Provable-Security
從種子派生一組種子
我需要一套種子 $ S={s_1,…, s_n} $ , 對於偽隨機函式,其中種子 $ s_i $ is used to generate a set of pseudo-random values. Obviously I need to be able to regenerate the sets of pseudo-random values, but I do not want to keep the seeds. Thus, I’d like to use a master seed to generate the other seeds.
Question: Would it be secure if I generate a seed for pseudo-random function and then use it to generate a set of seeds?
If not what a solution would be?
By secure I mean the pseudo-random values should not be distinguished from random values.
我相信它看起來類似於 unix/Linux 系統中的 random 和 urandom 函式。一旦物理熵/種子不夠,一個會阻塞,另一個會根據目前的種子生成種子。從安全的角度來看,純隨機熵應該是更好的選擇,但在實際中,我看不到種子生成的問題。如果您的初始種子是純隨機的,則在某種程度上應該無法區分……就像物理熵一樣。