Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 33-47

Sponge-Based Pseudo-Random Number Generators

  • Guido BertoniAffiliated withSTMicroelectronics
  • , Joan DaemenAffiliated withSTMicroelectronics
  • , Michaël PeetersAffiliated withNXP Semiconductors
  • , Gilles Van AsscheAffiliated withSTMicroelectronics


This paper proposes a new construction for the generation of pseudo-random numbers. The construction is based on sponge functions and is suitable for embedded security devices as it requires few resources. We propose a model for such generators and explain how to define one on top of a sponge function. The construction is a novel way to use a sponge function, and inputs and outputs blocks in a continuous fashion, allowing to interleave the feed of seeding material with the fetch of pseudo-random numbers without latency. We describe the consequences of the sponge indifferentiability results to this construction and study the resistance of the construction against generic state recovery attacks. Finally, we propose a concrete example based on a member of the Keccak family with small width.


pseudo-random numbers hash function stream cipher sponge function indifferentiability embedded security device Keccak