Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [statistical-test]

Statistical testing is used to estimate the likelihood of a hypothesis given a set of data. In cryptanalysis, statistical testing is commonly used to detect non-randomness in the data, e.g. distinguish the output of a PRNG from a truly random bitstream or to find the correctly decrypted message among several incorrect decryption attempts.

Statistical testing is used to estimate the likelihood of a hypothesis given a set of data. In cryptanalysis, statistical testing is commonly used to detect non-randomness in the data, e.g. distinguish the output of a PRNG from a truly random bitstream or to find the correctly decrypted message among several incorrect decryption attempts.

94 questions
20
votes
2 answers

Shannon confusion and diffusion concept

I read the document(not the whole document) from Shannon where he speaks about the concepts of confusion and diffusion. I read in many places(not in the document but around the internet) that confusion is enforced using substitution. Diffusion is…
BrunoMCBraga
  • 321
  • 2
  • 6
18
votes
1 answer

Why did NIST remove The Lempel-Ziv Compression test from the Statistical Test Suite?

NIST removed "The Lempel-Ziv Compression" test from the Statistical Test Suite in revision 2008 and above and has not incorporated it since – see revision 2010. Why was it removed? Does it no longer provide sufficient testing of a PRNG or was it…
ir01
  • 4,092
  • 3
  • 22
  • 31
14
votes
4 answers

Tactics available to help prove security of a new system?

I believe that the accepted tactic to "prove" a system as secure is to allow the crypto-community to review it and if no vulnerabilities are found over a long period of time (5 or 6 years), then a new system can be accepted as secure until proven…
Corey Ogburn
  • 851
  • 7
  • 18
14
votes
5 answers

How to prove the security of the PRNG?

Are there any realties tests or criterias that prove the security of the PRNG? What kind of tests or criteria?
NiceTheo
  • 591
  • 1
  • 6
  • 18
13
votes
3 answers

Estimated entropy per bit given P-value of a statistical test, and number of bits tested?

Assume that a certain statistical RNG test (say from the NIST Statistical Test Suite, Dieharder, etc..) gives us a certain P-value (per the definition [*] used in NIST Special Publication 800-22), after testing $n$ bits of a RNG; say, $P=0.001$…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
11
votes
2 answers

Measuring entropy for a ciphertext only attack

When bruteforcing a password (e.g. the common attacks on DES), where you have ciphertext only, you need a way to assess whether a decrypted plaintext is the right one. I believe the EFF DES machine does this by checking if the chars are printable. …
S. Robert James
  • 329
  • 4
  • 8
7
votes
1 answer

Example of CHI Square test on Caesar Cipher?

I am trying to get my head round the chi square test, when used with the Caesar cipher. I started off using this formula, $$ X = \sum_{i = 1}^k \frac{f_i · f'_i}{n · n'} $$ Where $k$ is the number of distinct letters in the alphabet, $f$ is the…
Lunar
  • 215
  • 3
  • 5
5
votes
4 answers

How to compute the dataset size required by dieharder tests?

I am trying to use the dieharder random number test suite. However, this suite requires massive amount of data (this paper claims 228GB for no rewinding for every test) for most of the tests. I'd like to understand how rewinding is implemented and…
DurandA
  • 453
  • 5
  • 22
5
votes
0 answers

Odds of false error detection in a randomness test using the chi-squared test?

Common Criteria classifies the requirements for true Random Number Generators, and specifies how these should be tested against failures (these can occur accidentally, or following deliberate attack, e.g. by very low temperature). The relevant…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
5
votes
1 answer

Is there are a metric based on collisions to compare bad hash functions?

Bad hash functions are not so perfect as in the "general collision probability" hypothesis... And a general concept of "collision resistence" not need the constraint of independence between the hash function and the sample set. Let $H$ be a hash…
Peter Krauss
  • 193
  • 1
  • 13
5
votes
1 answer

Avalanche effect sample size

With a fixed key size – key has 128 bits, while block size is 8 byte – how do I calculate how many different keys and texts I have to test for an cryptanalytic statistics study? Differently worded: I am planning to encrypt multiple samples and see…
Jesús Martín Berlanga
  • 75
  • 4
5
votes
1 answer

How do you interpret the p-values from the Dieharder testsuite to evaluate an RNG?

#=============================================================================# # dieharder version 3.31.1 Copyright 2003 Robert G. Brown # #=============================================================================# …
tch4096
  • 53
  • 1
  • 3
5
votes
2 answers

Randomness test question from FIPS 140-1 and comparison with 140-2

In FIPS 140-1 there are 4 statistical random number generator tests (The Monobit Test, The Poker Test, The Runs Test and The Long Runs Test. Then FIPS 140-2 came along and supposedly tightened the criteria for these tests. I'll provide a short…
user3428187
  • 53
  • 1
  • 4
5
votes
2 answers

How does one measure the decrease in security, if any, of RC4 when mapping to a specific range of values?

For a project using RC4, the output is to be mapped to values of 0 to 35. Thus, only 36 unique output values representing the letters A to Z and 0 to 9. To avoid bias, the RC4 byte output (with a range of 0 to 255) is discarded if the value is…
Deskguy
  • 51
  • 1
4
votes
1 answer

Golomb's Randomness postulates

In Handbook of applied cryptography, Golomb's randomness postulates are given: Let $s$ be a periodic sequence of period $N$. Golomb’s randomness postulates are the following. R1: In the cycle $s_N$ of $s$, the number of $1$s differs from the number…
alper akyuz
  • 141
  • 3
1
2 3 4 5 6 7