A simple, but fast AES-PRF-based random number generator.
Fast, designed to fill large buffers with random data. Does fast key erasure.
Requires a modern Intel or AMD CPU with AES-NI support.
Pretty straightforward:
#include "aes-stream.h"
#define AES_STREAM_SEEDBYTES 32
void aes_stream_init(aes_stream_state *st, const unsigned char seed[AES_STREAM_SEEDBYTES]);
void aes_stream(aes_stream_state *st, unsigned char *buf, size_t buf_len);Call aes_stream_init() with a seed, then aes_stream() to fill
buf with buf_len random bytes.
aes_stream() can be called indefinitely without having to reseed the
generator.
Do not forget to tell your compiler to enable support for AES opcodes
with the -maes flag.
Recommended: -Ofast -maes -march=native
Clang 7 appears to produce faster code than gcc 8.
Key erasure is performed after every call to stream(). If you are
dealing with many short keys, implement a pool on top of this.
Uses AES-128 by default. Define AES_STREAM_ROUNDS=14 in order to use
AES-256 instead.
- Cryptanalysis of AES-PRF and its Dual (Patrick Derbez, Tetsu Iwata, Ling Sun, Siwei Sun, Yosuke Todo, Haoyang Wang and Meiqin Wang)
- Optimal PRFs from blockcipher designs (Bart Mennink and Samuel Neves)
- Fast-key-erasure random-number generators (Daniel J. Bernstein)