Recommendation for Random Bit Generator Constructions: Third Public Draft of NIST SP 800-90C Available for Comment

 The National Institute of Standards and Technology (NIST) has
released the third public draft of NIST Special Publication (SP) 800-90C,
Recommendation for Random Bit Generator (RBG) Constructions.

The NIST SP 800-90 series of documents supports the generation of
high-quality random bits for cryptographic and non-cryptographic use. SP
800-90A specifies several deterministic random bit generator (DRBG) mechanisms
based on cryptographic algorithms. SP 800-90B provides guidance for the
development and validation of entropy sources. SP 800-90C specifies
constructions for the implementation of random bit generators (RBGs) that
include DRBG mechanisms as specified in SP 800-90A and that use entropy sources
as specified in SP 800-90B.

This draft includes constructions for three classes of RBGs:

  • An RBG1 construction provides
    random bits from a device that is initialized from an external RBG.
  • An RBG2 construction includes
    an entropy source that is available on demand.
  • An RBG3 construction includes
    an entropy source that is continuously accessed to provide output with
    full entropy.

SP 800-90C includes a note to readers, guidance for accessing and
handling the entropy sources in SP 800-90B, specifications for the
initialization and use of the three RBG constructions that incorporate the
DRBGs from SP 800-90A, and guidance on health testing and implementation
validation using NIST’s Cryptographic Algorithm Validation Program (CAVP) and
the Cryptographic Module Validation Program (CMVP) that is jointly operated by
NIST and the Canadian Centre for Cyber Security (CCCS).

Note that an initial public draft of an associated document, NIST
IR 8427, Discussion on the Full Entropy Assumption of the SP 800-90
Series
, is also available for public comment.

The public comment period for NIST SP 800-90C is open through
December 7, 2022.
See the publication
details
for a copy of the draft and instructions for submitting
comments.

NOTE: A call for patent claims is included on page iv of this
draft. For additional information, see the 
Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications
.

Read
More