Buller, D.
, Kaufer, A.
, Roginsky, A.
and Sonmez Turan, M.
(2023),
Discussion on the Full Entropy Assumption of the SP 800-90 Series, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8427, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936481
(Accessed April 23, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Discussion on the Full Entropy Assumption of the SP 800-90 Series
Published
Author(s)
Darryl Buller, Aaron Kaufer, ,
Abstract
The NIST SP 800-90 series [1][2][3] supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security strength of a random number generator depends on the unpredictability of its outputs. This unpredictability can be measured in terms of entropy, which the NIST SP 800-90 series measures using min-entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, the SP 800-90 series assumes that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2^-32}. This report provides a justification for the selection of this value of ε.Citation
NIST Interagency/Internal Report (NISTIR) - 8427
Report Number
8427
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
entropy, min-entropy, random number generation
Citation
Created April 14, 2023