Hi All,

NIST just released NIST IR 8427, Draft For Comment Discussion on the Full Entropy Assumption of the SP 800-90 Series

NIST SP 800-90 series support the generation of high-quality random bits for cryptographic and non-cryptographic use. The security of a random number generator depends on the unpredictability of its outputs, which can be measured in terms of entropy. NIST SP 800-90 series uses min-entropy to measure entropy. A full-entropy bitstring has an amount of entropy equal to its length. Full-entropy bitstrings are important for cryptographic applications, as these bitstrings have ideal randomness properties and may be used for any cryptographic purpose. Due to the difficulty of generating and testing full-entropy bitstrings, SP 800-90 series assume that a bitstring has full entropy if the amount of entropy per bit is at least 1 - ε, where ε is at most 2-32. This report provides a justification for the selection of ε. This is accomplished as follows. The report begins by defining full entropy in terms of a hypothetical distinguishing game. The report then derives two results following from this definition. First, it is shown how output satisfying this definition can be generated using a conditioning function acting on data having a known entropy level. Second, the actual entropy level of output produced by such a process is computed, thereby providing support for the selected value of ε.

Comments Due: October 31, 2022

Email Comments to:

[email protected]------------------------------

Michael Roza CPA, CISA, CIA, MBA, Exec MBA

------------------------------