[Cryptech Tech] FW: [Ace] chacha20 as prng

Joachim Strömbergson joachim at secworks.se
Fri Nov 13 09:05:22 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Cuellar, Jorge wrote:
> Leif Johanson provided to us the link, in the hope that you could 
> share with us information about the use of ChaCha20 (and related 
> mechanisms) as pseudo-random generators.
> 
> I would be interested in promoting ChaCha20 as a building block for 
> the "Authentication and Authorization for Constrained Environments 
> (ACE)", and any pointers/publications/performance-numbers that you 
> could share with us.  Perhaps later for im
> 
> Best regards, Jorge

Cool, sure.

To put it simply, we use chacha20 as the csprng by having it encipher
512-bit blocks of a message of up to CIPHER_MAX_BLOCKS (which is hard
coded to be 0x100000000. After this number of blocks we will always
reseed. Reseed frequency can be set by the application. The default
value is 0x1000000. (CIPHER_MAX_BLOCKS is thus a failsafe.)

We seed Chacha20 with:

- - 256 bit key
- - 64 bit iv
- - 64 bit initial counter value
- - 512 bit message block

The number of rounds are settable and the default value is 20 rounds to
match the ChaCha20 specification for 256 bit strength.

Reseed values comes from the mixer. The mixer is implemented with
SHA-512 and 512-bit reseed words are basically the digest output from
SHA-512. The digests are generated by incrementally hashing data from
the entropy providers. This means that for a single 512-bit seed we
consume 1024 bit entropy. And the seed is based on these entropy bits
and the current state of sha-512. Reseeding the csprng consumes 2048
bits of entropy.


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWRafSAAoJEF3cfFQkIuyNECcP/0P9pBVH4HN7iGu7i0o9UMOD
NT0dyBY+xDV0PYR0/DqbLkGdXR2S0L/8raAZAO2YUxAMElCSEWFx7r9jdA45GaE2
TsS4wwok/ST7vuK99hCaTfawjBa4tLvFBeFVQ5MKfNmZBEKpt/p7fdP6ebEMe4ja
LpjNttAUfJhQWQqnTrkHhHydzvr+Rh8QZ5BZXRwkJQ+Ws1QiXSBrEmbKrwVZS0Kd
XWu8V/qlbwEcEGZwHGwKFPcGhOU+ngmoW1B9lAsHIcPhM3/rplE2CVGq2Jqet5n1
LCRSe5Th4n6ubsyzGABm5VMwKpH/d1akFxrJLlV22DT8/h16V7KpQAA+0pWYVZlF
b4ONJkxzgFDX3GDykAlEJ1gYRZmFFxCTTt3VDh6AiBIhAuifzNuPU8cdhrfUSJwb
76dRkTHsvhfv9kGaBVqV5EnMzt9WNMC/UDKXuKFz9dURHruTtXO5n/WJEnE7PWz/
nBxFYR8DJ/c72O/f16iGxnAlaTGWZYRseomciHqhRknEuBqdLaoCZ+2aYCWktAvA
Z1ltr8AkqQeC7AXFpXCeBbKKi0Q6t+UfQ/RBt67UAs58o3PwOeRklklvA1SqiDAq
M9TVsutQxNMseBMy5pDXlUHk6YE7wMtmWZ/YFNBw2O/wUJaTwAWe3Jx77vQItEE7
ZWN56WF6bhRZ0qWAIK0z
=/UrZ
-----END PGP SIGNATURE-----


More information about the Tech mailing list