Predictive Models for Min-Entropy Estimation

Published: September 13, 2015


John M. Kelsey, Kerry A. McKay, Meltem Sonmez Turan


Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then relies on the accuracy of the claimed amount of entropy provided by the source. If the entropy source provides less unpredictability than is expected, the security of the cryptographic mechanisms is undermined, as in [5, 7, 10]. For this reason, correctly estimating the amount of entropy available from a source is critical. In this paper, we develop a set of tools for estimating entropy, based on mechanisms that attempt to predict the next sample in a sequence based on all previous samples. These mechanisms are called predictors. We develop a framework for using predictors to estimate entropy, and test them experimentally against both simulated and real noise sources. For comparison, we subject the entropy estimates defined in the August 2012 draft of NIST Special Publication 800-90B [4] to the same tests, and compare their performance.
Proceedings Title: Cryptographic Hardware and Embedded Systems -- CHES 2015
Volume: 9293
Conference Dates: September 13-16, 2015
Conference Location: Saint-Malo, -1
Conference Title: 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015)
Pub Type: Conferences


entropy estimation, min-entropy, random number generation
Created September 13, 2015, Updated November 10, 2018