[Cryptography] Whitening Algorithm

EddyHawk quarsicon at yahoo.com
Fri Jul 24 03:05:17 EDT 2015

 Krisztián Pintér <pinterkr at gmail.com> wrote:

Rob Seward (at Thursday, July 23, 2015, 4:50:03 AM):
> I’m trying to whiten a random noise source (a reverse biased
> transistor) with a low-powered microprocessor.

use a small cryptographic sponge in duplex mode, for example
keccak[200, r=8] reduced to 6 rounds. this sponge instance has 96 bit
security, and requires only 25 bytes of memory. this is a very safe
solution, although of course a magnitude slower than yours, and also
needs a fair bit of code.
Be warned though before treating keccak the same
as any other prng:
I notice that attempting naive multiple feedbacks to keccak 
(as prng or some sort of ksa) will not improve its security
as one may hoped for, but may even reduce it, because
next input = current output, and then next input will be xor-ed
to current output
= zero-ed io state.
io state thus does not contribute to capacity state and
 instead the capacity state is 'drained' to regenerate io state
again, all without generating actual output. in this case, it would better to just perform multiple 'squeeze' immediately without extracting the output.

More information about the cryptography mailing list