Analysis and Improvement of Entropy Estimators in NIST SP 800-90B for Non-IID Entropy Sources

  title={Analysis and Improvement of Entropy Estimators in NIST SP 800-90B for Non-IID Entropy Sources},
  author={Shuangyi Zhu and Yuan Ma and Tianyu Chen and Jingqiang Lin and Jiwu Jing},
  journal={IACR Trans. Symmetric Cryptol.},
Random number generators (RNGs) are essential for cryptographic applications. In most practical applications, the randomness of RNGs is provided by entropy sources. If the randomness is less than the expected, the security of cryptographic applications could be undermined. Accurate entropy estimation is a critical method for the evaluation of RNG security, and significant overestimation and underestimation are both inadvisable. The NIST Special Publication 800-90B is one of the most common… 

Figures and Tables from this paper

On the Analysis and Improvement of Min-Entropy Estimation on Time-Varying Data

The proposed entropy estimation framework adopting change detection techniques to address the problem of compromised RNGs employs a change detection method to preprocess the tested data and adds additional distribution features to each data sample, which makes it possible to learn the distribution changes and estimate the entropy more accurately.

High-Efficiency Min-Entropy Estimation Based on Neural Network for Random Number Generators

This work proposes several new and efficient approaches for min-entropy estimation by using neural network technologies and design a novel execution strategy for the proposed entropy estimation to make it applicable to the validation of both stationary and nonstationary sources.

Accelerated implementation for testing IID assumption of NIST SP 800-90B using GPU

A GPU-based parallel implementation of the most time-consuming part of the entropy estimation, namely the independent and identically distributed (IID) assumption testing process is proposed, and a scalable method that adjusts the optimal size of the global memory allocations depending on GPU capability and balances the workload between streaming multiprocessors is proposed.

On the Efficient Estimation of Min-Entropy

This paper proposes a min-entropy estimator based on Coron’s test that is computationally more efficient than the compression estimator while maintaining the estimation accuracy and a lightweight estimator that processes data samples in an online manner.

Neural Network Based Min-entropy Estimation for Random Number Generators

The concept of predictors is provided, which provides several suitable and efficient predictors based on neural networks for min-entropy estimation and the experimental results on various simulated source demonstrate that the proposed predictors have a comparable accuracy, and the execution efficiency has a significant improvement.

Entropy Estimation for ADC Sampling-Based True Random Number Generators

This paper presents an equivalent model to estimate the entropy of any single bit in the converted sample obtained by the ADC sampling, and proposes a method of the entropy estimation for the multi-bit ADC output, which provides the lower bound ofThe entropy.

Generalized LRS Estimator for Min-entropy Estimation

Two techniques to estimate the min-entropy of a non-IID source accurately are proposed and a generalized LRS estimator is proposed that effectively resolves the overestimation problem and provides stable min-Entropy estimates.

Analysis on Entropy Sources based on Smartphone Sensors

This paper aims to providing an analysis method for quantifying the entropy in the raw data captured by sensors embedded in smartphones, and studying the feasibility of generating random numbers from the data, and proposes a universal entropy estimation scheme for multivariate data.

Development of a Pseudo-Random Sequence Generation Function Based on the Cryptographic Algorithm "Kuznechik"

According to the analyzed characteristics, the enhanced generator and its ordinary version based on "Kuznechik" algorithm are comparable, but the proposed generation function has a higher security level.

Quantum Leap and Crash

This work presents the first published analysis of the Quantis family of QRNGs (excluding AIS-31 models), designed and manufactured by ID Quantique (IDQ), and highlights issues with current certification schemes, which largely rely on NIST SP800-22 and Diehard tests of randomness.



Predictive Models for Min-entropy Estimation

Random numbers are essential for cryptography and if the entropy source provides less unpredictability than is expected, the security of the cryptographic mechanisms is undermined, as in [5, 7, 10].


We convert a generic class of entropy tests from pass/fail to a measure of entropy. The conversion enables one to specify a fundamental design criterion: state the number of outputs from a noise

On the Security of Oscillator-Based Random Number Generators

A comprehensive statistical study of TRNGs based on the sampling of an oscillator subject to phase noise, which allows one to evaluate and control the main security parameters of such a random source, including its entropy rate and the biases of certain bit patterns.

Estimation of Entropy and Mutual Information

  • L. Paninski
  • Mathematics, Computer Science
    Neural Computation
  • 2003
An exact local expansion of the entropy function is used to prove almost sure consistency and central limit theorems for three of the most commonly used discretized information estimators, and leads to an estimator with some nice properties: the estimator comes equipped with rigorous bounds on the maximum error over all possible underlying probability distributions, and this maximum error turns out to be surprisingly small.

Analysis of the Linux random number generator

A description of the underlying algorithms and exposes several security vulnerabilities of the Linux random number generator are presented, and an attack on the forward security of the generator is shown which enables an adversary who exposes the state of the generators to compute previous states and outputs.

Cryptanalysis of the random number generator of the Windows operating system

The PseudoRandom Number Generator used by the Windows operating system is the most commonly used PRNG and the security of the algorithm is analyzed and a nontrivial attack is found, which can be used to predict all random values used by a process in all its past and future operations.

A universal statistical test for random bit generators

  • U. Maurer
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2004
A new statistical test for random bit generators is presented which can detect any significant deviation of a device's output statistics from the statistics of a truly random bit source when the device can be modeled as an ergodic stationary source with finite memory but arbitrary (unknown) state transition probabilities.

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys

A downgrade attack is discovered that forces usage of RC4 to encrypt the group key when transmitted in the 4-way handshake, and a new random number generator tailored for 802.11 platforms is proposed and studied.

Recommendation for the Entropy Sources Used for Random Bit Generation

This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of entropy sources. These entropy sources