XDRBG: A Proposed Deterministic Random Bit Generator Based on Any XOF

Abstract

A deterministic random bit generator (DRBG) generates pseudorandom bits from an unpredictable seed, i.e., a seed drawn from any random source with sufficient entropy. The current paper formalizes a security notion for a DRBG, in which an attacker may make any legal sequence of requests to the DRBG and sometimes compromise the DRBG state, but should still not be able to distingush DRBG outputs from ideal random bits. The paper proposes XDRBG, a new DRBG based on any eXtendable Output Function (XOF) and proves the security of the XDRBG in the ideal-XOF model. The proven bounds are tight, as demonstrated by matching attacks. The paper also discusses the security of XDRBG against quantum attackers. Finally, the paper proposes concrete instantiations of XDRBG, employing either the SHAKE128 or the SHAKE256 XDRBG. Alternative instantiations suitable for lightweight applications can be based on ASCON.