NIST logo

Random Bit Generation Workshop 2012


Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique,that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search. 

NIST is in the process of completing the development of approved methods for random bit generation. SP 800-90A specifies approved Deterministic Random Bit Generator (DRBG) mechanisms (i.e., algorithms) for generating random bits, given sufficient entropy in their seeding process. Two additional publications have recently been provided for public comment: SP 800-90B and SP 800-90C. SP 800-90B addresses the entropy sources needed to seed the DRBG mechanisms and includes both health tests and validation tests; SP 800-90C specifies constructions for creating random bit generators from entropy sources and DRBG mechanisms. The public comment period for these documents ends on December 3, 2012.

This workshop will discuss these documents and their validation by NIST's validation programs. It is expected that the primary focus of the workshop will be on the entropy sources discussed in SP 800-90B.


Reference Documentation: Copies of NIST SP 800-90B and NIST SP 800-90C will not be available at the workshop. If you'd like to reference either document while at the workshop, please print a copy to bring along.

Preliminary Agenda

Wednesday, December 5, 2012
(SP 800-90B)

9:00am - 9:15am

Welcome and workshop purpose (Elaine Barker, NIST)

9:15am - 10:15am High-level presentation of SP 800-90B (John Kelsey, NIST)
10:15am - 11:15am Presentation of non-IID tests (Patrick Hagerty)
Paper: Entropy Bounds and Statistical Tests
11:15am - 11:45am Break (refreshments available for purchase in the cafeteria)
11:45am - 12:15pm

General discussion of SP 800-90B (led by Mike Boyle)

  1. Use of approved and non-approved conditioning components
  2. Use of conditioning components to provide full entropy output.
  3. Is there a conditioning component that will produce non-IID data?
12:15pm - 1:00pm Lunch (available for purchase in the cafeteria)
1:00pm - 2:30pm

Collecting raw data (discussions led by John Kelsey, NIST)
1. Entropy Sources-Practical Designs and Validation Challenges, (Sonu Shankar and David McGrew, Cisco)
2. Other data-collection issues

2:30pm - 3:00pm Break (available for purchase from the Snack Stand. Take lobby elevator to Level B)
3:00pm - 5:00pm

Test Discussions (John Kelsey, NIST and Patrick Hagerty)

  1. IID tests
  2. Non-IID tests (e.g., should maximum symbol size be computed dynamically)?
  3. Continuous (health) tests (e.g., the tests specified, and the use of equivalent tests) 
  4. Restart tests
  5. Sanity tests
  6. Dealing with test results?


Thursday, December 6, 2012

9:00am - 9:30am

General CAVP and CMVP testing strategy - how testing will change (Mike Cooper, NIST)

9:30am - 10:00am CAVP testing - Current Algorithm Validation Testing vs. Entropy Source Validation Testing (Sharon Keller, NIST)
10:00am - 10:30am Envisioned transition strategy from old RNG requirements to SP 800-90 requirements (Mike Cooper, NIST)
10:30am - 11:00am Break (available for purchase from the cafeteria)
11:00am - 11:30am Evaluating Entropy Source Testing Tool Implementation 
of NIST SP 800-90B Min-entropy 
Estimation Framework
 (Tim Hall, NIST)
11:30am - 12:30pm Current Testing/Validation Issues (Sharon Keller, NIST)
12:30pm - 1:15pm Lunch (available for purchase in the cafeteria)

1:15pm - 4:45pm

(includes a 30-minute break)

Testing SP 800-90B entropy sources (discussions led by Tim Hall, NIST)

  1. Transition strategy, including current testing methodology vs. new methodology
  2. Recognition of other testing programs
  3. FIPS 140-2/3 annexes
  4. Validation lists
  5. DRBG/NRBG issues (using entropy sources with DRBG mechanisms)

Intel and Random Numbers (David Johnston, Intel)

RBG Construction Issues (discussions led by Elaine Barker, NIST)

  1. Using DRBG mechanisms from SP 800-90A
4:45pm - 5:00pm Closing (Elaine Barker, NIST)


Start Date: Wednesday, December 5, 2012
End Date: Thursday, December 6, 2012
Location: Administration Bldg. / Lecture Room B
Audience: Industry, Government
Format: Workshop


Registration closed November 26, 2012.

Registration Fee: $20.00. All attendees must be pre-registered to gain entry to the NIST campus. Photo identification must be presented at the main gate to be admitted to the conference. International attendees are required to present a passport. Attendees must wear their conference badge at all times while on the campus. There is no on-site registration for meetings held at NIST.

Cancellation requests must be received in writing or by email by 5:00 p.m. ET November 26, 2012 to be eligible for a refund of the entire registration fee. Please send inquiries to

NIST Visitor Information

Registration Contact:

Teresa Vicente

Technical Contact: