Re: Constructing PRNGs from hash functions

---

• From: rossum <rossum48@xxxxxxxxxxxx>
• Date: Sun, 02 Nov 2008 01:53:24 +0000

---

On Sat, 01 Nov 2008 21:29:30 -0400, Thomas Dixon <reikon@xxxxxxxxx>
wrote:

Following a discussion in ##crypto on irc.freenode.net, I was reading a
thread here centering around the construction of stream ciphers through
the use of hash functions
(http://groups.google.com/group/sci.crypt/browse_thread/thread/977aea12bb5c78e2/a2cdb142fd7136ea?pli=1).
This was relevant because I wish to construct a simple PRNG utilizing
a hash function as the PRF. After a decent amount of digging through
books and Google, I wasn't left with much. There are a few
implementations of several JCE's SHA1PRNG floating around on the
Internet, but no formal specifications. As a result, I thought up a
simple design:

Define F as the hash function.
Define seed as F(seed_string).
Define || as concatenation.

s_0 = F(0 || seed || 0)
s_i = F(s_{i-1} || seed || i)

I not only wish to obtain opinions regarding the above, but I'm very
much interested in any resources or suggestions any of you have on such
schemes as a whole. Your contributions are very much appreciated.

Regards,
Tom

Inevitably there is a standard available, NIST SP 800-90:
http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

Do not use the Elliptic Curve method (10.3) proposed. It is slow and
has a possible backdoor - see
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

The other methods in SP 800-90 are fine, using either a block cypher
(10.2) or a hash function (10.1).

rossum

.

---

• Follow-Ups:
  • Re: Constructing PRNGs from hash functions
    • From: Thomas Dixon

• References:
  • Constructing PRNGs from hash functions
    • From: Thomas Dixon

• Prev by Date: Constructing PRNGs from hash functions
• Next by Date: Re: Constructing PRNGs from hash functions
• Previous by thread: Constructing PRNGs from hash functions
• Next by thread: Re: Constructing PRNGs from hash functions
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: hash function ... > and may have caused me to write some strange-looking post earlier. ... Isn't this what you considered as a funny construction in the previous ... Does using a hash function fto match the arbitrary-length ... (sci.crypt) Re: Information-theoretic MAC ... The note by Bernstein explains the Wegman-Carter paradigm nicely (and ... It's important to look at any construction you encounter carefully as ... it may not always provide unconditional security (rather the security ... hash function definition over other groups). ... (sci.crypt) Re: Reversible hash function ... > block cipher that is similar to DES, ... > could you use a hash function to replace the F function in DES? ... Luby and Rackoff proved this construction ... iterated `compression function' which looks like a block cipher sideways ... (sci.crypt) Constructing PRNGs from hash functions ... thread here centering around the construction of stream ciphers through ... Define F as the hash function. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2008-11