Comments: How to make scientifically verifiable randomness to generate EC curves -- the Hamlet variation on CAcert's root ceremony

Crypto Algorithms that depend on their parameters to be securely random are unsafe from my point of view anyway.
Itīs like DSA that depends on perfect randomness to make sure that it does not leak the private key. This is unsafe. Donīt use it.
A safe crypto algorithm in the non-military sense must not depend on parameters being generated in a safe way.
A military-safe crypto algorithm must be safe only for your own military and unsafe for the adversary. And it must be safe only when used in a very special way that you only know yourself, and it must be unsafe when used by an unknowing adversary.

But I you really need a protocol to define safe random parameters for unsafe algorithms like ECC:

1: Define a way to extract randomness from a publically verifiable historical source. E.g. the stock exchange courses from several different stock exchanges. E.g. Define how to sample the TOP50 stocks of NewYork, London, Vienna, how to encode them exactly, and how to hash them. Preferrably in useable sourcecode form.
2: Define a certain day in the future (1 week to 1 month) when the samples should be taken
3: Publish the algorithm + specification and timestamp your publication, make sure that all relevant parties have received the publication before the sample-date happens.
4: From the sample-date on everyone can run the provided sourcecode to retrieve the samples and to generate the randomness from it, and everyone should get the same values, and be able to verify that the parameters are not cooked.

Posted by PG at May 19, 2014 11:03 AM
Post a comment

Remember personal info?

Hit Preview to see your comment.
MT::App::Comments=HASH(0x1006e50) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/ line 125.