Nothing up my sleeve number

From Wikipedia, the free encyclopedia

Nothing up my sleeve numbers are numbers which appear to be random by statistical tests but are created with minimum entropy. They are typically used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for (in Bruce Schneier's words) a "nefarious reason", for example, to create a "backdoor" to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment.

Such numbers can be viewed as the opposite extreme of Chaitin–Kolmogorov random numbers.

[edit] Examples

• The U.S. Government's 1975 Data Encryption Standard came under criticism because no explanation was supplied for the constants used in its S-box (see Differential cryptanalysis)
• Khafre includes constants from the book A Million Random Digits with 100,000 Normal Deviates, published by the RAND Corporation.
• Ron Rivest used the trigonometric sine function to generate constants for MD5.
• The U.S. National Security Agency used the square roots of small integers to produce the constants used in SHA-1. The SHA-2 functions use the square roots and cube roots of small primes.
• The Blowfish encryption algorithm uses the binary representation of π to initialize its key schedule.
• RFC 3526 describes prime numbers similarly generated from π.
• The S-box of the NewDES cipher is derived from the United States Declaration of Independence.
• The AES candidate DFC derives all of its arbitrary constants, including all entries of the S-box, from the binary expansion of e.
• The key schedule of RC5 uses binary digits from both e and the golden ratio.

[edit] References

• Bruce Schneier. Applied Cryptography, second edition. John Wiley and Sons, 1996.