An Analysis of the NIST SP 800-90A Standard.

We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security--that its output is pseudorandom--using a hybrid game-based proof. ... That proof composes with an existing C compiler correctness proof to guarantee, end-to-end, that the machine language program gives strong pseudorandomness. ... The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the o cial policies or endorsements, either expressed or implied, of DARPA ...

doi:10.1145/3133956.3133974 dblp:conf/ccs/YeGSBPA17 fatcat:ob5xnocvrvc2vftmnv73bwrc3i

Multiple Versions

The observer has access to a sample, of a certain size, and based on it he will estimate the minimum value of the entropy, in the situations in which the variables resulting from the measurement process ... The critical element on which the security of information is based is the cryptographic key (usually a binary sequence). ... To restore confidence in encryption standards, NIST reopened the public analysis process for NIST SP 800-90A. ...

doi:10.1109/access.2020.2988658 fatcat:guqtdlqc7nch5fw56gyh2gbj6q

DOAJ

The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites ... Formalization of randomness bugs would help researchers and practitioners identify them and avoid security failures. ... They are subject to the requirements in NIST SP 800-90A [8] , NIST SP 800-90B [9] and NIST SP 800-90C [10] . ...

doi:10.1109/compsac.2018.00110 dblp:conf/compsac/BojanovaYB18 fatcat:6olrpubq3ngrnoaralnm5el4c4

This design is informed by lessons learned from earlier mainstream ISAs, recently introduced SP 800-90B and FIPS 140-3 entropy audit requirements, AIS 31 and Common Criteria, current and emerging cryptographic ... Many of the architectural choices are a result of quantitative observations about random number generators in secure microcontrollers, the Linux kernel, and cryptographic libraries. ... This work was supported in part by Innovate UK (R&D Project Ref.: 105747), and by EPSRC (Grant No.: EP/R012288/1, under the RISE programme.) ...

doi:10.1145/3411504.3421212 fatcat:w4ec6p3nkbcbbkjngtwbuzalga

NSA mathematicians remain steadfast in advocating secure international standards. Nevertheless, we are mindful that there has been considerable discussion regarding NIST publication SP 800-90A. ... Shortly thereafter, NIST negotiated with ANSI to use the ANSI Random Number Generation Standard as the basis for an NIST Random Number Generation Standard. ...

doi:10.1090/noti1213 fatcat:pcd7wookl5fu5nmrvnmees6xxq

Szczepanski

The countermeasures build upon previous work by improving mask generation, masking and hiding other components of the algorithm, and introducing a key refreshment scheme. ... In this study, software-based countermeasures against a side-channel cryptanalysis of the Rabbit stream cipher were developed using Moteiv's Tmote Sky, a popular wireless sensor mote based on the Berkeley ... SP 800-90A NIST SP 800-90A specifies the recommendation for random number generation using deterministic random bit generators (DRBGs) [14] . ...

doi:10.6109/jicce.2014.12.4.237 fatcat:vnp2iwln4fdozavudabzdx2vsq

In this paper, we explore and analyze the structure and functions of Random Number Generator (RNG) in Windows and Linux opreating systems. And compare the capabilities of their RNGs. ... It expected that this research would contribute to awareness of the quality and security of the random number generators implemented in Linux and Windows operating systems. ... more acceptable standards such as NIST 800-90A. ...

doi:10.5120/19847-1710 fatcat:ofmedstigbhxhos56gqo6mtlvi

surpassing the NIST 800-22a requirements. ... Targeting high-level cryptography systems complying with the NIST 800-22a requirements, the proposed algorithm significantly improves the Hamming weight (HW) and successfully passes the NIST criteria while ... From a cryptographical perspective, SP 800-90A, B, and C documents written by US NIST clearly describe how a TRNG should be operated and evaluated [19] [20] [21] . ...

doi:10.3390/electronics11111735 fatcat:rjwmaozmqrbpndfudhn7kdfccy

DOAJ

The application of transformations in a group of points of elliptic and hypereliptic curves is an important direction for the designing of cryptographically stable pseudo-random sequences generators. ... Pseudo-random number generator is an important mechanism for cryptographic information protection. ... DUAL ELLIPTIC CURVE DETERMINISTIC RANDOM BIT GENERATOR In 2012, the US National Institute of Standards and Technology (NIST) approved the NIST Special Publication 800-90A [19] . ...

doi:10.47839/ijc.20.4.2436 fatcat:his5ag4dizbt3hzu7cl65f5fhm

In the context of growing the adoption of advanced sensors and systems for active vehicle safety and driver assistance, an increasingly important issue is the security of the information exchanged between ... The IP-core has been validated thanks to the official NIST Statistical Test Suite, in order to evaluate the degree of randomness of the numbers generated in output. ... are collected in the NIST SP 800-90A Rev.1 pubblication [6] user is always able to run a command with an associated personalization string, which needs not to be secret but it contributes to the internal ...

doi:10.3390/s20071869 pmid:32230946 fatcat:h4y6e7vfunhmnkzjbwhyxktiwy

DOAJ

The obtained pseudorandom bits are tested with NIST statistical tests and it also could fulfill the up-to-date standards. ... Moreover, a 256 × 256 grayscale images are encrypted with the obtained pseudorandom bits following by necessary analysis of the cipher images for security prove. ... ACKNOWLEDGMENT The prepared work has been supported financially by Shaqra University, Saudi Arabia and Sohag University, Egypt. ...

arXiv:2002.09239v1 fatcat:aq5gd4bciffyhi5igk62vzloqi

Algorithms that rely on a pseudorandom number generator often lose their performance guarantees when adversaries can predict the behavior of the generator. ... Randen is an instantiation of Reverie, a recently published robust sponge-like random generator, with a new permutation built from an improved generalized Feistel structure with 16 branches. ... By contrast, NIST 800 90a requires prediction resistance even after the state is compromised [5] . ...

arXiv:1810.02227v1 fatcat:ocbjk47j6re4vgqwdvlo7nl46u

In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident. ... While Dual EC is known to be insecure against an attacker who can choose the elliptic curve parameters, Juniper had claimed in 2013 that ScreenOS included countermeasures against this type of attack. ... Stevens developed techniques for "counter-cryptanalysis" that he used to reconstruct the MD5 collision attack that the unknown authors of the Flame malware exploited against the Microsoft Terminal Server ...

doi:10.1145/2976749.2978395 dblp:conf/ccs/CheckowayMGFC0H16 fatcat:vgx7xgnjh5bnro5kryr6qbaqi4

Many years of research on the RC4 stream cipher proves it to be strong enough, but there are claims that its swap function is responsible for essential biases in the output. ... There are suggestions to discard some initial bytes from the key-stream, to get rid of this, before the actual encryption starts, though no optimum value has been defined. ... The publication SP 800-90A of NIST [19] contains specifications for cryptographically secured PRNGs (Pseudo-Random Number Generators), providing some methods based on hash functions, block cipher algorithms ...

doi:10.1007/s12046-019-1209-7 fatcat:yiiwam4b4zgenabqy45f7txy7y

as a service (for IoT devices), reducing the side channel threats on key management architecture, and providing two new means of secure communication to/from an untrusted chip. ... Second, it implements a mechanism by which the key sent for unlocking an obfuscated circuit changes after each activation (even for the same device), transforming the key into a dynamically changing license ... NIST standard SP 800-90B [12] dictates that continuous health testing must be performed on the TRNG. ...

arXiv:1909.00493v1 fatcat:naee66jm4rg6njwn2rgefgap2u

Verified Correctness and Security of mbedTLS HMAC-DRBG

Preserved Fulltext

Other Versions

Entropy And Randomness: From Analogic To Quantum World

Preserved Fulltext

Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)

Preserved Fulltext

Building a Modern TRNG

Preserved Fulltext

The Mathematics Community and the NSA: Encryption and the NSA Role in International Standards

Preserved Fulltext

Higher-Order Countermeasures against Side-Channel Cryptanalysis on Rabbit Stream Cipher

Preserved Fulltext

Windows and Linux Random Number Generation Process: A Comparative Analysis

Preserved Fulltext

Stochastic Cell- and Bit-Discard Technique to Improve Randomness of a TRNG

Preserved Fulltext

Elliptic Curve Pseudorandom Bit Generator with Maximum Period Sequences

Preserved Fulltext

Cryptographically Secure Pseudo-Random Number Generator IP-Core Based on SHA2 Algorithm

Preserved Fulltext

Random Bit Generator Mechanism Based on Elliptic Curves and Secure Hash Function [article]

Preserved Fulltext

Randen - fast backtracking-resistant random generator with AES+Feistel+Reverie [article]

Preserved Fulltext

A Systematic Analysis of the Juniper Dual EC Incident

Preserved Fulltext

An approach of refining RC4 with performance analysis on new variants

Preserved Fulltext

COMA: Communication and Obfuscation Management Architecture [article]

Preserved Fulltext