Sponge-Based Pseudo-Random Number Generators

  • Guido Bertoni
  • Joan Daemen
  • Michaël Peeters
  • Gilles Van Assche
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)


This paper proposes a new construction for the generation of pseudo-random numbers. The construction is based on sponge functions and is suitable for embedded security devices as it requires few resources. We propose a model for such generators and explain how to define one on top of a sponge function. The construction is a novel way to use a sponge function, and inputs and outputs blocks in a continuous fashion, allowing to interleave the feed of seeding material with the fetch of pseudo-random numbers without latency. We describe the consequences of the sponge indifferentiability results to this construction and study the resistance of the construction against generic state recovery attacks. Finally, we propose a concrete example based on a member of the Keccak family with small width.


pseudo-random numbers hash function stream cipher sponge function indifferentiability embedded security device Keccak 


  1. 1.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security 1993, pp. 62–73 (1993)Google Scholar
  2. 2.
    Bellare, M., Yee, B.: Forward-security in private-key cryptography, Cryptology ePrint Archive, Report 2001/035 (2001),
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: Ecrypt Hash Workshop 2007 (May 2007), also available as public comment to NIST,
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008), CrossRefGoogle Scholar
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponges (2009),
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications, version 2, NIST SHA-3 Submission (September 2009),
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document, NIST SHA-3 Submission (updated) (September 2009),
  8. 8.
    Coron, J., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Desai, A., Hevia, A., Yin, Y.L.: A practice-oriented treatment of pseudorandom number generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Ferguson, N., Schneier, B.: Practical cryptography. John Wiley & Sons, Chichester (2003)Google Scholar
  11. 11.
    Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    NIST: Federal information processing standard 186-2, digital signature standard (DSS) (May 1994)Google Scholar
  13. 13.
    NIST: Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register Notices 72(212), 62212–62220 (2007), Google Scholar
  14. 14.
    NIST: NIST special publication 800-90, recommendation for random number generation using deterministic random bit generators (revised) (March 2007)Google Scholar
  15. 15.
    NIST: NIST special publication 800-22, a statistical test suite for random and pseudorandom number generators for cryptographic applications (revision 1) (August 2008)Google Scholar
  16. 16.
    Viega, J.: Practical random number generation in software. In: ACSAC ’03: Proceedings of the 19th Annual Computer Security Applications Conference, Washington, DC, USA, p. 129. IEEE Computer Society, Los Alamitos (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Guido Bertoni
    • 1
  • Joan Daemen
    • 1
  • Michaël Peeters
    • 2
  • Gilles Van Assche
    • 1
  1. 1.STMicroelectronics 
  2. 2.NXP Semiconductors 

Personalised recommendations