International Association for Cryptologic Research

International Association
for Cryptologic Research


XDRBG: A Proposed Deterministic Random Bit Generator Based on Any XOF

John Kelsey , National Institute of Standards and Technology (NIST), Gaithersburg, USA; COSIC, KU Leuven, Leuven, Belgium
Stefan Lucks , Bauhaus-Universität, Weimar, Germany
Stephan Müller , atsec information security corp, Austin, USA
DOI: 10.46586/tosc.v2024.i1.5-34
Search ePrint
Search Google
Abstract: A deterministic random bit generator (DRBG) generates pseudorandom bits from an unpredictable seed, i.e., a seed drawn from any random source with sufficient entropy. The current paper formalizes a security notion for a DRBG, in which an attacker may make any legal sequence of requests to the DRBG and sometimes compromise the DRBG state, but should still not be able to distingush DRBG outputs from ideal random bits. The paper proposes XDRBG, a new DRBG based on any eXtendable Output Function (XOF) and proves the security of the XDRBG in the ideal-XOF model. The proven bounds are tight, as demonstrated by matching attacks. The paper also discusses the security of XDRBG against quantum attackers. Finally, the paper proposes concrete instantiations of XDRBG, employing either the SHAKE128 or the SHAKE256 XDRBG. Alternative instantiations suitable for lightweight applications can be based on ASCON.
  title={XDRBG: A Proposed Deterministic Random Bit Generator Based on Any XOF},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={024 No. 1},
  author={John Kelsey and Stefan Lucks and Stephan Müller},