Hi,

If there already is a useable core for SHA-3 which fulfills the performance  
requirements and takes equal or less space I see this (SHA3-512) as a viable 
option to consider. Otherwise preference goes with Blake2s.

The design of SHA-3 with its kinda large state should help to keep enough 
entropy in the seed stream even if subsequent seeds were generated without 
having new data from our entropy sources mixed in.

IMHO (as a layman) we shouldn't reduce the internal state of the mixer for seed 
generation below 256 bit to keep a reasonable security margin should the 
entropy sources fail in mid-operation and leave the entropy pool in a state 
where no new entropy enters between many subsequently generated seeds for the 
DRBG.

OT: Has an entropy source like WhirlyGig[1] or some FPGA port of it[2] been 
considered as an additional entropy source? Having experimented with that code 
on some Papillio Pro board a while ago I found the general design to provide 
good results with dieharder when sending samples at 2Mbps. The bit stream could 
easily be scaled to provide 1Gbps; although I didn't try this due to lack of 
means to transfer data fast enough (The WhirlyGig core runs easily at 100MHz on 
the Papillio Pro).

So far for my 2ct as a (more or less) layman with theoretical crypto design; 
thus take thing mostly as my gutt feelings and with enough salt&pepper.

Kind regards,
Benny "BenBE" Baumann

[1] 
https://warmcat.com/hardware%20design/linux%20peripherals/2007/11/24/whirlygig-gpld-hwrng.html
[2] https://github.com/zdavkeos/whirlyfly

Am 23. März 2018 12:41:59 MEZ schrieb "Joachim Strömbergson" 
<joachim.stromberg...@assured.se>:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>Aloha!
>
>Manuel Domke wrote:
>> I see there is a need to make it smaller/faster but I don't think its
>> a good option to "downgrade" to SHA-256. From the (long-term)
>> security perspective I'd prefer using SHA-3 (Keccak-1600) instead of
>> SHA-2, like its done in my favorite entropy source - the Infinite
>> Noise TRNG - but whitening is fully implemented in software.
>> 
>> Maybe Blake2s is a good option to go for now? Especially when you
>> have an (partial) implementation. Its also been an SHA-3 finalist
>> just like the winner Keccak-1600.
>
>Cryptech has a SHA-3 core and could be used here.
>
>https://trac.cryptech.is/wiki/GitRepositories/core/hash/sha3
>
>The interface is a bit different, but could be adapted. Thanks for the
>suggestions and feedback.
>
>- -- 
>Med vänlig hälsning, Yours
>
>Joachim Strömbergson - Assured AB
>========================================================================
>
>-----BEGIN PGP SIGNATURE-----
>Comment: GPGTools - http://gpgtools.org
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
>iQIcBAEBCAAGBQJatOgHAAoJEF3cfFQkIuyNzMAQAINFQXRCm28JacZ2OocqQvlV
>D8/csS3alIcxzFbzzBW1Mj+11W6VMi9ucvgXmPlEKl2dHwDz6x2dO6XjfYISpQJO
>hIzPkqMMRursY5a6NENouIPNliNhDZH24K7rzU82ClrEs/H1T8WUBdDIfQ0oar1+
>n/jUk38q2PmqfsN9Pp56zhqKxTEp19Yv07pWMeOzyFFt2Oel155N8A+bHde2hQkC
>Yn80VgkRbi1COadlPMrG7BHRcXJPsEplsqDkv4P77qOarfQ19gIN3MBUwjCk8i1y
>XCjN5QItHHvvoWiWJYvh8JNZNolwOPaAs70+mOA3vTcEjdweAnkM2RNBWByOpUbS
>Bb+VpBQd0TFxzQcPRKR5P1GxYoPpaHfaRBc6aMH7w6zZ/Z3/L5y7bLadI1di89uT
>ilf3qXK7xpJQXg5FEAFx1xOBT1m9bXvSG2E/gCu39y7g1MJAzSSlPKBimjjs4sEu
>04SoP8dxTeJEPpCrK8ZCY7HsIsh2+9cmQD9m5jxNVX1jOfGcxbBfCsr0pOqewVoq
>eeSeMnYqV5ygryrAb4WzK2WyQPhOatQW2EqGbANdkjOq4eDVFCFg27Kwu62DZunD
>NSY9AyolwlYB6hL5tn0S2cs6wkwTu0dHuMJ62pfvkcEFGIrayH93dUZmG2vXErn9
>v2GqGc0OZjASVn40Td7N
>=ef2k
>-----END PGP SIGNATURE-----
>_______________________________________________
>Tech mailing list
>Tech@cryptech.is
>https://lists.cryptech.is/listinfo/tech
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech

Reply via email to