{Filename?} Re: random.c: LFSR polynomials are not irreducible/primitive

From: Stephan Mueller
Date: Wed Aug 16 2017 - 08:51:55 EST

Next message: Eugeniy Paltsev: "Re: [PATCH v3 3/5] reset: stm32: use the reset-simple driver"
Previous message: Ryder Lee: "Re: [PATCH] crypto: mediatek - Add empty messages check in GCM mode"
Next in thread: Fontaine david: "Re: random.c: LFSR polynomials are not irreducible/primitive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Warning: This message has had one or more attachments removed
Warning: (LFSR_polynomials eprint 251.mag).
Warning: Please read the "rtspam-uits-indiana-edu-Attachment-Warning.txt" attachment(s) for more information.

Am Dienstag, 15. August 2017, 17:12:24 CEST schrieb Theodore Ts'o:

Hi Theodore,

>
> Stephan, if you have any comments on the proposal made by David
> Fontaine and Olivier Vivolo, I'd appreciate hearing them!

I think I have some news: The magma code I used for GF(2^32) testing was not
correct.

The corrected magma code is attached (thanks to Dr. Peter Birkner, BSI, who
helped me here).

That magma code shows:

- the current polynomials for Q(X) = Î**3 (P(X) â 1) + 1 are irreducible but
not primitive over GF(2^32)

- the polynomials suggested in https://eprint.iacr.org/2017/726.pdf Q(X) =
Î**4 (P(X) â 1) + 1 are both, irreducible and primitive over GF(2^32)

The use of GF(2^32) is important, because we apply the LFSR to a 32 bit word.
Hence, we have 2^32 permutations the LFSR should evenly cover.

Bottom line, I would recommend that random.c is patched to take the
polynomials suggested in https://eprint.iacr.org/2017/726.pdf.

If it is of any help, the attached magma code could be preserved somewhere
useful (in random.c?)

Ciao
Stephan
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "LFSR_polynomials eprint 251.mag"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

If you wish to receive a copy of the original attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Wed Aug 16 08:51:56 2017 the virus scanner said:
MailScanner: Microsoft Access Shortcuts are dangerous in email (LFSR_polynomials eprint 251.mag)

Note to Help Desk: Look on the rtspam-uits-indiana-edu (rt-spam) MailScanner in /var/spool/MailScanner/quarantine/20170816 (message DF2E54E7197.A4864).
--
Postmaster
RT-Spam Mail Scanner
rt-spam.uits.indiana.edu

For all your IT requirements visit: http://www.transtec.co.uk

Next message: Eugeniy Paltsev: "Re: [PATCH v3 3/5] reset: stm32: use the reset-simple driver"
Previous message: Ryder Lee: "Re: [PATCH] crypto: mediatek - Add empty messages check in GCM mode"
Next in thread: Fontaine david: "Re: random.c: LFSR polynomials are not irreducible/primitive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]