Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Random Bit Generation Workshop 2016

Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique, that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search.

NIST is in the process of completing the development of approved methods for random bit generation.

SP 800-90A has recently been revised. It specifies approved Deterministic Random Bit Generator (DRBG) mechanisms (i.e., algorithms) for generating random bits, given sufficient entropy in their seeding process.

SP 800-90B addresses the entropy sources needed to seed the DRBG mechanisms and includes both health tests and validation tests. A new draft of SP 800-90B is available for public comment. The public comment period for this document ends on May 9, 2016. The specific areas where comments are solicited on SP 800-90B are:

  • Post-processing functions (Section 3.2.2): We provided a list of approved post-processing functions. Is the selection of the functions appropriate?
  • Entropy assessment (Section 3.1.5): While estimating the entropy for entropy sources using a conditioning component, the values of n and q are multiplied by the constant 0.85. Is the selection of this constant reasonable?
  • Multiple noise sources: The Recommendation only allows using multiple noise sources if the noise sources are independent. Should the use of dependent noise sources also be allowed, and if so, how can we calculate an entropy assessment in this case?
  • Health Tests: What actions should be taken when health tests raise an alarm? The minimum allowed value of a type I error for health testing is selected as 2-50. Is this selection reasonable?

NIST SP 800-90C specifies constructions for creating random bit generators from entropy sources and DRBG mechanisms. A new draft of this document is now available for review and comment. The comment period on 90C ends June 13, 2016.

This workshop will discuss SP 800-90B and SP 800-90C, as well as their validation by NIST's validation programs.

Reference Documentation: Copies of NIST SP 800-90B and NIST SP 800-90C will not be available at the workshop. If you'd like to reference either document while at the workshop, please print a copy to bring along.

List of Accepted Papers



Agenda - (PDF version)
Subject to change



Monday, May 2, 2016

9:00 - 9:10

Opening Remarks

Welcome and workshop purpose, Matthew Scholl, NIST

9:10 - 10:30

Session I - Chair: Meltem Sonmez Turan

  1. High level overview of SP 800-90B, John Kelsey, NIST
  2. High level overview of SP 800-90C, Elaine Barker, NIST
10:30 - 11:00 Break (refreshments available for purchase in the cafeteria)

11:00 - 12:30

Session II - Chair: Elaine Barker

  1. Entropy Estimation for Non-IID Sources, Kerry McKay, NIST
  2. Conditioning Functions, John Kelsey, NIST
  3. IID Testing, Meltem Sonmez Turan, NIST
12:30 - 1:30 Lunch Break
1:30 - 2:30

Session III - Chair: Apostol Vassilev

  1. Entropy Estimation on the Basis of a Stochastic Model [Abstract], Werner Schindler, BSI Germany Presented by: Peter Birkner Estimating min-entropy for large output spaces
  2. Estimating min-entropy for large output spaces [Abstract], Darryl Buller, Aaron Kaufer, NSA
2:30 - 3:00 Break (refreshments available for purchase in the cafeteria)
3:00- 4:00

Session IV - Chair: Kerry McKay

  1. Entropy as a Service, Apostol Vassilev, NIST
  2. Canary Numbers Design for Light-weight Online Testability of True Random Number Generators [Abstract],  Vladimir Rozic, Bohan Yang, Nele Mentens and Ingrid Verbauwhede, COSIC


Tuesday, May 3, 2016

9:00 - 10:30

Session V - Chair: Vincent M. Boyle

  1. New approach for miniaturization of Quantum Random Number Generator [Abstract],  Jeong Woon Choi and Seung Hwan Kwak, SK Telecom, Korea
  2. Progress towards Quantum-based Random Number Generation using Entangled Photons [Abstract], Joshua C. Bienfang, Peter Bierhorst, Alan Mink and Stephen Jordan, Paulina Kuo, Scott Glancy, S. Nam, K. Shalm, M. Stevens, T. Gerrits, R. Mirin, V. Verma, A. Lita, C. Hodge, NIST
  3. Trust, and public entropy: a unicorn hunt [Abstract],  Arjen K. Lenstra and Benjamin Wesolowski, EPFL IC LACAL, Switzerland
10:30 - 11:00 Break (refreshments available for purchase in the cafeteria)
11:00 - 12:30

Session VI - Chair: Meltem Sonmez Turan

  1. Minimizing false negative and false positive errors on entropy health tests [Abstract],  Scott Fluhrer, Cisco Systems
  2. Sources of randomness in digital devices and their testability [Abstract],  Viktor Fischer, CNRS, France
  3. The impact of digitization on the entropy generation rates of physical sources of randomness [Abstract],  Joseph D. Hart, Thomas E. Murphy, and Rajarshi Roy, UMD
12:30 - 1:30 Lunch Break
1:30 - 3:30

Session VII - Chair: John Kelsey

Open Discussions


NIST is soliciting papers, presentations, and participation from any interested parties. Topics include, but are not limited to:

• Random number generation
• Entropy and noise sources
• Entropy estimation
• Conditioning components

Submissions must be provided electronically in PDF format. Please submit the following information to by March 31, 2016:

• Abstract of the paper or presentation
• Contact details of the authors, and
• (Optional) finished paper or presentation

Submission deadline: March 31, 2016
Notification: April 12, 2016
Presentations submitted by: April 27, 2016

Created January 20, 2016, Updated January 12, 2018