Commit 4687a2a6 authored by Stephane Glondu's avatar Stephane Glondu

Fix bias in random sampling

parent c7d3ee59
......@@ -180,6 +180,12 @@ module SMap = Map.Make(String)
(** Direct random monad *)
let bytes_to_sample q =
(* we take 128 additional bits of random before the mod q, so that
the statistical distance with a uniform distribution in [0,q[ is
negligible *)
Z.bit_length q / 8 + 17
module DirectRandom = struct
type 'a t = 'a
let return x = x
......@@ -189,7 +195,7 @@ module DirectRandom = struct
let prng = lazy (pseudo_rng (random_string secure_rng 16))
let random q =
let size = Z.bit_length q / 8 + 1 in
let size = bytes_to_sample q in
let r = random_string (Lazy.force prng) size in
Z.(of_bits r mod q)
end
......@@ -58,4 +58,6 @@ val compare_b64 : string -> string -> int
module SMap : Map.S with type key = string
val bytes_to_sample : Platform.Z.t -> int
module DirectRandom : RANDOM with type 'a t = 'a
......@@ -39,7 +39,7 @@ module LwtRandom = struct
let prng = lazy (pseudo_rng (random_string secure_rng 16))
let random q =
let size = Z.bit_length q / 8 + 1 in
let size = bytes_to_sample q in
let%lwt rng = Lwt_preemptive.detach Lazy.force prng in
let r = random_string rng size in
return Z.(of_bits r mod q)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment