[cryptography] NIST Randomness Beacon

Andy Isaacson adi at hexapodia.org
Sun Nov 10 03:54:01 EST 2013


On Sat, Nov 09, 2013 at 08:28:17PM -0800, d.nix wrote:
> surely someone here has an opinion...
> 
> http://www.nist.gov/itl/csd/ct/nist_beacon.cfm

>From the page, a relevant suggestion:

    WARNING:
    DO NOT USE BEACON GENERATED
    VALUES AS SECRET
    CRYPTOGRAPHIC KEYS.

The Beacon is a potentially useful service.  Folks have implemented
similar semantics by, for example, hashing the DJIA closing value of a
given date (see http://xkcd.com/426/).

NIST's implementation, of course, makes them a trusted third party to
any security critical applications of this oracle.  I'd be more
comfortable with a cryptographic hash of an unpredictable but publicly
determined value; however, it's hard to find one that has as much
entropy as the Beacon.

For example, suppose you use the low bits of the bitcoin blockchain
hash.  An attacker with 10% of the hash power could probabilistically
attack such a system by chosing blocks with a specific value in those
bits; furthermore, the miners might know the relevant value earlier than
other users of the system.

-andy


More information about the cryptography mailing list