PRNG design document?

Ralf-P. Weinmann weinmann at cdc.informatik.tu-darmstadt.de
Tue Sep 2 17:56:57 EDT 2003 

On Fri, Aug 29, 2003 at 03:43:40PM -0400, Tim Dierks wrote:
> [snip]
>
> Allow me to clarify my problem a little. I'm commonly engaged to review 
> source code for a security audit, some such programs include a random 
> number generator, many of which are of ad-hoc design. The nature of such 
> audits is that it's much more appealing to be able to say "here are three 
> accepted guidelines that your generator violates" rather than "I haven't 
> seen that before and I don't like it, you should replace it with something 
> else".
> 
> So I'm interested in such design guidelines, if they're available, which 
> such a generator could be tested against. While the resources provided have 
> been useful, it's only led me to where I was: that the only way to do so is 
> to attempt to analyze the system for vulnerability to a collection of known 
> flaws.
>
> [snip]

Hi Tim,

I think you should have a look at AIS 20 and AIS 31 - they are a little
bit formal and define their own terminology but otherwise seem to give sound
models.

Evaluation guidelines for both deterministic pseudo-random number generators
(AIS 20) and physical random number generators (AIS 31), have been published by
the BSI (Bundesamt fuer Sicherheit in der Informationstechnik - a German agency
responsible for giving recommendations regarding the security of IT in
government use).

AIS 31 (English): http://www.bsi.de/zertifiz/zert/interpr/trngk31e.pdf
AIS 20 (English): http://www.bsi.de/zertifiz/zert/interpr/ais20e.pdf

There's also a paper published in the CHES 2002 proceedings on the same
subject:

W. Schindler, W. Killmann: Evaluation Criteria for True (Physical) Random
Number Generators Used in Cryptographic Applications

URL: http://www.springerlink.com/openurl.asp?genre=article&issn=0302-9743&volume=2523&spage=431

Cheers,
Ralf

-- 
Ralf-P. Weinmann <weinmann at cdc.informatik.tu-darmstadt.de>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list