Various Random things (Was: Java 8 RFC 7189139: BigInteger's staticRandom field can be a source of bottlenecks)

Paul Sandoz paul.sandoz at oracle.com
Tue Sep 3 08:21:25 UTC 2013


On Sep 3, 2013, at 7:14 AM, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
> Bill also wrote in that email:
> 
> > add the following method to BigInteger
> > public boolean isProbablePrime(int certainty, Random end) ,
> > which allows primality testing with arbitrary Random objects.
> > In many cases, using a well seeded normal Random object will work
> > just fine, and this will give users the ability to provide their own
> > Random objects
> 
> This sounds like a very good solution to me.  That way someone can decide whether they want to take the hit with SecureRandom, or if Random is good enough.
> 

Yes.


> Paul Sandoz wrote:
> 
> > I don't know about the PRNG requirements for Miller-Rabin but the
> > changes to TLR in review might be a possible substitute for SR in
> > this case, since TLR will be updated to use the same PRNG algorithm
> > as SplittableRandom, which passes DieHarder tests.  Otherwise, i
> > think we may just be stuck with SR.
> 
> In my brief read of the Miller-Rabin tests, it just selects several random values to use for guessing whether another number selected by a different random number generator is prime or not.  Given initial seed values (i.e. one not set via new Random(seed) constructor), manipulating the Random implementation to ensure a steady stream of strong liars seems rather difficult.
> 
> In addition we run a secondary test which reduces that attack surface (LucasLehmer).
> 
> So offhand, I wouldn't commit to saying if SecureRandom is necessary or not, but it wouldn't surprise me.
> 

My intuition is that the new algorithm for TLR might be sufficient as input to this Monte-Carlo algorithm, but i don't have any hard empirical data.


> Paul Sandoz wrote:
> 
> > Perhaps it would also allow us to deprecate Random in a future JDK?
> 
> SecureRandom is a subclass of Random, so I'm wondering how it will be perceived to have the "secure" version based on a deprecated base class.

Yeah there is a PR thing that would have to be managed :-) 

Paul.

>  I know the underlying implementations are *COMPLETELY* different, but I've been working with this code for a while now.
> 




More information about the core-libs-dev mailing list