Date Published: September 7, 2022
Comments Due:
Email Questions to:
Author(s)
Darryl Buller (NSA), Aaron Kaufer (NSA), Allen Roginsky (NIST), Meltem Sönmez Turan (NIST)
Announcement
The NIST SP 800-90 series supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. The NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, the SP 800-90 series assumes that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. NIST IR 8427 provides a justification for the selection of ε.
NIST SP 800-90 series support the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, SP 800-90 series assume that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. This report provides a justification for the selection of ε. This is accomplished as follows. The report begins by defining full entropy in terms of a hypothetical distinguishing game. The report then derives two results following from this definition. First, it is shown how output satisfying this definition can be generated using a conditioning function acting on data having a known entropy level. Second, the actual entropy level of output produced by such a process is computed, thereby providing support for the selected value of ε.
NIST SP 800-90 series support the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. NIST SP 800-90 series uses min-entropy to measure...
See full abstract
NIST SP 800-90 series support the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, SP 800-90 series assume that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. This report provides a justification for the selection of ε. This is accomplished as follows. The report begins by defining full entropy in terms of a hypothetical distinguishing game. The report then derives two results following from this definition. First, it is shown how output satisfying this definition can be generated using a conditioning function acting on data having a known entropy level. Second, the actual entropy level of output produced by such a process is computed, thereby providing support for the selected value of ε.
Hide full abstract
Keywords
entropy; min-entropy; random number generation
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
