Saturday, September 24, 2022

Recommendation for Random Bit Generator Constructions: Third Public Draft of NIST SP 800-90C Available for Comment

 The National Institute of Standards and Technology (NIST) has released the third public draft of NIST Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions.

The NIST SP 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A specifies several deterministic random bit generator (DRBG) mechanisms based on cryptographic algorithms. SP 800-90B provides guidance for the development and validation of entropy sources. SP 800-90C specifies constructions for the implementation of random bit generators (RBGs) that include DRBG mechanisms as specified in SP 800-90A and that use entropy sources as specified in SP 800-90B.

This draft includes constructions for three classes of RBGs:

  • An RBG1 construction provides random bits from a device that is initialized from an external RBG.
  • An RBG2 construction includes an entropy source that is available on demand.
  • An RBG3 construction includes an entropy source that is continuously accessed to provide output with full entropy.

SP 800-90C includes a note to readers, guidance for accessing and handling the entropy sources in SP 800-90B, specifications for the initialization and use of the three RBG constructions that incorporate the DRBGs from SP 800-90A, and guidance on health testing and implementation validation using NIST's Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP) that is jointly operated by NIST and the Canadian Centre for Cyber Security (CCCS).

Note that an initial public draft of an associated document, NIST IR 8427, Discussion on the Full Entropy Assumption of the SP 800-90 Series, is also available for public comment.

The public comment period for NIST SP 800-90C is open through December 7, 2022. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

