[Cryptography] Whitening Algorithm

Mark Steward marksteward at gmail.com
Sat Jul 25 16:00:51 EDT 2015

On 24 Jul 2015 20:54, "Bill Cox" <waywardgeek at gmail.com> wrote:
> On Fri, Jul 24, 2015 at 6:22 AM, Albert Lunde <atlunde at panix.com> wrote:
>> On 7/22/2015 9:50 PM, Rob Seward wrote:
>>> Hi,
>>> I’m trying to whiten a random noise source (a reverse biased transistor)
>>> with a low-powered microprocessor.
>> The Turbid paper has a section:  "'Whitening' Considered Unhelpful":
>> http://www.av8n.com/turbid/paper/turbid.htm#sec-whitening
> I consider this paper some of the best work in TRNGs ever.  This paper
has had a more important impact than tthe Turbid code, IMO.  However, this
particular section just quibbles about semantics of the words "hash
function" and "whitener".   Turbid uses a "hash function" on the output,
and stubbornly refuses to call this a whitener.

I don't quite get this concern. As I understand it, a whitener is a
signal-processing function, with the sole purpose of ensuring that an
output signal isn't repetitive. The idea of a whitener being "insecure",
mentioned in the original post, is meaningless, as it's outside its scope.
The only bias that's relevant to a whitener is DC bias.

So cryptographic hashes and CSPRNGs are both whiteners and
cryptographically secure, but the reverse is not true. And a whitener
needn't compress if entropy is low.

Is there some convention of terminology I've missed, or is whitening the
wrong word here?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150725/24b81069/attachment.html>

More information about the cryptography mailing list