outer@utcsrgv.UUCP (Richard Outerbridge) (02/27/84)
Cryptographic randomness is not statistical randomness. A generating function need not be statistically random in order to be cryptographicly random. Of course the more random, the better, but... Using a "one-time" pad system, the entropy of the key need only be greater than the redundancy of the plaintext in order to achieve an infinite unicity distance (ie a ciphertext the unique solution of which cannot be proved). In English, this means that a one-time system of ten (eg 0-9) key values barely suffices: this implies that a generator of all 26 (0-25) values need be much less than statistically random so long as the minimum entropy of any generated series was not less than 3.5 (the redundancy of English is about 3.2 bits per letter). On computers the entropy of most files I've seen is not much lower than three bits-per-byte, giving a redundancy of five bits-per-byte. This >implies< that an adequate generating function need only come up with a minimum entropy better than five bits-per-byte, and not the statistical standard of eight b.p.b. Note that any compaction scheme only lessens the burden of the generator, by reducing the redundancy of the plaintext. Any comments? Richard Outerbridge outer@utcsrgv UofToronto CSRG