[tsvwg] Benjamin Kaduk's No Objection on draft-ietf-tsvwg-tinymt32-03: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 29 May 2019 04:35 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tsvwg@ietf.org
Delivered-To: tsvwg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AC67E120019; Tue, 28 May 2019 21:35:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tsvwg-tinymt32@ietf.org, Wesley Eddy <wes@mti-systems.com>, tsvwg-chairs@ietf.org, wes@mti-systems.com, tsvwg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.97.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <155910453869.25689.218037844632567036.idtracker@ietfa.amsl.com>
Date: Tue, 28 May 2019 21:35:38 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/BUitWTkf2FAZSFxyMR1LsGEwlCw>
Subject: [tsvwg] Benjamin Kaduk's No Objection on draft-ietf-tsvwg-tinymt32-03: (with COMMENT)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 04:35:39 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-tsvwg-tinymt32-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tsvwg-tinymt32/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- In Section 3.1: o the original copyright and licence have been removed, in accordance with BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info); The original copyright holder's permission is needed to do this! Perhaps it is appropriate to note that the original authors are now listed as authors on this document. Please also specify what language the code in Section 3.1 is written in, including reference (so as to specify which version of C it is to be intepreted as). I agree with the secdir reviewer and Mirja that some more references would be good. Section-by-section comments follow. Abstract while keeping a reasonably good randomness. please add the "non-cryptographic" qualifier. Section 1 According to statistical tests (BigCrush in TestU01 and AdaptiveCrush), the quality of the outputs of TinyMT seems pretty good in terms of randomnes (in particular the uniformity of generated numbers), taking the small size of the internal state into consideration (see [TinyMT-web]). [...] I'd suggest rewording as "The outputs of TinyMT satisfy several statistical tests for (non-cryptographic) randomness, including BigCrush in TestU01 and AdaptiveCrush), leaving it well-placed for non-cryptographic usage, especially given the small size of its internal state." or similar. (This avoids the "pretty good" construct and moves the emphasis from the tests to the usability of the algorithm.) Section 3.1 o mat1 = 0x8f7011ee = 2406486510 o mat2 = 0xfc78ff1f = 4235788063 o tmat = 0x3793fdff = 932445695 side note: these first two have the MSB set, and thus when the decimal form of the constant is used in C code, the implicit type will be a signed integer type of width strictly greater than 32, as opposed to an unsigned integer type (which would presumably have width 32 bits on most modern sytsems). for (int i = 1; i < MIN_LOOP; i++) { s->status[i & 3] ^= i + UINT32_C(1812433253) * (s->status[(i - 1) & 3] ^ (s->status[(i - 1) & 3] >> 30)); side note: I note that the UINT32_C macro produces a result of type uint_least32_t, which in theory could be wider and of greater conversion rank than uint32_t. This would result in the intermediate calculations being done in a type other than uint32_t, though for the specific calculation here this should not cause any difference in the final output after truncation to 32 bits. Section 3.2 This PRNG MUST first be initialized with the following function: void tinymt32_init (tinymt32_t * s, uint32_t seed); nit: the pointer declaration style here was missed in the style pass done in a recent revision. It takes as input a 32-bit unsigned integer used as a seed (note that value 0 is authorized by TinyMT32). [...] nit: perhaps "permitted" is a better word than "authorized", which can have some different connotations to IETF readers. The use of this structure authorizes several instances of this PRNG to be used in parallel, each of them having its own instance of the structure. nit: here, "admits" is a better replacement for "authorizes" (but "permits" would be fine, too). Section 3.3 Consequently, any implementation of the TinyMT32 PRNG in line with this specification MUST comply with the following criteria. Using a seed value of 1, the first 50 values returned by tinymt32_generate_uint32(s) as 32-bit unsigned integers MUST be equal to values provided in Figure 2. [...] I don't think it's appropriate to attempt to use "agreement with these test vectors" as a compliance mechanism (i.e., normative "MUST") -- the normative requirement must surely be to have the same observable behavior as the algorithm specified in the C code of Section 3.1. These vectors are just test vectors to give an implementor some confidence that they agree with the reference behavior. (You also need to say whether I read rows first or columns first in the Figure's contents.)
- [tsvwg] Benjamin Kaduk's No Objection on draft-ie… Benjamin Kaduk via Datatracker