Torbjörn Granlund tg at
Mon Apr 15 11:55:13 UTC 2019

Since long, I have intended to implement AES-based PRNGs in GMP.  The
idea being that if AES is a good encryption algorithm, the sequence
AES_encrypt(cnt,key) for cnt=0,1,... will be simply great.  :-)

Now we have the NIST standard SP 800-108a.  It messes around with key
replacements after some generated numbers, and does other contortions.

What do people here think, do we need SP 800-108a or is my simple
AES_encrypt(cnt,key) good enough for GMP?

Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list