Analysis and Improvement of Entropy Estimators in NIST SP 800-90B for Non-IID Entropy Sources
نویسندگان
چکیده
Random number generators (RNGs) are essential for cryptographic applications. In most practical applications, the randomness of RNGs is provided by entropy sources. If the randomness is less than the expected, the security of cryptographic applications could be undermined. Accurate entropy estimation is a critical method for the evaluation of RNG security, and significant overestimation and underestimation are both inadvisable. The NIST Special Publication 800-90B is one of the most common certifications for entropy estimation. It makes no assumption of the entropy source and provides min-entropy estimation results by a set of entropy estimators. It estimates the entropy sources in two tracks: the IID (independent and identically distributed) track and non-IID track. In practice, non-IID entropy sources are more common, as physical phenomenon, sampling process or external perturbation could cause the dependency of the outputs. In this paper, we prove that the Collision Estimate and the Compression Estimate in non-IID track could provide significant underestimates in theory. In order to accurately estimate the min-entropy of non-IID sources, we provide a formula of minentropy based on conditional probability, and propose a new estimator to approximate the result of this formula. Finally, we perform experiments to compare our estimator with the NIST estimators using simulated non-IID data. Results show that our estimator gives close estimates to the real min-entropy.
منابع مشابه
Comments Received on NIST SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation
متن کامل
Predictive Models for Min-entropy Estimation
Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then relies on the accuracy of the claimed amount of entropy provided by the source. If the entropy source provides less unpredictability than is expec...
متن کاملMinimizing false negative and false positive errors on entropy health tests
this paper gives an alternative model of continuous health tests that allows us to drastically reduce the error rates; that is, it allows us to better detect when a noise source has degraded to the point where it imperils security, while at the same time reducing the number of false alarms. The current NIST SP 800-90B draft proposes a model for an entropy source. In this model, there is a noise...
متن کاملSHANNON ENTROPY IN ORDER STATISTICS AND THEIR CONCOMITANS FROM BIVARIATE NORMAL DISTRIBUTION
In this paper, we derive rst some results on the Shannon entropyin order statistics and their concomitants arising from a sequence of f(Xi; Yi): i = 1; 2; :::g independent and identically distributed (iid) random variablesfrom the bivariate normal distribution and extend our results to a collectionC(X; Y ) = f(Xr1:n; Y[r1:n]); (Xr2:n; Y[r2:n]); :::; (Xrk:n; Y[rk:n])g of order sta-tistics and th...
متن کاملEntropy generation analysis of non-newtonian fluid in rotational flow
The entropy generation analysis of non-Newtonian fluid in rotational flow between two concentric cylinders is examined when the outer cylinder is fixed and the inner cylinder is revolved with a constant angular speed. The viscosity of non-Newtonian fluid is considered at the same time interdependent on temperature and shear rate. The Nahme law and Carreau equation are used to modeling dependenc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Trans. Symmetric Cryptol.
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017