IETF Logo Mail Archive

Re: [Eligibility-discuss] On 3797 alternatives

Michael StJohns <msj@nthpermutation.com> Thu, 01 June 2023 15:43 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: eligibility-discuss@ietfa.amsl.com
Delivered-To: eligibility-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351D0C151B2C for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:43:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gT7vvs92dBAt for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:43:02 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77D81C15107A for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:42:03 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-6261367d2f1so9025516d6.3 for <eligibility-discuss@ietfa.amsl.com>; Thu, 01 Jun 2023 08:42:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20221208.gappssmtp.com; s=20221208; t=1685634122; x=1688226122; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=o/OzYPitNRoV1/Xf04M+F6/LnCc1yawvmUg/lwdidGA=; b=28MHP+CbEEaLiQO17NoSEtnkv6X/hc9hdgLOk35SQvEMCo2uueUOvlTXzxaor6zVEE k5ieEU5kpS3U88Md558m+XcmCUXgIG4pwALKCFGgAJ3tu3LEQ1J5nrdGDf2mkXuKHsy3 yKdauOgqJ/zLjAQvmh/kqygA2vIaCqA6DusRdDbzzRJGpnn3yGt7A93Nt+X4HdOiqQpl nWf5lLQrPUo3JNRK+6DkAbDZeM2I2lXuMG8euoJzkyPe1xQokAku+ei6WLK6BDEjA9wK lZM40XFB7KbyVSUuzc8bMtnI1o2ZyYjUn9buS/1sbIid5rVpV20bVJZ6s++krnbaBBHq W85w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685634122; x=1688226122; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=o/OzYPitNRoV1/Xf04M+F6/LnCc1yawvmUg/lwdidGA=; b=UbBIPJ8gcot0q/p7HMfy6pkTK1SpwzedNvVuUU9Te/YiRa+qX+P5PTXAmQRD5G0JId oSZbuNptY36Q3tG/tEAtDNLR/1zOAgnwpGPIcdF2vh9jC6p8BxcYH7xUTCjENSvW+TKg VDFbxk+C0ttNPMJlwMFPSYOHT8q2tlRwDn9FBFOxRPBNOYTpYiKAwIFiVDBxg+2F8h14 rngIVI/etv93weUiSg4/lQclQ0OlhrEUUdiKn4fp5Nsx679TaPygGLfkgIH2YeWugyJY up6YibBiVR1xCYh8Bz7pkXJG4gAbnA++WePN9+HONLB2WpsmPzXs7QioFb+HOIFVAdQn FuAg==
X-Gm-Message-State: AC+VfDyaVI9zwHqgNlzFm9TpqpQw4WRn6X/aaHpEHceBcufSwPlNB+aU KS1NxR3F15eqPHwNXF+lFHtsTA==
X-Google-Smtp-Source: ACHHUZ5js4W3GJDd4AoVSCb/L+g/745C2LBik3L9++9AAgfGlquxMBDSY/awRCrQQgTgThAINjjNPw==
X-Received: by 2002:a05:6214:29ec:b0:621:41c:75a7 with SMTP id jv12-20020a05621429ec00b00621041c75a7mr9859673qvb.30.1685634121984; Thu, 01 Jun 2023 08:42:01 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id ec13-20020ad44e6d000000b006261e6a88c7sm5024058qvb.36.2023.06.01.08.42.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Jun 2023 08:42:01 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------Yzz0YVMfS72rM0hTQMSDb7UR"
Message-ID: <416a8625-1c05-54eb-c90a-fb88c3aa01dc@nthpermutation.com>
Date: Thu, 01 Jun 2023 11:42:00 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
From: Michael StJohns <msj@nthpermutation.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Donald Eastlake <d3e3e3@gmail.com>, eligibility-discuss@ietfa.amsl.com
References: <CAChr6Szvewhk0_z5DVqTJ37qR6eHxBw0Am2MnycxsS=a9x_bzw@mail.gmail.com> <4b2070b2-21e7-4887-b9a2-1049b930d0be@betaapp.fastmail.com> <CAChr6SyLNfEHxSCaj+w_j4Zzxf0vLudqzfpsGO7kDd1jO1AFLg@mail.gmail.com> <CAF4+nEGAsAvD4Vzy7BVOKVE+5wnGspP+QC+_bYKEWfYihVYdsA@mail.gmail.com> <CAChr6Swg5An=n9gAo1dYA=U_DY-Qd5h48Aq6Wqhf=QUae9pB7Q@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAChr6Swg5An=n9gAo1dYA=U_DY-Qd5h48Aq6Wqhf=QUae9pB7Q@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/eligibility-discuss/yrV5YvRgqBRVAT2vdf6Gy_AR18g>
Subject: Re: [Eligibility-discuss] On 3797 alternatives
X-BeenThere: eligibility-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF eligibility procedures <eligibility-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eligibility-discuss/>
List-Post: <mailto:eligibility-discuss@ietf.org>
List-Help: <mailto:eligibility-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2023 15:43:06 -0000

Hi -

Verifiably random is somewhat of an oxymoron.   We can do statistical 
measurements of data streams, and come to conclusions about how close 
they meet a given criteria, but that’s a far cry from verifiable.  We 
can, using similar models usually prove a source to be non random even 
if we can’t label it as predictable, but the opposite is harder.

What I think we want is/are sources that meet some set of statistical 
tests for randomness and that are shown to be resistant to externally 
applied bias/interference.   The former is pretty simple - take the 
output and run it through the tests.

The latter is more about "trustworthiness" than "verifiable 
randomness".   WRT to the sources used to seed the last dozen or so 
selections, we assume the trustworthiness because of the nature of the 
sources and the fact that we combine a number of those sources, but I'd 
be hard pressed to say that any single given source is "verifiably 
random" in either meeting statistical tests or resistance to externally 
applied bias.

That said, the current model is probably good enough if we're willing to 
wait a few days for each result.

Moving on to drand and it's ilk. It should be pretty easy to show they 
meet the statistical tests. The sole question really to be answered is 
whether the source is trustworthy and resistant to being biased.  Given 
that drand is a co-generated random bit stream, I'd say that answer 
could be readily ascertained by anyone who wanted to look a bit.  Some 
of the other public sources might be a bit harder to verify.


Later, Mike


On Wed, May 31, 2023 at 18:01 Rob Sayre <sayrer@gmail.com> wrote:



    On Wed, May 31, 2023 at 2:31 PM Donald Eastlake <d3e3e3@gmail.com>
    wrote:

        On Wed, May 31, 2023 at 2:43 PM Rob Sayre <sayrer@gmail.com> wrote:
         >
         > I'm not really here to sell drand, but it does meet the
        requirements on paper: "the source is announced before the
        ceremony starts...".

        No, in my opinion it does not. The title of the document starts with
        "Publicly Verifiable ...". Perhaps I should change the name to
        "Publicly Persuasive...". Would a member of the public believe drand
        is as honest as a major government run lottery? I think not.


    I'm not sure what "publically persuasive" would mean. I don't really
    see why a "major government run lottery" would be more believable
    here, but it's of course totally subjective.


         > Presumably you'd pick a drand iteration number from the
        future, and use that. The draft is a little confusing in using
        stock tickers, because "Section 3.1: Sources of Randomness" of
        RFC3797* says not to do that...

        And that section gives specific reasons why not.


    Yes.


         > While I agree that entropy "sources exist", the debate here
        is guidance on picking a verifiable one.

        I think it needs to be not just mechanically verifiable but also
        persuasively random.


    Yeah, it can be taken pretty far, even aside from quantum computing:
    https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/

    The penultimate section is my favorite:

    Do all Cloudflare offices have the lava lamp wall?
    ---
    The other two main Cloudflare offices are in London and Singapore,
    and each office has its own method for generating random data from
    real-world inputs. London takes photos of a double-pendulum system
    mounted in the office (a pendulum connected to a pendulum, the
    movements of which are mathematically unpredictable). The Singapore
    office measures the radioactive decay of a pellet of uranium (a
    small enough amount to be harmless).

    At the bottom there, you get "LavaRand"*, which covers "Randomness
    Mixing". I don't think the IETF really needs to purchase a
    double-pendulum for this task, though. This stuff is persuasively
    random, but not verifiable.

    thanks,
    Rob

    *
    https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/
    -- 
    Eligibility-discuss mailing list
    Eligibility-discuss@ietf.org
    https://www.ietf.org/mailman/listinfo/eligibility-discuss

v2.23.0 | Report a Bug | By Email