Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-90B (DRAFT)

Recommendation for the Entropy Sources Used for Random Bit Generation

Date Published: January 2016
Comments Due: May 9, 2016 (public comment period is CLOSED)
Email Questions to: rbg_comments@nist.gov

Withdrawn: January 10, 2018

Author(s)

Meltem Sönmez Turan (NIST), Elaine Barker (NIST), John Kelsey (NIST), Kerry McKay (NIST), Mary Baish (NSA), Michael Boyle (NSA)

Announcement

NIST announces the second draft of Special Publication (SP) 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation. This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of entropy sources. These entropy sources are intended to be combined with Deterministic Random Bit Generator mechanisms that are specified in SP 800-90A to construct Random Bit Generators, as specified in SP 800-90C. NIST is planning to host a workshop on Random Number Generation to discuss the SP 800-90 series, specifically, SP 800-90B and SP 800-90C. More information about the workshop is available at: https://www.nist.gov/news-events/events/2016/05/random-bit-generation-workshop-2016.

The specific areas where comments are solicited on SP 800-90B are:

  • Post-processing functions (Section 3.2.2): We provided a list of approved post-processing functions. Is the selection of the functions appropriate?
  • Entropy assessment (Section 3.1.5): While estimating the entropy for entropy sources using a conditioning component, the values of n and q are multiplied by the constant 0.85. Is the selection of this constant reasonable?
  • Multiple noise sources: The Recommendation only allows using multiple noise sources if the noise sources are independent. Should the use of dependent noise sources also be allowed, and if so, how can we calculate an entropy assessment in this case?
  • Health Tests: What actions should be taken when health tests raise an alarm? The minimum allowed value of a type I error for health testing is selected as 2-50. Is this selection reasonable?

Abstract

Keywords

IID testing; min-entropy; noise source; predictors; Entropy source; conditioning functions; health testing;   random number generators
Control Families

System and Communications Protection;

Documentation

Publication:
Second Draft SP 800-90B (Jan. 2016)

Supplemental Material:
Comments received on Second Draft (Jan. 2016) (pdf)
Comment Template (xls)
NIST Press Release (other)

Other Parts of this Publication:
SP 800-90A Rev. 1

Related NIST Publications:
White Paper

Document History:
Draft SP 800-90B (1/27/16)
SP 800-90B (1/10/18)

Topics

Security and Privacy
random number generation