[Cryptography] Whitening Algorithm
marksteward at gmail.com
Sat Jul 25 16:00:51 EDT 2015
On 24 Jul 2015 20:54, "Bill Cox" <waywardgeek at gmail.com> wrote:
> On Fri, Jul 24, 2015 at 6:22 AM, Albert Lunde <atlunde at panix.com> wrote:
>> On 7/22/2015 9:50 PM, Rob Seward wrote:
>>> I’m trying to whiten a random noise source (a reverse biased transistor)
>>> with a low-powered microprocessor.
>> The Turbid paper has a section: "'Whitening' Considered Unhelpful":
> I consider this paper some of the best work in TRNGs ever. This paper
has had a more important impact than tthe Turbid code, IMO. However, this
particular section just quibbles about semantics of the words "hash
function" and "whitener". Turbid uses a "hash function" on the output,
and stubbornly refuses to call this a whitener.
I don't quite get this concern. As I understand it, a whitener is a
signal-processing function, with the sole purpose of ensuring that an
output signal isn't repetitive. The idea of a whitener being "insecure",
mentioned in the original post, is meaningless, as it's outside its scope.
The only bias that's relevant to a whitener is DC bias.
So cryptographic hashes and CSPRNGs are both whiteners and
cryptographically secure, but the reverse is not true. And a whitener
needn't compress if entropy is low.
Is there some convention of terminology I've missed, or is whitening the
wrong word here?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography