[Cryptography] Whitening Algorithm
Mark Steward
marksteward at gmail.com
Sat Jul 25 16:00:51 EDT 2015
On 24 Jul 2015 20:54, "Bill Cox" <waywardgeek at gmail.com> wrote:
>
> On Fri, Jul 24, 2015 at 6:22 AM, Albert Lunde <atlunde at panix.com> wrote:
>>
>> On 7/22/2015 9:50 PM, Rob Seward wrote:
>>>
>>> Hi,
>>> I’m trying to whiten a random noise source (a reverse biased transistor)
>>> with a low-powered microprocessor.
>>
>>
>> The Turbid paper has a section: "'Whitening' Considered Unhelpful":
>>
>> http://www.av8n.com/turbid/paper/turbid.htm#sec-whitening
>
>
> I consider this paper some of the best work in TRNGs ever. This paper
has had a more important impact than tthe Turbid code, IMO. However, this
particular section just quibbles about semantics of the words "hash
function" and "whitener". Turbid uses a "hash function" on the output,
and stubbornly refuses to call this a whitener.
>
I don't quite get this concern. As I understand it, a whitener is a
signal-processing function, with the sole purpose of ensuring that an
output signal isn't repetitive. The idea of a whitener being "insecure",
mentioned in the original post, is meaningless, as it's outside its scope.
The only bias that's relevant to a whitener is DC bias.
So cryptographic hashes and CSPRNGs are both whiteners and
cryptographically secure, but the reverse is not true. And a whitener
needn't compress if entropy is low.
Is there some convention of terminology I've missed, or is whitening the
wrong word here?
Thanks,
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150725/24b81069/attachment.html>
More information about the cryptography
mailing list