Nomos also uses BLAKE2b as the basis for a deterministic pseudorandom byte generator, suitable for different purposes.

Construction:

Given a 64-bytes seed s and an integer index i, the PRNG output is derived by:

PRNG(seed, i) = BLAKE2b(s || encode_u64(i), out_len=64)

• s: 64-bytes seed (domain-separated if needed).
• encode_u64(i): 8-byte little-endian encoding of the index i.
• out_len: fixed to 64 bytes (maximum output size of BLAKE2b).

Output:

• For generating n bytes (bigger than 64 bytes), concatenate outputs of PRNG(seed, i) for i = 0, 1, ... until the desired length is reached.
• For generating k bits, compute enough full 64-byte outputs to cover at least k bits, then truncate the last byte to the required bit-length.
• This minimizes the number of BLAKE2b invocations by using the full 64-byte output capacity.

Notes:

• Seed choice and domain separation must be handled at the protocol level.