post processing functions for a biased physical random
play

Post-processing functions for a biased physical random number - PowerPoint PPT Presentation

Jul 16, 2023 •12 likes •282 views

Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Post-processing functions for a biased physical random number generator Patrick Lacharme Universit de Toulon, Institut de Mathmatique

  1. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Post-processing functions for a biased physical random number generator Patrick Lacharme Université de Toulon, Institut de Mathématique (Imath) Fast Software Encryption 2008 1/27 Patrick Lacharme Post-processing functions for a biased physical random n

  2. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Overview Statistical model 1 Linear corrector 2 Non linear corrector 3 Systematic construction 4 2/27 Patrick Lacharme Post-processing functions for a biased physical random n

  3. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Overview Statistical model 1 Linear corrector 2 Non linear corrector 3 Systematic construction 4 3/27 Patrick Lacharme Post-processing functions for a biased physical random n

  4. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion True random number generator A true random number generator consists of two different parts : A physical non deterministic phenomenon produces a raw binary sequence. A deterministic function, called corrector, compress this sequence in order to reduce statistical weakness. 4/27 Patrick Lacharme Post-processing functions for a biased physical random n

  5. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Statistical model for the raw sequence The bias e is the deviation from 1/2 of the probability of occurence of a bit x i : e = | P ( x i = 0 ) − 1 / 2 | = | P ( x i = 1 ) − 1 / 2 | . Hypothesis : the bits x i of the raw sequence are independents and have a constant bias e . A corrector is a function mapping a vector x of n bits to a vector y of m bits, with compression rate m / n . 5/27 Patrick Lacharme Post-processing functions for a biased physical random n

  6. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Output biais of a Boolean function Let e be the bias of the n input x i . For a Boolean function f mapping F n 2 to F 2 , the output bias ∆ f of f is ∆ f ( e ) = | P ( f ( x ) = 1 ) − 1 / 2 | = | P ( f ( x ) = 0 ) − 1 / 2 | . (1) For a vectorial function f mapping n bits to m bits, the output bias of a linear combination of f i � m i = 1 u i f i ( x ) = u . f ( x ) is : ∆ u . f ( e ) = | P ( u . f ( x ) = 1 ) − 1 / 2 | = | P ( u . f ( x ) = 0 ) − 1 / 2 | . 6/27 Patrick Lacharme Post-processing functions for a biased physical random n

  7. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion First formula of output bias of a Boolean function From (1), the output bias ∆ f ( e ) is a polynomial in e : � ∆ f ( e ) = − 1 ( 1 2 − e ) n − w h ( x ) ( 1 2 + e ) w h ( x ) ( − 1 ) f ( x ) (2) 2 x ∈ F n 2 = a 0 + a t e t + a t + 1 e t + 1 + . . . Moreover, ∆ f ( e ) have no constant term if and only if f is balanced. Construction of functions which maximalise the valuation t ? 7/27 Patrick Lacharme Post-processing functions for a biased physical random n

  8. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Three linear correctors M. Dichtl (FSE’07) : Bad and Good ways of post-processing biased physical random numbers . Three linear correctors mapping 16 bits to 8 bits : y i = x i + x i + 1 mod 8 + x i + 8 mod 2. 1 y i = x i + x i + 1 mod 8 + x i + 2 mod 8 + x i + 8 mod 2. 2 y i = x i + x i + 1 mod 8 + x i + 2 mod 8 + x i + 4 mod 8 + x i + 8 mod 2. 3 Same compression rate as xor corrector : y i = x 2 i + x 2 i + 1 mod 2 . 8/27 Patrick Lacharme Post-processing functions for a biased physical random n

  9. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Analysis of the bias These correctors are designed to reduce the output bias. Same hypothesis on input bias. Approach : determine probability of every inputs and sum up the probability of occurence leading the same output. Results : bias of any output bytes is a polynomial in e and the lowest power in e is respectly 3, 4 and 5. Systematic construction of corrector with variable input sizes and compression rates ? 9/27 Patrick Lacharme Post-processing functions for a biased physical random n

  10. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Overview Statistical model 1 Linear corrector 2 Non linear corrector 3 Systematic construction 4 10/27 Patrick Lacharme Post-processing functions for a biased physical random

  11. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Matricial representation of a linear corrector A linear corrector f mapping F n 2 to F m 2 is defined by the 1 matricial product :       h 1 , 1 . . . h 1 , n x 1 y 1  .   .   .  . . . f ( x ) =  =  ,     . . . h m , 1 . . . h m , n x n y m where H = ( h i , j ) is a binary matrix with m rows and n collums. A linear corrector is associated with a [ n , m ] linear code. 2 It corresponds to a syndrom calculation. 3 11/27 Patrick Lacharme Post-processing functions for a biased physical random

  12. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Minimal distance and bias Let f be the linear corrector represented by the matrix H generating a [ n , m , d ] linear code, and e / 2 the input bias. Theorem The output bias ∆ u . f ( e ) of u . f ( x ) is less or equal than e d / 2 . Sketch of proof : The bias of x i 1 + . . . + x i d mod 2 is e d / 2. Any linear combination of output bits is the sum of at least d input bits, by definition of minimal distance of a linear code. 12/27 Patrick Lacharme Post-processing functions for a biased physical random

  13. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Implementation with cyclic codes The syndrom calculation is realized by a polynomial division n k � � m i X i mod g i X i , i = 0 i = 0 which is efficiently implemented with a shift register. g g g 0 1 k m m m 0 1. n r r r 0 1 k 13/27 Patrick Lacharme Post-processing functions for a biased physical random

  14. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Conclusion on linear corrector Equivalence between minimal distance of a linear code and valuation of the bias of linear combination of output bits. For example, the three correctors of M. Dichtl correspond respectly to generator matrix of [16,8,3], [16,8,4] and [16,8,5] linear codes. Moreover, all this part can be generalized with non constant input bias using the d greatest input bias. Non linear corrector can be better than linear corrector ? 14/27 Patrick Lacharme Post-processing functions for a biased physical random

  15. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Overview Statistical model 1 Linear corrector 2 Non linear corrector 3 Systematic construction 4 15/27 Patrick Lacharme Post-processing functions for a biased physical random

  16. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Fourier and Walsh Transform Definition The Fourier transform of a function f with n variables is : � f ( x )( − 1 ) x . u . F f ( u ) = x ∈ F n 2 The Walsh transform of a function f with n variables is : � � ( − 1 ) f ( x ) ⊕ x . u . f ( u ) = x ∈ F n 2 16/27 Patrick Lacharme Post-processing functions for a biased physical random

  17. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Output bias with Walsh coefficients Theorem The output bias ∆ φ u ( e ) of φ u ( x ) = u . f ( x ) is � 1 ( 2 e ) w h ( v ) ( − 1 ) w h ( v )+ 1 � ∆ φ u ( e ) = φ u ( v ) . (3) 2 n + 1 v ∈ F n 2 Sketch of proof : From formula (2) of the bias, we analyse the Fourier transform of the function g ( x ) = ( 1 2 − e ) n − w h ( x ) ( 1 2 + e ) w h ( x ) . 17/27 Patrick Lacharme Post-processing functions for a biased physical random

  18. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Example (1) Let f be the Boolean function defined by f ( x ) = f ( x 1 , x 2 , x 3 ) = x 2 + x 3 + x 1 x 2 + x 2 x 3 mod 2 , where the truth table and the Walsh coefficients are � x f ( x ) f ( x ) 000 0 0 001 1 4 010 1 0 100 0 -4 011 1 4 101 1 0 110 0 4 111 0 0 18/27 Patrick Lacharme Post-processing functions for a biased physical random

  19. Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Example (2) The probability P ( f ( x ) = 0 ) = 1 2 − e computed with formula (2) : P ( f ( x ) = 0 ) = ( 1 2 − e ) 3 +( 1 2 − e ) 2 ( 1 2 + e )+( 1 2 − e )( 1 2 + e ) 2 +( 1 2 + e ) 3 = 1 2 + 2 e 2 . The output bias computed with formula (3), with u = 1, is ∆ f ( e ) = 1 16 (ˆ f ( 000 ) + 2 e ˆ f ( 001 ) + 2 e ˆ f ( 010 ) + 2 e ˆ f ( 100 ) − 4 e 2 ˆ f ( 011 ) − 4 e 2 ˆ f ( 101 ) − 4 e 2 ˆ f ( 110 ) + 8 e 3 ˆ f ( 111 )) = − 2 e 2 . 19/27 Patrick Lacharme Post-processing functions for a biased physical random

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bad and Good Ways of Post-Processing Biased Random Numbers Markus Dichtl Siemens AG Corporate

Bad and Good Ways of Post-Processing Biased Random Numbers Markus Dichtl Siemens AG Corporate

Bad and Good Ways of Post-Processing Biased Random Numbers Markus Dichtl Siemens AG Corporate Technology Overview This talk comes in two parts: A bad way Good ways Why Post-Processing? Observation: All physical random numbers

599 views • 41 slides
Extreme Event-Size Extreme Event-Size Fluctuations in Biased Fluctuations in Biased Random

Extreme Event-Size Extreme Event-Size Fluctuations in Biased Fluctuations in Biased Random

Extreme Event-Size Extreme Event-Size Fluctuations in Biased Fluctuations in Biased Random Walks on Networks Random Walks on Networks Vimal Kishore Physical Research Laboratory Ahmedabad, India phy.vimal@gmail.com vimal@prl.res.in Plan of

817 views • 25 slides
Biased landscape in random constraint satisfaction problems Louise Budzynski LPENS, PhD with

Biased landscape in random constraint satisfaction problems Louise Budzynski LPENS, PhD with

Biased landscape in random constraint satisfaction problems Louise Budzynski LPENS, PhD with Guilhem Semerjian June 30, 2020 Table of contents 1. Introduction 2. Biased measure over the set of solutions 3. Large k asymptotics of the

348 views • 22 slides
Post Processing Effects By Michael Michuki What is Post processing? Post Processing is the

Post Processing Effects By Michael Michuki What is Post processing? Post Processing is the

Post Processing Effects By Michael Michuki What is Post processing? Post Processing is the process of adding additional Effects after production to tweak the overall look and feel of a scene. Examples of elements and effects include Lens

654 views • 47 slides
STAR-CCM+ Pre/Post Processing Bill Jester, CD-adapco Introduction Pre/Post Processing

STAR-CCM+ Pre/Post Processing Bill Jester, CD-adapco Introduction Pre/Post Processing

STAR-CCM+ Pre/Post Processing Bill Jester, CD-adapco Introduction Pre/Post Processing Pre-processing Output Results Input Data STAR-CCM+ Meshing/Simulation Post-processing Introdu oduction ction Pre-pr processing cessing What do

847 views • 38 slides
On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul Nandi 2 , Moti Yung 3 1 National Institute of Standards and Technology (NIST), USA 2 C R Rao AIMSCS, Hyderabad, India 3 Google Inc. and Department of

605 views • 35 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
Post-processing effects Morten Paluteder Post-processing effect? Render the scene as normal

Post-processing effects Morten Paluteder Post-processing effect? Render the scene as normal

Post-processing effects Morten Paluteder Post-processing effect? Render the scene as normal Don't project to the screen, save Apply shaders Project the outcome https://www.youtube.com/watch?v=3Asqn9SNTnk Color grading Tone

2.77k views • 26 slides
New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

Generating random samples from Statistical Distributions Pros and cons of current functions and commands Our approach Conclusions New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal an-Garc a, M.

403 views • 16 slides
Dynamic Region-biased Rapidly-exploring Random Trees by Jory Denny, Read Sandstrom, Andrew

Dynamic Region-biased Rapidly-exploring Random Trees by Jory Denny, Read Sandstrom, Andrew

Dynamic Region-biased Rapidly-exploring Random Trees by Jory Denny, Read Sandstrom, Andrew Bregger, and Nancy M. Amato University of Richmond, Richmond VA, USA Texas A&M University, College Station, TX, USA Presenter: Jae Won Choi RRT

962 views • 51 slides
Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of Virginia Why do these matter? Alternative consensus protocols Applications to public randomness generation Leader election Bitcoin Proof of Work

355 views • 19 slides
Physical optimization for Physical optimization for FPGAs using post- FPGAs using post-

Physical optimization for Physical optimization for FPGAs using post- FPGAs using post-

Physical optimization for Physical optimization for FPGAs using post- FPGAs using post- placement topology placement topology rew riting rew riting Val Pevzner, Andrew Kennings, Andy Fox Introduction (1) Introduction (1) Traditional flow

459 views • 20 slides
Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of

Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of

Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of PRG (pseudo-random generators) being constructed from any one-way functions. Now we shall consider a related concept: Pseudo-random

829 views • 15 slides
3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the

3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the

35 Functions of a Random Variable 3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the probability den- sity for the speed of an atom p v ( ) is known. The variable of interest, for a particular

526 views • 13 slides
Quick Warm-Up Suppose we have a biased coin that comes up heads with some unknown probability p

Quick Warm-Up Suppose we have a biased coin that comes up heads with some unknown probability p

Quick Warm-Up Suppose we have a biased coin that comes up heads with some unknown probability p ; how can we use it to produce random bits with probabilities of exactly 0.5 for 0 and 1? 1 Quick Warm-Up Suppose we have a biased coin that

634 views • 32 slides
Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions Veronika Kuchta and Mark Manulis CANS 2013, Paraty, Brazil November 21, 2013 Overview Unique Signature Schemes Verifiable Random Functions Unique

420 views • 13 slides
Introduction to Political Research Session 11-Probability Sampling Lecturer: Prof. A.

Introduction to Political Research Session 11-Probability Sampling Lecturer: Prof. A.

POLI 343 Introduction to Political Research Session 11-Probability Sampling Lecturer: Prof. A. Essuman-Johnson, Dept. of Political Science Contact Information: aessuman-johnson@ug.edu.gh College of Education School of Continuing and Distance

771 views • 32 slides
Parallel Data Generation for Performance Analysis of Large, Complex RDBMS Tilmann Rabl and Meikel

Parallel Data Generation for Performance Analysis of Large, Complex RDBMS Tilmann Rabl and Meikel

Parallel Data Generation for Performance Analysis of Large, Complex RDBMS Tilmann Rabl and Meikel Poess Presented by Mohammad Sadoghi Agenda Motivation Data generation for DBMS benchmarking Classification of data dependencies

459 views • 29 slides
Introduction to Pseudo-Random Number Generators Nicola Gigante March 9, 2016 Why random

Introduction to Pseudo-Random Number Generators Nicola Gigante March 9, 2016 Why random

Introduction to Pseudo-Random Number Generators Nicola Gigante March 9, 2016 Why random numbers? Lifes most important questions are, for the most part, nothing but probability problems. Pierre-Simon de Laplace 2 Why random numbers?

684 views • 55 slides
Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel, Marion Videau October 23, 2009 - Rennes Outline Random Number Generators The Linux Random Number Generator Building Blocks Entropy Estimation

681 views • 55 slides
SAMPLING Week 6 Slides ScWk 240 1 Purpose of Sampling Why sampling? - to

SAMPLING Week 6 Slides ScWk 240 1 Purpose of Sampling Why sampling? - to

SAMPLING Week 6 Slides ScWk 240 1 Purpose of Sampling Why sampling? - to study the whole popula5on? A major reason studying samples rather than the

288 views • 16 slides
INTRODUCTION TO PROBABILITY INTRODUCTION TO PROBABILITY MODELS MODELS Lecture 34 Qi Wang ,

INTRODUCTION TO PROBABILITY INTRODUCTION TO PROBABILITY MODELS MODELS Lecture 34 Qi Wang ,

INTRODUCTION TO PROBABILITY INTRODUCTION TO PROBABILITY MODELS MODELS Lecture 34 Qi Wang , Department of Statistics Nov 12, 2018 5 NUMBER SUMMARY 5 NUMBER SUMMARY 5 Number Summary is consist of Minimum, , Median, , Maximum EXAMPLE 1

404 views • 12 slides
SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements

SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements

SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements Grouped into batches Batches are executed when a GO statement is hit Why are these batches necessary? Certain commands cannot be

452 views • 21 slides
Simulation Examples Banks, Carson, Nelson & Nicol Discrete-Event System Simulation Purpose

Simulation Examples Banks, Carson, Nelson & Nicol Discrete-Event System Simulation Purpose

Chapter 2 Simulation Examples Banks, Carson, Nelson & Nicol Discrete-Event System Simulation Purpose To present several examples of simulations that can be performed by devising a simulation table either manually or with a spreadsheet.

606 views • 46 slides

More recommend