Am Dienstag, 15. August 2017, 17:12:24 CEST schrieb Theodore Ts'o: Hi Theodore,
> > Stephan, if you have any comments on the proposal made by David > Fontaine and Olivier Vivolo, I'd appreciate hearing them! I think I have some news: The magma code I used for GF(2^32) testing was not correct. The corrected magma code is attached (thanks to Dr. Peter Birkner, BSI, who helped me here). That magma code shows: - the current polynomials for Q(X) = α**3 (P(X) − 1) + 1 are irreducible but not primitive over GF(2^32) - the polynomials suggested in https://eprint.iacr.org/2017/726.pdf Q(X) = α**4 (P(X) − 1) + 1 are both, irreducible and primitive over GF(2^32) The use of GF(2^32) is important, because we apply the LFSR to a 32 bit word. Hence, we have 2^32 permutations the LFSR should evenly cover. Bottom line, I would recommend that random.c is patched to take the polynomials suggested in https://eprint.iacr.org/2017/726.pdf. If it is of any help, the attached magma code could be preserved somewhere useful (in random.c?) Ciao Stephan
LFSR_polynomials eprint 251.mag
Description: application/wine-extension-mag
