1

I am trying to generate a random BigInteger in Java, but I need to generate the same value when using the same seed for the secure random:

BigInteger P = new BigInteger(1024,1,new SecureRandom(SEED));

Strangely the above line of code generate a different value even if the SEED value is the same, what is going wrong?

ammcom
  • 992
  • 1
  • 7
  • 24
  • 2
    'random' - 'must be the same' ... – Stultuske Apr 19 '16 at 13:03
  • For some information about how SecureRandom works, check another question at http://stackoverflow.com/questions/11051205/difference-between-java-util-random-and-java-security-securerandom – Sebastiaan van den Broek Apr 19 '16 at 13:05
  • 1
    @Stultuske that's not as weird as it sounds and there are plenty of use-cases for not needing another random sequence if the same seed is provided. Apparently there are also use-cases for actually needing the same sequence, even if the sequence itself consists of (pseudo)-random numbers. – Sebastiaan van den Broek Apr 19 '16 at 13:07
  • @SebastiaanvandenBroek I'm not saying it's weird, I'm merely pointing out that as soon as there are 'rules', the number is no longer random. – Stultuske Apr 19 '16 at 13:09
  • 1
    @Stultuske I think the distinction to be made here is that the numbers in that sequence are still random for/within that specific sequence and that's the kind of randomness the OP needs. That the sequence itself will be the same seems to be desired behavior. – Sebastiaan van den Broek Apr 19 '16 at 13:13
  • If SecureRandom generates different value for the same seed, can someone explain what the seed is intended for? – ammcom Apr 19 '16 at 13:17
  • @ammcom For additional randomness. – Kayaman Apr 19 '16 at 13:17
  • I replaced the SecureRandom as follows: BigInteger P = new BigInteger(1024,1,new Random(SEED)); but it is still generating a different number, it seems it is something in BigInteger Class – ammcom Apr 19 '16 at 13:52

2 Answers2

4

If you want your randomness to be deterministic, don't use SecureRandom. Its whole point is to provide a better and more secure source of randomness than the regular Random which provides you with pseudo-random values with a deterministic algorithm, allowing (and forcing) you to always get the same values with the same seed.

The difference with SecureRandom is that for one it's not dependent on a single algorithm, but uses the SPI mechanism to allow implementations to generate randomness from all kinds of different sources.

Kayaman
  • 72,141
  • 5
  • 83
  • 121
  • I need to use SecureRandom because of Implementation issue, I subclass SecureRandom and override `getBytes` method but ending with the same result of not generating the same value of BigInteger – ammcom Apr 19 '16 at 13:12
  • 1
    Why? Your code snippet doesn't rely on `SecureRandom`. In fact you've just explained that it doesn't work *because* of `SecureRandom`. – Kayaman Apr 19 '16 at 13:16
  • It is not correct I replaced the SecureRandom as follows: BigInteger P = new BigInteger(1024,1,new Random(SEED)); but it is still generating a different number, it seems it is something in BigInteger Class – ammcom Apr 19 '16 at 13:51
  • @ammcom I can't reproduce that on my end. Given the same seed (in my case 1024) I get 2 equal `BigIntegers` when using regular `Random`. I'm on Oracle Java 8 on Linux. Ah, it's an android specific issue. – Kayaman Apr 20 '16 at 06:36
1

Actually I figured it out, I am developing an Android Application and the implementation of BigInteger class in Android seems to be different, in Android the documentation says that the constructor will ignore the specified Random object if the bit length is greater than 16 and will use OpenSSL BN_generate_prime_ex as a source for random numbers Edit: Because someone may get use of this, I have implemented a new big integer class that has the same code as the java SE version, and figure out that it is a performance issue that made the android Sdk creators to change the implementation of this very class as my class ran very slow that it is not applicable in a real application, we should find some C++ implementation and use the NDK

ammcom
  • 992
  • 1
  • 7
  • 24
  • The doc being referenced: https://developer.android.com/reference/java/math/BigInteger.html#BigInteger(int, int, java.util.Random) – Vivek Chavda Sep 22 '16 at 17:25