SEDGEWICK

ntist WAYNE
Computer Science

ary
A N I N T E R D I S C I P L I N A RY A P P R O A C H

or

d
gs,
of

omputer
C cience 1.2 Encryption
hem

h.

S
nce
d
wick

ysis
orics;
ver

An Interdisciplinary Approach

ROBERT SEDGEWICK
ANADA
K E V I N WAY N E
Sending a secret message

“use yT25a5i/S if I ever send

Alice wants to send a secret message to Bob. you an encrypted message”

• Sometime in the past, they exchanged a cryptographic key. "OK"

• Alice uses the key to encrypt the message.

• Bob uses the same key to decrypt the message.
Alice

Bob
Hey, Bob. Here's a secret message. Hey, Bob. Here's a secret message.

Hi Alice. OK, I'm ready. Hi Alice. OK, I'm ready.

key: yT25a5i/S gX76W3v7K

SENDMONEY sending gX76W3v7K key: yT25a5i/S SENDMONEY

encrypted message gX76W3v7K is "in the clear" (anyone can read it, including Eve) gX76W3v7K ??

Critical point: Without the key, Eve cannot understand the message.

Q. How does the system work?

Eve 2
Encrypt/decrypt methods
Goal. Design a method to encrypt and decrypt data.

S E N D M O N E Y
encrypt

g X 7 6 W 3 v 7 K
decrypt

S E N D M O N E Y

Example 1. Enigma encryption machine [German code, WWII]

• Broken by Turing bombe (one of the first uses of a computer).
• Broken code helped win Battle of Atlantic by providing U-boat locations.

Example 2. One-time pad [details to follow]

Example 3. Linear feedback shift register [later]

3
A digital world

A bit is a basic unit of information.

• Two possible values (0 or 1).
• Easy to represent in the physical world (on or off ).

In modern computing and communications systems,

we represent everything as a sequence of bits.

• Text [details to follow in this lecture]

• Numbers
• Sound
• Pictures
0 1 0 0 0 1 0 1
• ...
• Programs [profound implications, stay tuned]. 01000101 2 = 6910

Bottom line. If we can send and receive bits, we can send and receive anything.
well, not cars or cats (yet)
4
 Encoding text as a sequence of bits

bits symbols
Base64 encoding of character strings
Base64 6 64
• A simple method for representing text.
• 64 different symbols allowed: A-Z, a-z, 0-9, +, /. ASCII 8 256
(extended version)
• 6 bits to represent each symbol.
Unicode 16 65,536
• ASCII and Unicode methods used on your computer are similar.

000000 A 001000 I 010000 Q 011000 Y 100000 g 101000 o 110000 w 111000 4

000001 B 0 01001 J 010001 R 011001 Z 100001 h 101001 p 110001 x 111001 5
000010 C 001010 K 010010 S 011010 a 100010 i 101010 q 110010 y 111010 6
000011 D 001011 L 010011 T 011011 b 100011 j 101011 r 110011 z 111011 7
000100 E 001100 M 010100 U 011100 c 100100 k 101100 s 110100 0 111100 8
000101 F 001101 N 010101 V 011101 d 100101 l 101101 t 110101 1 111101 9
000110 G 001110 O 010110 W 011110 e 100110 m 101110 u 110110 2 111110 +
000111 H 001111 P 010111 X 011111 f 100111 n 101111 v 110111 3 111111 /

Example:
S E N D M O N E Y
S E N D M O N E Y 010010 0 0 0 1 0 0 0 0 11 0 1 0 0 0 0 11 0 0 11 0 0 0 0 111 0 0 0 11 0 1 0 0 0 1 0 0 0 11 0 0 0
5
Encoding versus Encryption

Before we go any further, let’s be clear…

• encoding is a way of representing information

• such as representing text with binary sequences using Base64
• encoding is not intended to hide information
• think: how to encode and decode text using Base64 is widely known
• so it would be a very poor way of keeping secrets!

• encryption is a way of maintaining secrecy

• it uses a secret key to somehow change information into a form that
cannot be decrypted and understood without the key

So in the slides that follow, we are going to encode text in binary using
Base64
• and then encrypt or decrypt it using a one-time pad
6
One-Time Pads

What is a one-time pad?

• A cryptographic key known only to the sender and receiver.
• Good choice: A random sequence of bits (stay tuned).
• Security depends on each sequence being used only once.

y T 2 5 a 5 i / S

11 0 0 1 0 0 1 0 0 11 11 0 11 0 111 0 0 1 0 11 0 1 0 111 0 0 1 1 0 0 0 1 0 111111 0 1 0 0 1 0 y T 2 5 a 5 i / S

more convenient than bits

for initial exchange
Note: Any sequence of bits can be decoded into a sequence of characters.

7
Encryption with a one-time pad

Preparation
• Create a "random" sequence of bits (a one-time pad).
• Send one-time pad to intended recipient through a secure channel.

Encryption
• Encode text as a sequence of N bits.
• Use the first N bits of the pad. important point: need to have as many bits
in the pad as there are in the message.
• Compute a new sequence of N bits from the message and the pad.
• Decode result to get a sequence of characters.
a
Result: A ciphertext (encrypted message). simple
machine

message S E N D M O N E Y 010010000100001101000011001100001110001101000100011000

one-time pad y T 2 5 a 5 i / S 110010010011110110111001011010111001100010111111010010

ciphertext g X 7 6 W 3 v 7 K 100000010111111011111010010110110111101111111011001010

8
A (very) simple machine for encryption

To compute a ciphertext from a message and a one-time pad

• Encode: the message and pad in binary.
• Encrypt: each ciphertext bit is the bitwise exclusive or of corresponding bits in message and pad.

Definition: The bitwise exclusive or of two bits is 1 if they differ, 0 if they are the same.

S E N D M O N E Y

S E N D M O N E Y message 010010000100001101000011001100001110001101000100011000

y T 2 5 a 5 i / S one-time pad 110010010011110110111001011010111001100010111111010010

y T 2 5 a 5 i / S

XOR

g X 7 6 W 3 v 7 K ciphertext 100000010111111011111010010110110111101111111011001010

g X 7 6 W 3 v 7 K
9
Pop quiz on bitwise XOR encryption

Q. Encrypt the message E A S Y with the pad 0 1 2 3.

10
Pop quiz on bitwise XOR encryption

Q. Encrypt the message E A S Y with the pad 0 1 2 3.

get coding table

E A S Y
encode message
000100 000000 010010 011000

0 1 2 3
encode pad
110100 110101 110110 110111

110000 110101 100100 101111 XOR to encrypt

w 1 k v decode

11
Decryption with a one-time pad

A. Alice's device uses a "bitwise exclusive or" machine to encrypt the message.

Q. What kind of machine does Bob's device use to decrypt the message?

A. The same one (!!)

12
A (very) simple machine for encryption and decryption

To compute a message from a ciphertext and a one-time pad

• Use binary encoding of ciphertext and pad.
• Each message bit is the bitwise exclusive or of corresponding bits in ciphertext and pad.

1 if they differ; 0 if they are the same

g X 7 6 W 3 v 7 K

g X 7 6 W 3 v 7 K ciphertext 100000010111111011111010010110110111101111111011001010

y T 2 5 a 5 i / S one-time pad 110010010011110110111001011010111001100010111111010010

y T 2 5 a 5 i / S

XOR

S E N D M O N E Y message (!) 010010000100001101000011001100001110001101000100011000

S E N D M O N E Y

13
Why does it work?
S E N D M O N E Y

message S E N D M O N E Y 010010000100001101000011001100001110001101000100011000
XOR
one-time pad y T 2 5 a 5 i / S 110010010011110110111001011010111001100010111111010010

ciphertext g X 7 6 W 3 v 7 K 100000010111111011111010010110110111101111111011001010

g X 7 6 W 3 v 7 K XOR
one-time pad y T 2 5 a 5 i / S 110010010011110110111001011010111001100010111111010010

message S E N D M O N E Y 010010000100001101000011001100001110001101000100011000

S E N D M O N E Y

Crucial property: Decrypted message is the same as the original message.

Let m be a bit of the message and k be the corresponding bit of the one-time pad.
To prove: (m^k)^k=m Notation: m ^ k is equivalent to XOR(m, k)

m k m^k (m ^ k ) ^ k
Approach 1: Truth tables Approach 2: Boolean algebra (k ^ k) = 0
0 0 0 0
m^0=m
0 1 1 0
(m ^ k) ^ k = m ^ (k ^ k)
1 0 1 1 =m^0
1 1 0 1 ✓ =m ✓ 14
Decryption with the wrong pad
My informant tells
Eve cannot read a message without knowing the pad. me that Alice and
Bob's one-time
pad might be
qwDgbDuav

Eve

g X 7 6 W 3 v 7 K

ciphertext g X 7 6 W 3 v 7 K 100000010111111011111010010110110111101111111011001010
XOR
wrong pad q w D g b D u a v 101010110000000011100000011011000011101110011010101111

q w D g b D u a v
gibberish K n 4 a N 0 B h l 001010100111111000011010001101110100000001100001100101

K n 4 a N 0 B h l

One-time pad is provably secure [Shannon, 1940s] Kn4aN0Bhl ???

• IF each pad is used only once,

• AND the pad bits are random,
• THEN Eve cannot distinguish ciphertext from random bits.
foiled again
15
Eve's problem with one-time pads

Eve has a computer. Why not try all possibilities?

Eve
Problem
pad value message?
• 54 bits, so there are 254 possible pad values.
AAAAAAAAA gX76W3v7K
• Suppose Eve could check a million values per second. AAAAAAAAB gX76W3v7L

• It would still take 570+ years to check all possibilities. AAAAAAAAC gX76W3v7I
...
qwDgbDuav Kn4aN0Bhl
Much worse problem ...

• There are also 254 possible messages. tTtpWk+1E NEWTATTOO

...
• If Eve were to check all the pads, she'd see all the messages.
yT25a5i/S SENDMONEY
• No way to distinguish the real one from any other. ...
////////+ fo7FpIQE0
///////// fo7FpIQE1
One-time pad is provably secure.
16
Pros and cons of one-time pads

Pros:
• Very simple encryption method.
• Decrypt with the same method.
a one-time pad
• Provably unbreakable if bits are truly random.
• Widely used in practice.

cold war hotline

Cons: “I'd like to send you a

secret video (1 GB)”
• Easily breakable if seed is re-used. https:// “ Where are you going to get 8
billion bits for the key? ”
open.oregonstate.education/cryptography/chapter/
chapter-1-one-time-pad/
“No room on my phone for
• Truly random bits are very hard to come by. both the video and the key.”
Alice
• Need separate secure channel to distribute key.
• Pad must be as long as the message. Bob

17
Random bits are not so easy to find
are not so easy to come by
You might look on the internet. The randomness comes from atmospheric noise

“I think I'll call it

random.org”

... if you trust the internet.

Next: Creating a (long) sequence of "pseudo-random" bits from a (short) key.

18
Random bits are not so easy to find

This is the Rule 30 elementary cellular automaton.

• Do the patterns it creates on its right side appear random?
• If you were shown a sequence of bits from the centre column, and didn’t know where the
sequence began, then you wouldn’t be able to determine the next bit.
• but if you did somehow know where the sequence began…
19
 C O M P 10 0 3
COMPUTER SCIENCE
An Introduction

Image sources

https://openclipart.org/detail/25617/astrid-graeber-adult-by-anonymous-25617
https://openclipart.org/detail/169320/girl-head-by-jza
https://openclipart.org/detail/191873/manga-girl---true-svg--by-j4p4n-191873 http://commons.wikimedia.org/
wiki/File:Enigma-Machine.jpg http://pixabay.com/en/binary-one-null-ball-administrator-63530/ http://
commons.wikimedia.org/wiki/File:Jimmy_Carter_Library_and_Museum_99.JPG
A pseudo-random number generator
is a deterministic machine that produces a long sequence of pseudo random bits.

Examples
Enigma.
Linear feedback shift register (next).
Blum-Blum-Shub generator.
...
[ an early application of computing ]
[ research still ongoing ]

“ Anyone who considers arithmetical

methods of producing random
digits is, of course, in a state of sin.

− John von Neumann

21
A pseudo-random number generator
is a deterministic machine that produces a long sequence of pseudo random bits.

Deterministic: Given the current state of the machine, we know the next bit.

An absolute requirement: Alice and Bob need the same sequence.

Random: We never know the next bit.

1000000101111110111110
1001011011011110111111 ???
1011001010
Pseudo-random: The sequence of bits appears to be random.

Ex. 1: No long repeats

Appears to be random?? Ex. 2: About the same number of 0s and 1s
Ex. 3: About the same number of 00s, 01s, 10s, and 11s.
• A profound and elusive concept. ...

• For this lecture: "Has enough properties of a random sequence that Eve can't tell the difference".
22
Which of these sequences appear to be random?

000000000000000000000000000000000000000000000000000000 ✗

010101010101010101010101010101010101010101010101010101 ✗ but # of 0s and 1s

are about equal

but # of 00s 01s 10s

001101100011011000110110011011001101100110110011011000 ✗ and 11s are about equal

010010000100001101000011001100001110001101000100011000 ✗ SENDMONEY

110010010011110110111001011010111001100010111111010010 ✓ key for Alice and Bob

100000010111111011111010010110110111101111111011001010 ✓ ciphertext for SENDMONEY

100000011100010110001000110001100010101001100101100110 ✓ generated by coin flips

100010010110111011111010010110110111101100011011001010 ✗ typed arbitrarily

(no long seqs of 0s or 1s)

Note: Any one of them could be random!

23
Linear feedback shift register

Terminology
• Bit: 0 or 1.
• Cell: storage element that holds one bit.
• Register: sequence of cells.
• Seed: initial sequence of bits.
• Feedback: Compute XOR of two bits and put result at right.
• Shift register: when clock ticks, bits propagate one position to left.

An [11, 9] LFSR 0 1 1 0 1 0 0 0 0 1 0 1
11 10 9 8 7 6 5 4 3 2 1

More terminology
• Tap: Bit positions used for XOR (one must be leftmost). Numbered from right, starting at 1.

• [N, k] LFSR: N-bit register with taps at N and k. Not all values of k give desired effect (stay tuned).
24
Linear feedback shift register simulation

^ History of register contents Time

0 1 1 0 1 0 0 0 0 1 0 1 0 1 1 0 1 0 0 0 0 1 0 0

1 1 0 1 0 0 0 0 1 0 1 1 1 1 0 1 0 0 0 0 1 0 1 1

1 0 1 0 0 0 0 1 0 1 1 0 1 0 1 0 0 0 0 1 0 1 1 2
a pseudo-random
^ bit sequence !

0 1 0 0 0 0 1 0 1 1 0 0 0 1 0 0 0 0 1 0 1 1 0 3

1 0 0 0 0 1 0 1 1 0 0 1 1 0 0 0 0 1 0 1 1 0 0 4

0 0 0 0 1 0 1 1 0 0 1 0 0 0 0 0 1 0 1 1 0 0 1 5
25
A random bit sequence?
Looks random to me. No long repeats.
997 0s, 1003 1s.
Q. Is this a random sequence?
256 00s, 254 01s, 256 10s, 257 11s.
...

one-time pad in our example

11001001001111011011100101101011100110001011111101001000010011010010111100110010011111110111000001010110001000011
101010011010000111100100110011101111111010100000100001000101001010100011000001011110001001001101011011110001101
001101110011110101111001000100111010101110100000101001000100011010101011100000001011000001001110001011101101001
01011001100001111111001100000111111000110000110111100111010011110100111001001110111011101010101010000000000100000
00010100000010001000010101010010000000110100000111001000110111010111010100010100001010001001000101011010100001
1000010011110010111001110010111101110010010101110110000101011100100001011101001001010011011000111101110110010101
01111000000100110000101111100100100011101101011010110001100011101111011010100101100001100111001111110111100001010
01100100011111101011000010001110010101101110000110101100111000111110110110001011011101001101010011110000111001100
1101111111110100000001001000001011010001001100101011111100001000011001010011111000111000110110110111011011010101
1011000001101110001110101101101000110110010111011110010101001110000011101100011010111011100010101011010000001100
1000011111010011000100111110101110001000101101010100110000001111100001100011001111011111100101000011100010011011
01011110110001001011101011001010001111000101100110100111111001110000111101100110010111111110010000001110100001101
0010011100110111011111010101000100000010101000010000010010100010110001010011101000111010010110100110011001111111
11110000000001100000001111000001100110001111111101100000010111000010010110010110011110011111001111000111100110110
01111101111100010100011010001011100101001011100011001011011111001101000111110010110001110011101101111010110100100
0110011010111111100010000011010100011100001011011001001101111011110100101001001100011011111011101000101010010100
0001100010001111010101100100000111101000110010010111110110010001011110101001001000011011010011101100111010111110
100010001001010101011000000001110000001101100001110111001101010111110000010001100010101111010

A. No. It is the output of an [11, 9] LFSR with seed 01101000010! It is pseudo-random

(at least to some observers). 26
Pop quiz on LFSRs

Q. Give first 10 steps of [5, 4] LFSR with initial fill 00001.

27
Answer 28
^

0 0 0 0 1 0
0 0 0 1 0 0
0 0 1 0 0 0
0 1 0 0 0 1
1 0 0 0 1 1
0 0 0 11 0
0 0 11 0 0
0 11 0 0 1
11 0 0 1 0
1 0 0 1 0 1
0 0 1 0 1 0

28
Encryption/decryption with an LFSR
“Use the next seed in the book to
decode this secret video (1 GB)”
Preparation
• Alice creates a book of "random" (short) seeds.
• Alice sends the book to Bob through a secure channel. “ OK (consults book)
01101000010 ”
Alice

Encryption/decryption
• Alice sends Bob a description of which seed to use.
• They use the specified seed to initialize an LFSR and produce N bits.
Bob
[and proceed in the same way as for one-time pads]

message S E N D M O N E Y 010010000100001101000011001100001110001101000100011000
XOR
seed 01101000010 LFSR 110010010011110110111001011010111001100010111111010010

ciphertext g X 7 6 W 3 v 7 K 100000010111111011111010010110110111101111111011001010

g X 7 6 W 3 v 7 K XOR
seed 01101000010 LFSR 110010010011110110111001011010111001100010111111010010

message S E N D M O N E Y 010010000100001101000011001100001110001101000100011000

29
Eve's opportunity with LFSR encryption

Without the seed, Eve cannot read the message.

Eve has computers. Why not try all possible seeds?
• Seeds are short, messages are long.
• All seeds give a tiny fraction of all messages.
• Extremely likely that all but real seed will produce gibberish.
Eve

Good news (for Eve): This approach can work.

• Ex: 11-bit register implies 2047 possibilities.
• Extremely likely that only one of those is not gibberish.
• After this course, you could write a program to check whether any of
the 2047 messages have words in the dictionary.

Bad news (for Eve): It is easy for Alice and Bob to use a much longer LFSR.

30
Key properties of LFSRs

Property 1. ^
• Don’t use all 0s as a seed!
0 0 0 0 0 0 0 0 0 0 0 0
• It will create a fill of all 0s!

31
Key properties of LFSRs

Property 1. ^
• Don’t use all 0s as a seed! Ex. [4,3] LFSR 0 0 1 0 0 0
• It will create a fill of all 0s! 0 1 0 0 1 1
1 0 0 1 1 2

Property 2. Bitstream must eventually cycle. 0 0 1 1 0 3

0 1 1 0 1 4
• 2N − 1 nonzero fills in an N-bit register.
1 1 0 1 0 5
• Future output completely determined by current fill. 1 0 1 0 1 6
0 1 0 1 1 7
1 0 1 1 1 8
0 1 1 1 1 9
1 1 1 1 0 10
1 1 1 0 0 11
1 1 0 0 0 12

1 0 0 0 1 13

0 0 0 1 0 14
0 0 1 0 15
32
Key properties of LFSRs

Property 1. ^
• Don’t use all 0s as a seed! Ex. [4,2] LFSR 0 0 1 0 1 0

• It will create a fill of all 0s! 0 1 0 1 1 1

1 0 1 1 1 2

Property 2. Bitstream must eventually cycle. 0 1 1 1 1 3

1 1 1 1 0 4
• 2N − 1 nonzero fills in an N-bit register.
1 1 1 0 0 5
• Future output completely determined by current fill. 1 1 0 0 0 6
1 0 0 0 1 7
Property 3. Cycle length in an N-bit register is at most 2N − 1. 0 0 0 1 0 8
• Could be smaller; cycle length depends on tap positions. 0 0 1 0

• Need theory of finite groups to know good tap positions.

33
Key properties of LFSRs

Property 1.
• Don’t use all 0s as a seed!
• Fill of all 0s will not otherwise occur.
11, 9
Property 2. Bitstream must eventually cycle.
• 2N − 1 nonzero fills in an N-bit register.
63, 62
• Future output completely determined by current fill.

Property 3. Cycle length in an N-bit register is at most 2N − 1.

• Could be smaller; cycle length depends on tap positions.
• Need theory of finite groups to know good tap positions.

Bottom line. XILINX manual, 1990s

• [11, 9] register generates 2047 bits before repeating.

• [63, 62] register generates 263 -1 bits before repeating. Definitely preferable: small cost, huge payoff.

34
Eve's problem with LFSR encryption
gX76W3v7K ???

Without the seed, Eve cannot read the message.

Eve

Exponential growth dwarfs

technological improvements [stay
Eve has computers. Why not try all possible seeds? tuned]
• Seeds are short, messages are long.
• All seeds give a tiny fraction of all messages.
• Extremely likely that all but real seed will produce gibberish.

Bad news (for Eve): There are still way too many possibilities.
• Ex: 63-bit register implies 263 − 1 possibilities.
NOT ENOUGH COMPUTERS
• If Eve could check 1 million seeds per second,
it would take her 2923 centuries to try them all!

Bad news (for Alice and Bob): LFSR output is not random.
experts have cracked LFSRs
35
Pros and cons of LFSRs

Pros:
• Very simple encryption method.
• Decrypt with the same method.
• Scalable: 20 cells for 1 million bits; 30 cells for 1 billion bits. a commercially available LFSR

• Widely used in practice. [Example: military cryptosystems.]

/* efdtt.c Author: Charles M. Hannum <[email protected]> */

/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
Cons:
#define m(i)(x[i]^s[i+84])<<
• Easily breakable if seed is re-used. unsigned char x[5] ,y,s[2048];main(
n){for( read(0,x,5 );read(0,s ,n=2048
• Still need secure key distribution. [y=s
); write(1 ,s,n)
[13]%8+20] /16%4 ==1
)if(s
){int
i=m( 1)17 ^256 +m(0) 8,k =m(2)
• Experts can crack LFSR encryption. 0,j=
^8,a
m(4)
=0,c
17^ m(3)
=26;for
9^k*
(s[y]
2-k%8
-=16;
--c;j *=2)a= a*2^i& 1,i=i /2^j&1
<<24;for(j= 127; ++j<n;c=c>
y)
c

+=y=i^i/8^i>>4^i>>12,
Example. i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a
>>8^y<<9,k=s[j],k ="7Wo~'G_\216"[k
&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/
• CSS encryption widely used for DVDs. 8,s[j]=k^(k&k*2&34)*6^c+~y
;}}

• Widely available DeCSS breaks it! DeCSS DVD decryption code

36
 C O M P 10 0 3
COMPUTER SCIENCE
An Introduction

Image sources

http://pixabay.com/en/ball-http-www-crash-administrator-216837/

http://commons.wikimedia.org/wiki/File:KnuthAtOpenContentAlliance.jpg

http://commons.wikimedia.org/wiki/File:Einstein-formal_portrait-35.jpg
LFSRs and general-purpose computers

component LFSR computer

control start, stop, load same

LFSR clock same

computer memory 12 bits billions of bits

input 12 bits bit sequence

Important similarities.
• Both are built from simple components. computation shift, XOR + − * / ...
• Both scale to handle huge problems.
pseudo-random bit any computable bit
output
• Both require careful study to use effectively. sequence sequence

Critical differences: Operations, input. but the simplest computers differ only slightly from LFSRs!

• General purpose computer can simulate any abstract machine.

• All general purpose computers have equivalent power ( ! ) [stay tuned].
38
A Profound Idea

Programming. We can write a Python program to simulate the operation of any meaningful abstract
machine.
• Basis for theoretical understanding of computation.
• Basis for bootstrapping real machines into existence.
Stay tuned (we cover these sorts of issues later in this course).

def LFSR(register, randomLength):

#tap at "n" and "n-2"
#len(register) > 2
#return pseudorandom bit string of length randomLength
toReturn = "" 0
for j in range(randomLength):
if register[0] == register[2]: toReturn += "0"
else:
toReturn += "1"
register = register[1:] >>> LFSR("01101000010", 5)
register.append(toReturn[-1]) '11001'
return toReturn >>>

39
Profound questions

Q. What is a random number?

LFSRs do not produce random numbers.

• They are deterministic. von Neumann's "state of sin": we know that "deterministic" is incompatible with "random"

• It is not obvious how to distinguish the bits LFSRs produce from random,
• BUT experts have figured out how to do so.

Q. Are random processes found in nature?

• Motion of cosmic rays or subatomic particles?
• Mutations in DNA?

Q. Is the natural world a (not-so-simple) deterministic machine??

“ God does not play dice. ”

− Albert Einstein 40
 C O M P 10 0 3
COMPUTER SCIENCE
An Introduction

Image sources

http://pixabay.com/en/ball-http-www-crash-administrator-216837/

http://commons.wikimedia.org/wiki/File:KnuthAtOpenContentAlliance.jpg

http://pixabay.com/en/galaxy-space-universe-all-11098/

http://commons.wikimedia.org/wiki/File:Einstein-formal_portrait-35.jpg
A final thought: Randomness and Chaos

A sequence is random if:

• the value of any item in the sequence is independent of any other values in the sequence

A sequence is chaotic if:

• the values in the sequence seem to have no discernible pattern
• almost looks like random
• yet to the naked eye, it seems it has some type of structure
• the value of any item is dependent on other values in the sequence

So do sources of chaos make good pseudo-random number generators?

• it’s an open question
• chaotic maps have been used to create pseudo-random bit sequences
• for wider reading, see the research paper Pseudorandom Bits Generated by Chaotic Maps in the
course shell’s resources section
42
Reading and References

These Slides
• principally based on slides by Robert Sedgewick and Kevin Wayne
Recommended Reading
• same as before:
• online booksite (Python version) chapters 1, 2 and 3
• make sure that you are familiar and comfortable with the basics of using functions and classes
Wider reading:
• if cryptography interests you, then Simon Singh’s The Code Book is a great read
Activity:
• code, code code!
• in particular, practice working with lists in Python, including how to:
add and remove elements
find elements
concatenate two lists
43