Torbjörn Granlund tg at
Tue Apr 16 10:19:28 UTC 2019

Pedro Gimeno <gmpdevel at> writes:

  Anyway, that brings up another point: how would seeding work? Should
  the seed be used verbatim, like, should the first N bits of the seed
  used directly as a key? Should some bits of the key be reserved,
  e.g. for a counter, in case we decide in future to re-key?

My idea is to use the first up to 128 seed bits for key, any remaining
up to 128 bits for a counter initialisation.

That can consume up to 256 bits of seed data (if AES-128 is used).  It
might be considered rude to drop seed data, so one might perform some
reduction operation to bring larger seeds down to 256 bits.

Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list