tarakby
commented
1 year ago I suggest the following way to "mix" the seed and salt and extract the Xorshit128+ seed.
I assume we have the following interface to create a Xorshit128+ instance:
NewXorshift128plus(seed [16]byte) : PRGInstanceand we would like to define the function:
NewPRG(source [32]byte, salt []byte) : PRGInstance // salt can be of arbitrary sizeNewPRG(source [32]byte, salt []byte) : PRGInstance {
tmp = concat(source, salt)
hash = sha3_256(tmp) // hash is of size 32
seed = hash[0:16] // seed is of size 16
prg = NewXorshift128plus(seed)
return prg
}some comments on the design:
- accept a salt of arbitrary length instead of 64 bits only. In the example provided in the repo, the salt was a Flow uuid (64 bits), but developers should be able to use other data as a salt too.
- in Flow case, the source of randomness has a 128 bits entropy. Using a hash function with 256 bits of output does not reduce that entropy.
- the xorshift seed is the first 128 bits of the hash output (256 bits). This is fine because the hash diffusion insures that these 128 bits depend of all bits of the source and salt.
sisyphusSmiling
Related conversation: https://github.com/onflow/random-coin-toss/pull/4#discussion_r1378134981
Xorshit128+ typically uses 16 bytes, but the source of randomness we have available is 32 plus an 8 byte salt. As such, we'll need to update the current PRG implementation.