Cryptography and security applications make extensive use of random numbers and random bits. However, constructing random bit generators and validating these generators are very challenging.
The SP 800 90 series provides guidelines and recommendations for generating random numbers for cryptographic use, and has three parts:
SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, specifies mechanisms for the generation of random bits using deterministic methods.
SP 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation, specifies the design principles and requirements for the entropy sources used by RBGs, and the tests for the validation of entropy sources.
SP 800-90C, Recommendation for Random Bit Generator (RBG) Constructions (3rd DRAFT), specifies constructions for the implementations of RBGs.
Comment Period Closed: December 7, 2022
NIST IR 8427, Discussion on the Full Entropy Assumption of the SP 800 90 Series, provides technical discussions to support the full entropy definition used in the SP 800 90 series.
The SP 800 90 series provides a basis for validation by NIST's Cryptographic Algorithm Validation Program (CAVP) and Cryptographic Module Validation Program (CMVP).
Additionally, SP 800-22, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, specifies a set of statistical tests for randomness.
NIST also hosts the NIST Randomness Beacon as a source of public randomness. The service includes multiple independent, commercially available sources of randomness. More information is available here: https://beacon.nist.gov/home)
Security and Privacy: random number generation