U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8427 (Draft)

Discussion on the Full Entropy Assumption of the SP 800-90 Series

Date Published: September 7, 2022
Comments Due: October 31, 2022 (public comment period is CLOSED)
Email Questions to: rbg_comments@nist.gov

Author(s)

Darryl Buller (NSA), Aaron Kaufer (NSA), Allen Roginsky (NIST), Meltem Sönmez Turan (NIST)

Announcement

The NIST SP 800-90 series supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. The NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, the SP 800-90 series assumes that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. NIST IR 8427 provides a justification for the selection of ε.

Abstract

Keywords

entropy; min-entropy; random number generation
Control Families

None selected

Documentation

Publication:
NISTIR 8427 (Draft) (DOI)
Local Download

Supplemental Material:
Comments received (pdf)

Related NIST Publications:
SP 800-90C (Draft)

Document History:
09/07/22: NISTIR 8427 (Draft)
04/14/23: NISTIR 8427 (Final)

Topics

Security and Privacy
random number generation

Applications
mathematics