So, I have come up with a way of combining entropy from two or more different sources that, in theory, is as secure as the most secure unknown source to attackers and as high of entropy as the highest entropy unknown source to attackers. To the average attacker who knows neither entropy source, this is as secure as the most secure source and as high entropy as the highest entropy source.
The purpose of this originated from my desire to get as close to true random numbers in private key generation. The closest thing to a publically available source of true random numbers is HotBits (tested to be 7.998742 bits of entropy per Byte). The problem is that the data from HotBits comes from a central server and therefore, if ever compromised, would lead to leaked private keys if it were to be used for generating private keys by itself.
The idea was to combined the data from HotBits with an offline generated source of entropy (possibly human generated) without losing any level of entropy from HotBits. To do this, I came up with what I call a "Full One Time Pad with Method Switching". It works like this, rather than XORing two entropy sources (which statistically leaves an attacker that knows one entropy source with half of the private key and the final private key with about half ones and half zeros), it takes them and turns them into signed decimal numbers. Then there is an extra bit from each source. These extra bits are XORed together; if the result is a one, the entropy source decimals are added together and if not, they are subtracted from one another. Then, if the result is greater than the max possible number for signed numbers of that size, it flips to the minimum number for signed numbers of that size, and vice versa.
Anyone know any good java software for entropy testing? I can make the program to import the entropy from HotBits then use java's random class to make local entropy then combined them using this method in about 30 minutes but I don't know how to test the entropy levels. Anyone have any ideas?
Will use FourmiLab's ENT program if I can figure out how to use it.
Tested it with ENT and got more bits per Byte in the output than I got for either of the inputs! It works!
Tested it with ENT and got more bits per Byte in the output than I got for either of the inputs! It works!
How long was the test sequence?
Did you make multiple tests?
Tested it with ENT and got more bits per Byte in the output than I got for either of the inputs! It works!
How long was the test sequence?
Did you make multiple tests?
Tested it on 1,728 sequences of 256 bits each. I outputed them all into a single binary file and tested that.