NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

random number generation

The three primary goals were: (a) to develop a battery of statistical tests to detect non-randomness  in binary sequences constructed using random number generators and pseudo-random number generators utilized in cryptographic applications, (b) to produce documentation and a software implementation of these tests, and (c) to provide guidance in the use and application of these tests.

Description

Since 1997, the Random Number Generation Technical Working Group (RNG-TWG) has been working on developing a battery of statistical tests suitable in the evaluation of random number generators and pseudo-random number generators used in cryptographic applications. Currently, we are finalizing the documentation and software in preparation for public release. An excerpt from the document is provided below.

Summary

The need for random and pseudorandom numbers arises in many cryptographic applications. For example, common cryptosystems employ keys that must be generated in a random fashion. Many cryptographic protocols also require random or pseudorandom inputs at various points, e.g., for auxiliary quantities used in generating digital signatures, or for generating challenges in authentication protocols. NIST Special Publication 800-22 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, discusses some aspects of selecting and testing random and pseudorandom number generators.

Generators suitable for use in cryptographic applications may need to meet stronger requirements than for use in other applications. In particular, their outputs may need to be unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may be useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. However, no set of statistical tests can absolutely certify a generator as appropriate for usage in a particular application, i.e., statistical testing cannot serve as a substitute for cryptanalysis. The design and cryptanalysis of generators is outside the scope of this paper.