[Cryptography] Whitening Algorithm

Sebastian Gesemann s.gesemann at gmail.com
Fri Jul 24 08:04:57 EDT 2015

On Fri, Jul 24, 2015 at 3:20 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> On Thu, Jul 23, 2015 at 2:48 PM, Krisztián Pintér wrote:
>> use a small cryptographic sponge in duplex mode, for example
>> keccak[200, r=8] reduced to 6 rounds. this sponge instance has 96 bit
>> security, and requires only 25 bytes of memory. this is a very safe
>> solution, although of course a magnitude slower than yours, and also
>> needs a fair bit of code.
> Not a bad solution.  I use 1600-bit Keccak to whiten the output of my
> Infinite Noise TRNG.  Works great :-)
> Bill

Ok, 1600 = b = r + c. What's your choice of r and c for rate and
capacity? What's a typical entropy estimate for your input bits? And
do you use the full 24 rounds of Keccak-F[1600]?


More information about the cryptography mailing list