NIST Seeks Public Comments on the Use of Randomness to Protect Data

By Renee Dopplick, ACM Director of Public Policy
February 29, 2016

The National Institute of Standards and Technology (NIST) is seeking public comment on draft design principles and requirements for randomness in cryptography and security applications. Comments are due by May 9.

The 75-page Second Draft of Special Publication on the Recommendation for the Entropy Sources Used for Random Bit Generation (SP 800-90B) proposes validation processes and testing requirements to assess an entropy source’s performance.

“This draft document proposes a lot of tests that you can use to validate your entropy source to tell you how good a job it is doing,” says NIST’s Elaine Barker, one of the publication’s authors. “When you’re assessing your process for generating randomness, you want to make sure nothing is broken and that it is performing consistently. We would like the public’s input on ways we can improve these tests.”

Commentators are especially encouraged to provide feedback on several open issues, including:

  • Requirements for validation testing and post-processing functions
  • Entropy assessment when using a conditioning component
  • Multiple noise sources when sources are independent versus dependent
  • Health testing, including the Repetition Count test and the Adaptive Proportion test

Conformance testing for its implementation will be within the framework for the Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP).