Support for RDRAND

[simsong]

It appears that this project uses openssl/rand.h as its randomness source. Unfortunately, openssl's random number generator is frequently not sufficient for providing privacy protection many statistics. In our analysis, we have found that the only secure way to get private random numbers is to call the RDRAND instruction directly, or to use a pluggable random number generator that supports RDRAND.

You can read more about the issue of OpenSSL and RDRAND here.

So it would be useful if you could support RDRAN directly.

ps: I just discovered this project. Congrats on putting it out!

[dasmdasm]

The source you linked doesn't appear to cover weaknesses in RAND_bytes, just that it no longer uses RDRAND. Can you cite any sources for the fact that "openssl's random number generator is frequently not sufficient for providing privacy protection many statistics"?

[simsong]

I cannot. The problem is that differential privacy requires true random numbers, not pseudorandomnumbers. That's because DP assumes a computationally unbounded adversary. If you cannot assure that the randomness is not truly random, then the randomness fails the DP requirement.

The DP literature is quite poor in its consideration of randomness sources.

[simsong]

We are working on an article about issues we've had with randomness. Email me if you would like to get a draft.