What NSA Had to Say About Truly Random Bit Generation

Return to Bar Coded Dice for Digital Entropy Collection.

The availability of good Non-deterministic Random Bit Generators (NRBG) for US government protection of its IT infrastructure is certainly a serious concern at NIST (National Institute of Standards and Technology) and NSA (National Security Agency). NIST calls upon NSA for some cryptology expertise, and upon the academic community and IT security vendors for a broader range of advice. For NRBG designs, this process culminated in a government-industry forum in 2004 during which an NSA expert gave a presentation ([1]).

The formal result of the NIST standards development effort for NRBG appears in the dicument SP800-90 ([2]), plus in the fact that no NRBG design obtained the NIST approved label to date ([3]). In a nutshell, the NRBG design standardization issue is still lacking a solution for the guardians of US government IT security infrastructure when it comes to cryptographic strength security levels.

Below are a few excerpts representative of the lessons learned by NIST and NSA and that the cryptographic community should understand and share.

On the basic need for truly random source for cryptographic systems:

On the causes that make the NRBG standardization difficult:

About solution elements:

(We omitted the relevance and role of statistical tests which were not seen of great interest in the presentation anyway.)

The two deterministic algorithms in the PUDEC scheme are simple candidates for "standardization as usual." They were structured and documented with inspiration from NIST SP800-90 document ([2]).

The PUDEC bar coded dice rests on an entropy source that is trivial to endorse, if the self-evident characteristics such as the risk of operator subversion are managed in the operational context.

Return to Bar Coded Dice for Digital Entropy Collection.

References

[1] Paul Timmel, Cryptology Office, Information Assurance Research Group, National Security Agency, "The Strategy Behind the Proposed Random Number Generation Standard", presentation made at a NIST workshop on random number generation, 19 July 2004, available at http://csrc.nist.gov/groups/ST/toolkit/documents/rng/RNGStrategy.pdf.

[2] Elaine Barker and John Kelsey, "Recommendation for Random Number Generation Using Deterministic Random Bit Generators", NIST Special Publication 800-90, Revised March 2007, U.S. Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory, Computer Security Division, available at http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf.

[3] Jean Campbell, Randall J. Easter, "Annex C: Approved Random Number Generators for FIPS PUB 140-2, Security Requirements for Cryptographic Modules", draft dated July 21 2009, U.S. Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory, Computer Security Division, available at http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf; the relevant excerpt is There are no FIPS Approved nondeterministic random number generators.

Return to Bar Coded Dice for Digital Entropy Collection.