Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Random Bit Generation Workshop 2012

Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique,that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search. 

NIST is in the process of completing the development of approved methods for random bit generation. SP 800-90A specifies approved Deterministic Random Bit Generator (DRBG) mechanisms (i.e., algorithms) for generating random bits, given sufficient entropy in their seeding process. Two additional publications have recently been provided for public comment: SP 800-90B and SP 800-90C. SP 800-90B addresses the entropy sources needed to seed the DRBG mechanisms and includes both health tests and validation tests; SP 800-90C specifies constructions for creating random bit generators from entropy sources and DRBG mechanisms. The public comment period for these documents ends on December 3, 2012.

This workshop will discuss these documents and their validation by NIST's validation programs. It is expected that the primary focus of the workshop will be on the entropy sources discussed in SP 800-90B.

Reference Documentation: Copies of NIST SP 800-90B and NIST SP 800-90C will not be available at the workshop. If you'd like to reference either document while at the workshop, please print a copy to bring along.

Preliminary Agenda

Wednesday, December 5, 2012
(SP 800-90B)

9:00am - 9:15am

Welcome and workshop purpose (Elaine Barker, NIST)

9:15am - 10:15amHigh-level presentation of SP 800-90B (John Kelsey, NIST)
10:15am - 11:15amPresentation of non-IID tests (Patrick Hagerty)
Paper: Entropy Bounds and Statistical Tests
11:15am - 11:45amBreak (refreshments available for purchase in the cafeteria)
11:45am - 12:15pm

General discussion of SP 800-90B (led by Mike Boyle)

  1. Use of approved and non-approved conditioning components
  2. Use of conditioning components to provide full entropy output.
  3. Is there a conditioning component that will produce non-IID data?
12:15pm - 1:00pmLunch (available for purchase in the cafeteria)
1:00pm - 2:30pm

Collecting raw data (discussions led by John Kelsey, NIST)
1. Entropy Sources-Practical Designs and Validation Challenges, (Sonu Shankar and David McGrew, Cisco)
2. Other data-collection issues

2:30pm - 3:00pmBreak (available for purchase from the Snack Stand. Take lobby elevator to Level B)
3:00pm - 5:00pm

Test Discussions (John Kelsey, NIST and Patrick Hagerty)

  1. IID tests
  2. Non-IID tests (e.g., should maximum symbol size be computed dynamically)?
  3. Continuous (health) tests (e.g., the tests specified, and the use of equivalent tests) 
  4. Restart tests
  5. Sanity tests
  6. Dealing with test results?

 

Thursday, December 6, 2012
(Validation)

9:00am - 9:30am

General CAVP and CMVP testing strategy - how testing will change (Mike Cooper, NIST)

9:30am - 10:00amCAVP testing - Current Algorithm Validation Testing vs. Entropy Source Validation Testing (Sharon Keller, NIST)
10:00am - 10:30amEnvisioned transition strategy from old RNG requirements to SP 800-90 requirements (Mike Cooper, NIST)
10:30am - 11:00amBreak (available for purchase from the cafeteria)
11:00am - 11:30amEvaluating Entropy Source Testing Tool Implementation 
of NIST SP 800-90B Min-entropy 
Estimation Framework
 (Tim Hall, NIST)
11:30am - 12:30pmCurrent Testing/Validation Issues (Sharon Keller, NIST)
12:30pm - 1:15pmLunch (available for purchase in the cafeteria)

1:15pm - 4:45pm

(includes a 30-minute break)

Testing SP 800-90B entropy sources (discussions led by Tim Hall, NIST)

  1. Transition strategy, including current testing methodology vs. new methodology
  2. Recognition of other testing programs
  3. FIPS 140-2/3 annexes
  4. Validation lists
  5. DRBG/NRBG issues (using entropy sources with DRBG mechanisms)

Intel and Random Numbers (David Johnston, Intel)

RBG Construction Issues (discussions led by Elaine Barker, NIST)

  1. Using DRBG mechanisms from SP 800-90A
4:45pm - 5:00pmClosing (Elaine Barker, NIST)

 

 

 

 

 

Created October 3, 2012, Updated September 21, 2016