Add ChaCha_RNG

author: Jack Lloyd <[email protected]> 2017-07-31 15:12:39 -0400
committer: Jack Lloyd <[email protected]> 2017-07-31 16:45:30 -0400
commit: e22c52e46f1c8b27e4fad7cb8e87ca62a2a1cb3d (patch)
tree: 7b4b55e573a6b7c84304844fd23689ac487f2e41 /doc/manual
parent: ce2deaef167fbd2073959488880b932efaf024d9 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst
index 7d586e743..592f319fa 100644
--- a/doc/manual/rng.rst
+++ b/doc/manual/rng.rst
@@ -78,6 +78,19 @@ initial seed is generated either by the system PRNG (if available) or
 a default set of entropy sources. These are also used for periodic
 reseeding of the RNG state.
 
+ChaCha_RNG
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is a very fast userspace PRNG based on ChaCha20 and HMAC(SHA-256). The key
+for ChaCha is derived by hashing entropy inputs with HMAC. Then the ChaCha
+keystream generator is run, first to generate the new HMAC key (used for any
+future entropy additions), then the desired RNG outputs.
+
+This RNG composes two primitives thought to be secure (ChaCha and HMAC) in a
+simple and well studied way (the extract-then-expand paradigm), but is still an
+ad-hoc and non-standard construction. It is included because it is roughly 20x
+faster then HMAC_DRBG, and certain applications need access to a very fast RNG.
+
 TPM_RNG
 ^^^^^^^^^^^^^^^^^
author	Jack Lloyd <[email protected]>	2017-07-31 15:12:39 -0400
committer	Jack Lloyd <[email protected]>	2017-07-31 16:45:30 -0400
commit	e22c52e46f1c8b27e4fad7cb8e87ca62a2a1cb3d (patch)
tree	7b4b55e573a6b7c84304844fd23689ac487f2e41 /doc/manual
parent	ce2deaef167fbd2073959488880b932efaf024d9 (diff)