In August we added alternative SHA-256 and SHA-512 entropy extractors to the AlphaRNG Software Kit. New SHA-256 and SHA-512 entropy extractors comply with NIST SP 800 90B section 3.1.5.1 (Recommendation for the Entropy Sources Used for Random Bit Generation) and NIST FIPS PUB 180-4 (Secure Hash Standard). The SHA entropy extraction logic is implemented into the software kit by applying SHA-512 or SHA-256 method to concatenated RAW random bytes of both noise sources retrieved from an AlphaRNG device. The SHA input/output extraction ratio used is 2/1, so that for each bit of extracted entropy there are two bits of raw data used as input.

The following describes how the SHA extraction was implemented.

Let NS1_{t} be a raw random sample byte obtained as a result of digitizing the analog electrical noise of the first noise source at moment in
time t.

Let NS2_{t} be a raw random sample byte obtained as a result of digitizing the analog electrical noise of the second noise source at moment in
time t.

Let RAW_{t} be a raw random 16 bit number as a result of concatenation of bytes NS1_{t} and NS2_{t} at moment in time
t so that:

RAW_{t} = NS1_{t} || NS2_{t}

The raw input data used by SHA extractor is computed as following:

RAW_{nin} = { RAW_{t1}, RAW_{t2}, RAW_{t3}, … RAW_{tN} }

where:

RAW_{nin} - RAW bits used as input for the SHA method.

n_{in} - number of bits used as input: 512 when using SHA-256 and 1024 when using SHA-512.

RAW_{t1} - a 16 bit raw number at moment in time t1 and e.t.c.

N - total amount of 16 bit raw numbers used as input for the SHA method: 256 when using SHA-256 and 512 when using SHA-512.

The final resulting entropy bits are computed as following:

output_{nout} = SHA ( RAW_{nin} )

where:

n_{out} - number of entropy bits in the output: 256 when using SHA-256 and 512 when using SHA-512.

The latest AlphaRNG Software Kit can be downloaded from the this address. More information about SHA extractors can be found at this location or here.