SP 800-22 and GM/T 0005-2012 Tests: Clearly Obsolete, Possibly Harmful

Tutkimustuotos: KonferenssiartikkeliTieteellinenvertaisarvioitu

4 Sitaatiot (Scopus)

Abstrakti

When it comes to cryptographic random number generation, poor understanding of the security requirements and 'mythical aura' of black-box statistical testing frequently leads it to be used as a substitute for cryptanalysis. To make things worse, a seemingly standard document, NIST SP 800-22, describes 15 statistical tests and suggests that they can be used to evaluate random and pseudorandom number generators in cryptographic applications. The Chi-nese standard GM/T 0005-2012 describes similar tests. These documents have not aged well. The weakest pseudorandom number generators will easily pass these tests, promoting false confidence in insecure systems. We strongly suggest that SP 800-22 be withdrawn by NIST; we consider it to be not just irrelevant but actively harmful. We illustrate this by discussing the 'reference generators' contained in the SP 800-22 document itself. None of these generators are suitable for modern cryptography, yet they pass the tests. For future development, we suggest focusing on stochastic modeling of entropy sources instead of model-free statistical tests. Random bit generators should also be reviewed for potential asymmetric backdoors via trapdoor one-way functions, and for security against quantum computing attacks.

AlkuperäiskieliEnglanti
OtsikkoProceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
KustantajaIEEE
Sivut31-37
Sivumäärä7
ISBN (elektroninen)9781665495608
DOI - pysyväislinkit
TilaJulkaistu - 2022
Julkaistu ulkoisestiKyllä
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
Tapahtuma7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022 - Genoa, Italia
Kesto: 6 kesäk. 202210 kesäk. 2022

Julkaisusarja

NimiProceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022

Conference

Conference7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
Maa/AlueItalia
KaupunkiGenoa
Ajanjakso6/06/2210/06/22

!!ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Sormenjälki

Sukella tutkimusaiheisiin 'SP 800-22 and GM/T 0005-2012 Tests: Clearly Obsolete, Possibly Harmful'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä