Are there any specific CSPRNG\'s that cannot be used as randomness extractor wit

Question

Are there any specific CSPRNG's that cannot be used as randomness extractor within a TRNG?

In other words, can you simply provide enough entropy gathered from a good entropy source as seed in any CSPRNG, and be done with it?

I've got the strong feeling that the properties of a CSPRNG are largely overlapping that of randomness extraction, but Wikipedia claims that the properties of a (generic) PRNG may not necessarily overlap.

However, the general PRG definition does not specify that a weakly random source must be used, and while in the case of an extractor, the output should be statistically close to uniform, in a PRG it is only required to be computationally indistinguishable from uniform, a somewhat weaker concept.

I presume that any hash based extractor should work, as it hashes the input. Hashing the entropy is - as far as I understood - considered a good method of extracting the randomness out of the entropy.

The only property that I can come up with that should be required from a CSPRNG is that it has to mix in all the data containing the entropy.

Explanation / Answer

Some CSPRNGs accept a constant width seed. That means they could only be used as randomness extractors for that input size; no less, no more. For example, AES-128 CTR_DRBG CSPRNG (from 800-90A) would only accept 256 bits of seed for the key and initial vector in total.

Further, if the input is not fully random (as you'd expect with a randomness extractor), they can be vulnerable to related-key attacks. When used as a random number generator the key is usually assumed to be uniformly random

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.