Nothing up my sleeve number
Encyclopedia
In cryptography
, nothing up my sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and cipher
s. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for (in Bruce Schneier
's words) a "nefarious purpose", for example, to create a "backdoor" to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π
as the constants. Using digits of π millions of places into its definition would not be considered as trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit.
Digits in the positional representation
of real numbers such as π, e and irrational roots are believed to appear random. See normal number
. Such numbers can be viewed as the opposite extreme of Chaitin–Kolmogorov random numbers in that they appear random but have very low information entropy
. Their use is motivated by early controversy over the U.S. Government's 1975 Data Encryption Standard
, which came under criticism because no explanation was supplied for the constants used in its S-box (though they were later found to have good justification, see Differential cryptanalysis
).p.278 Thus a need was felt for a more transparent way to generate constants used in cryptography.
"Nothing up my sleeve" is a phrase associated with magician
s, who sometimes preface a magic trick by holding open their sleeves to show they have no objects hidden inside.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, nothing up my sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for (in Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
's words) a "nefarious purpose", for example, to create a "backdoor" to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π
Pi
' is a mathematical constant that is the ratio of any circle's circumference to its diameter. is approximately equal to 3.14. Many formulae in mathematics, science, and engineering involve , which makes it one of the most important mathematical constants...
as the constants. Using digits of π millions of places into its definition would not be considered as trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit.
Digits in the positional representation
Positional notation
Positional notation or place-value notation is a method of representing or encoding numbers. Positional notation is distinguished from other notations for its use of the same symbol for the different orders of magnitude...
of real numbers such as π, e and irrational roots are believed to appear random. See normal number
Normal number
In mathematics, a normal number is a real number whose infinite sequence of digits in every base b is distributed uniformly in the sense that each of the b digit values has the same natural density 1/b, also all possible b2 pairs of digits are equally likely with density b−2,...
. Such numbers can be viewed as the opposite extreme of Chaitin–Kolmogorov random numbers in that they appear random but have very low information entropy
Information entropy
In information theory, entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message, usually in units such as bits...
. Their use is motivated by early controversy over the U.S. Government's 1975 Data Encryption Standard
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, which came under criticism because no explanation was supplied for the constants used in its S-box (though they were later found to have good justification, see Differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
).p.278 Thus a need was felt for a more transparent way to generate constants used in cryptography.
"Nothing up my sleeve" is a phrase associated with magician
Magic (illusion)
Magic is a performing art that entertains audiences by staging tricks or creating illusions of seemingly impossible or supernatural feats using natural means...
s, who sometimes preface a magic trick by holding open their sleeves to show they have no objects hidden inside.
Examples
- The cipher KhafreKhufu and KhafreIn cryptography, Khufu and Khafre are two block ciphers designed by Ralph Merkle in 1989 while working at Xerox's Palo Alto Research Center...
, designed in 1989, includes constants from the book A Million Random Digits with 100,000 Normal DeviatesA Million Random Digits with 100,000 Normal DeviatesA Million Random Digits with 100,000 Normal Deviates is a 1955 book by the RAND Corporation. The book, consisting primarily of a random number table, was an important 20th century work in the field of statistics and random numbers...
, published by the RAND Corporation in 1951. - Ron RivestRon RivestRonald Linn Rivest is a cryptographer. He is the Andrew and Erna Viterbi Professor of Computer Science at MIT's Department of Electrical Engineering and Computer Science and a member of MIT's Computer Science and Artificial Intelligence Laboratory...
used the trigonometric sineSineIn mathematics, the sine function is a function of an angle. In a right triangle, sine gives the ratio of the length of the side opposite to an angle to the length of the hypotenuse.Sine is usually listed first amongst the trigonometric functions....
function to generate constants for the widely-used MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
hash. - The U.S. National Security AgencyNational Security AgencyThe National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
used the square rootSquare rootIn mathematics, a square root of a number x is a number r such that r2 = x, or, in other words, a number r whose square is x...
s of small integers to produce the constants used in its "Secure Hash Algorithm" SHA-1. The SHA-2SHA-2In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
functions use the square roots and cube roots of small primesPrime numberA prime number is a natural number greater than 1 that has no positive divisors other than 1 and itself. A natural number greater than 1 that is not a prime number is called a composite number. For example 5 is prime, as only 1 and 5 divide it, whereas 6 is composite, since it has the divisors 2...
. - The BlowfishBlowfish (cipher)Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
encryption algorithm uses the binary representation of π to initialize its key scheduleKey schedule[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
. - RFC 3526 describes prime numbers for internet key exchangeInternet key exchangeInternet Key Exchange is the protocol used to set up a security association in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP...
that are also generated from π. - The S-box of the NewDESNewDESIn cryptography, NewDES is a symmetric key block cipher. It was created in 1984–1985 by Robert Scott as a potential DES replacement. Despite its name, it is not derived from DES and has a quite different structure. Its intended niche as a DES replacement has now mostly been filled by AES...
cipher is derived from the United States Declaration of Independence. - The AES candidateAdvanced Encryption Standard processThe Advanced Encryption Standard , the block cipher ratified as a standard by National Institute of Standards and Technology of the United States , was chosen using a process markedly more open and transparent than its predecessor, the aging Data Encryption Standard...
DFCDFC (cipher)In cryptography, DFC is a block cipher which wascreated in 1998 by a group of researchers from École Normale Supérieure, CNRS, and France Télécom and submitted to the AES competition.Like other AES candidates, DFC operates on blocks of 128 bits, using a key of 128, 192, or 256 bits...
derives all of its arbitrary constants, including all entries of the S-box, from the binary expansion of eE (mathematical constant)The mathematical constant ' is the unique real number such that the value of the derivative of the function at the point is equal to 1. The function so defined is called the exponential function, and its inverse is the natural logarithm, or logarithm to base...
. - The ARIAARIA (cipher)In cryptography, ARIA is a block cipher designed in 2003 by a large group of South Korean researchers. In 2004, the Korean Agency for Technology and Standards selected it as a standard cryptographic technique....
key schedule uses the binary expansion of 1/π. - The key schedule of the RC5RC5In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code"...
cipher uses binary digits from both e and the golden ratioGolden ratioIn mathematics and the arts, two quantities are in the golden ratio if the ratio of the sum of the quantities to the larger quantity is equal to the ratio of the larger quantity to the smaller one. The golden ratio is an irrational mathematical constant, approximately 1.61803398874989...
. - Dual EC DRBGDual EC DRBGDual_EC_DRBG or Dual Elliptic Curve Deterministic Random Bit Generator is a controversial pseudorandom number generator designed and published by the National Security Agency. It is based on the elliptic curve discrete logarithm problem and is one of the four PRNGs standardized in the NIST...
, a NIST-recommended cryptographic random bit generator, came under criticism in 2007 because constants recommended for use in the algorithm could have been selected in a way that would permit their author to predict future outputs given a sample of past generated values. - The BLAKE hash functionBLAKE (hash function)BLAKE is a cryptographic hash function submitted to the NIST hash function competition by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. It is based on Dan Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with some round constants, is added...
, a finalist in the SHA3 competition, uses a table of 16 constant words which are the leading 512 or 1024 bits of the fractional part of π,