There are some PRNGs considered cryptographically secure. Which has the longest period among them?
Asked
Active
Viewed 219 times
-1
-
Why do you care? Once the period gets beyond $2^{64}$, no one will ever generate enough output to fall into a repeat, so it's really just a theoretical question... – poncho Mar 30 '16 at 03:33
-
You can easily design PRNGs with arbitrary long periods (or if you admit unbounded memory use even infinite periods), but like poncho said, longer periods offer no advantage once the period is long enough to never repeat in practice. – CodesInChaos Mar 30 '16 at 07:17
-
With csprng with very long period, one can use one key across multiple sessions without re-establishing key. This is just my opinion. Is it a silly idea or useless or whatever? – IPRNG Mar 30 '16 at 09:20
-
@IPRNG $2^{64}$ already gets you there, unless you really expect to exchange 16 exablocks of data over the lifetime of a key. But regardless of period length, if you're going to reuse a key over multiple sessions then you need to be careful about avoiding nonce reuse after a crash. – Daniel Franke Mar 30 '16 at 19:33
-
Imagine there is a CSPRNG with period about $2^{8000}$. Then everyone in the world can use it with different IVs and different keys as many times as necessary forever. No need to care about other things. Right? – IPRNG Mar 31 '16 at 01:41
1 Answers
2
Number-theoretic PRNGs such as Blum-Blum-Shub can be given arbitrarily long periods by choosing sufficiently large parameters. In the case of BBS, the period is $\lambda(M)$ where $M$ is the modulus and $\lambda$ is the Carmichael function, which has no maximum value.
Daniel Franke
- 361
- 1
- 11
-
BBS is a good example of a theoretically secure CSPRNG (arbitrary period), which you really don't want to use in practice. – SEJPM Mar 30 '16 at 12:39