shaseedprng

Modified SHA256 for PRNG seeding


Can I do this

1. Copy SHA hash constants to eight 32bit work variables.
2. Expand message.
3. Mix work variables (SHA inner loop).
4. Output work variables to PRNG state. 

instead of the normal procedure (single message block)

1. Pad message block.
2. Copy SHA hash constants to hash.
3. Read hash into eight 32bit work variables.
4. Expand message.
5. Mix work variables (SHA inner loop).
6. Add work variables to hash. 
7. Output hash to PRNG state. 

if I only want good bit mixing of some input entropy for seeding a non-cryptographic PRNG? Security is completely irrelevant. All I need is to generate a good PRNG state from a time stamp combined with some hardware bits (8 byte time stamp, 56 bytes from hardware).


Solution

  • While I'm not sure about the specifics of how you want to simplify things, generally simplifying a cryptographic algorithm for non-cryptographic purposes is just fine provided you document very clearly that your use of a cryptographic primitive does not imply any cryptographic strength in the resulting code.

    Normally you might implement the exact specification so that you can verify it against a third-party reference (ensuring that the code is connected as expected and that no data is discarded, etc.), and then reduce the number of rounds so it goes much faster.

    A common motivation for doing this is when you have access to hardware acceleration for a cryptographic algorithm.

    However, if your input is a fixed-length 64 bits then sha256 is typically more trouble than it's worth.

    You haven't specified the size of the state of the PRNG. If it's bigger than 64 bits then you probably just want to seed a simple 64-bit PRNG with your seed and then use that iteratively to fill in the larger PRNG state buffer. If it's exactly 64-bits then something like the mix function of MurmurHash might be sufficient.