observed upredictability'. "14.040 Minimum standards for gaming devices.. [] 2. Must use a random selection process to determine the game outcome of each play of a game. The random selection process must meet 95 percent confidence limits using a standard chi-squared test for goodness of fit. (a) Each possible permutation or combination of game elements which produce winning or losing game outcomes must be available for random selection at the initiation of each play. (b) For gaming devices that are representative of live gambling games, the mathematical probability of a symbol or other element appearing in a game outcome must be equal to the mathematical probability of that symbol or element occurring in the live gambling game. For other gaming devices, the mathematical probability of a symbol appearing in a position in any game outcome must be constant. (c) The selection process must not produce detectable patterns of game elements or detectable dependency upon any previous game outcome, the amount wagered, or upon the style or method of play. " Again, a PRNG would meet these requirements. The only specific test proposed is the Chi-square GOF. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com