Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique, that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search.
NIST is in the process of completing the development of approved methods for random bit generation.
SP 800-90A has recently been revised. It specifies approved Deterministic Random Bit Generator (DRBG) mechanisms (i.e., algorithms) for generating random bits, given sufficient entropy in their seeding process.
SP 800-90B addresses the entropy sources needed to seed the DRBG mechanisms and includes both health tests and validation tests. A new draft of SP 800-90B is available for public comment. The public comment period for this document ends on May 9, 2016. The specific areas where comments are solicited on SP 800-90B are:
- Post-processing functions (Section 3.2.2): We provided a list of approved post-processing functions. Is the selection of the functions appropriate?
- Entropy assessment (Section 3.1.5): While estimating the entropy for entropy sources using a conditioning component, the values of n and q are multiplied by the constant 0.85. Is the selection of this constant reasonable?
- Multiple noise sources: The Recommendation only allows using multiple noise sources if the noise sources are independent. Should the use of dependent noise sources also be allowed, and if so, how can we calculate an entropy assessment in this case?
- Health Tests: What actions should be taken when health tests raise an alarm? The minimum allowed value of a type I error for health testing is selected as 2-50. Is this selection reasonable?
NIST SP 800-90C specifies constructions for creating random bit generators from entropy sources and DRBG mechanisms. A new draft of this document is now available for review and comment. The comment period on 90C ends June 13, 2016.
This workshop will discuss SP 800-90B and SP 800-90C, as well as their validation by NIST's validation programs.
Reference Documentation: Copies of NIST SP 800-90B and NIST SP 800-90C will not be available at the workshop. If you'd like to reference either document while at the workshop, please print a copy to bring along.