/aes-stream

A fast AES-PRF based secure random-number generator

Primary LanguageCBSD 2-Clause "Simplified" LicenseBSD-2-Clause

AES-STREAM

A simple, but fast AES-PRF-based random number generator.

Fast, designed to fill large buffers with random data. Does fast key erasure.

Requires a modern Intel or AMD CPU with AES-NI support.

API

Pretty straightforward:

#include "aes-stream.h"

#define AES_STREAM_SEEDBYTES 32

void aes_stream_init(aes_stream_state *st, const unsigned char seed[AES_STREAM_SEEDBYTES]);

void aes_stream(aes_stream_state *st, unsigned char *buf, size_t buf_len);

Call aes_stream_init() with a seed, then aes_stream() to fill buf with buf_len random bytes.

aes_stream() can be called indefinitely without having to reseed the generator.

Compilation

Do not forget to tell your compiler to enable support for AES opcodes with the -maes flag.

Recommended: -Ofast -maes -march=native

Clang 7 appears to produce faster code than gcc 8.

Key erasure is performed after every call to stream(). If you are dealing with many short keys, implement a pool on top of this.

Uses AES-128 by default. Define AES_STREAM_ROUNDS=14 in order to use AES-256 instead.

References