You describe ZOSCII as having "information-theoretic security" and say "random enough" is sufficient for address selection. I want to make sure I understand the claim correctly.
Shannon's secrecy theorem (1949) proves that information-theoretic security requires the key entropy to be ≥ the message entropy, and the key must not be reused. In ZOSCII, the "randomness" comes from the PRNG selecting among candidate addresses. If the PRNG is seeded with time(NULL) (32 bits of entropy at best), then the total entropy of the encoding process is bounded by that seed — regardless of the ROM size or the number of candidate addresses.
Concretely: if I know the ROM and I know the seed, I can reproduce every address selection deterministically. That's 86,400 possibilities per day, not 10^91,619.
Is the claim that ZOSCII achieves information-theoretic security given a perfect random source, or that it achieves it with the current PRNG implementations? That distinction matters because they're very different claims. The first could be defensible; the second seems to contradict Shannon's requirements.
You describe ZOSCII as having "information-theoretic security" and say "random enough" is sufficient for address selection. I want to make sure I understand the claim correctly.
Shannon's secrecy theorem (1949) proves that information-theoretic security requires the key entropy to be ≥ the message entropy, and the key must not be reused. In ZOSCII, the "randomness" comes from the PRNG selecting among candidate addresses. If the PRNG is seeded with
time(NULL)(32 bits of entropy at best), then the total entropy of the encoding process is bounded by that seed — regardless of the ROM size or the number of candidate addresses.Concretely: if I know the ROM and I know the seed, I can reproduce every address selection deterministically. That's 86,400 possibilities per day, not 10^91,619.
Is the claim that ZOSCII achieves information-theoretic security given a perfect random source, or that it achieves it with the current PRNG implementations? That distinction matters because they're very different claims. The first could be defensible; the second seems to contradict Shannon's requirements.