In August we added alternative SHA-256 and SHA-512 entropy extractors to the AlphaRNG Software Kit. New SHA-256 and SHA-512 entropy extractors comply with NIST SP 800 90B section 3.1.5.1 (Recommendation for the Entropy Sources Used for Random Bit Generation) and NIST FIPS PUB 180-4 (Secure Hash Standard). The SHA entropy extraction logic is implemented into the software kit by applying SHA-512 or SHA-256 method to concatenated RAW random bytes of both noise sources retrieved from an AlphaRNG device. The SHA input/output extraction ratio used is 2/1, so that for each bit of extracted entropy there are two bits of raw data used as input.

The following describes how the SHA extraction was implemented.

Let NS1t be a raw random sample byte obtained as a result of digitizing the analog electrical noise of the first noise source at moment in time t.

Let NS2t be a raw random sample byte obtained as a result of digitizing the analog electrical noise of the second noise source at moment in time t.

Let RAWt be a raw random 16 bit number as a result of concatenation of bytes NS1t and NS2t at moment in time t so that:

RAWt = NS1t || NS2t

The raw input data used by SHA extractor is computed as following:
RAWnin = { RAWt1, RAWt2, RAWt3, … RAWtN }

where:
RAWnin - RAW bits used as input for the SHA method.
nin - number of bits used as input: 512 when using SHA-256 and 1024 when using SHA-512.
RAWt1 - a 16 bit raw number at moment in time t1 and e.t.c.
N - total amount of 16 bit raw numbers used as input for the SHA method: 256 when using SHA-256 and 512 when using SHA-512.

The final resulting entropy bits are computed as following:
outputnout = SHA ( RAWnin )

where:
nout - number of entropy bits in the output: 256 when using SHA-256 and 512 when using SHA-512.

The latest AlphaRNG Software Kit can be downloaded from the this address. More information about SHA extractors can be found at this location or here.