TY - GEN
T1 - SP 800-22 and GM/T 0005-2012 Tests
T2 - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
AU - Saarinen, Markku Juhani O.
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - When it comes to cryptographic random number generation, poor understanding of the security requirements and 'mythical aura' of black-box statistical testing frequently leads it to be used as a substitute for cryptanalysis. To make things worse, a seemingly standard document, NIST SP 800-22, describes 15 statistical tests and suggests that they can be used to evaluate random and pseudorandom number generators in cryptographic applications. The Chi-nese standard GM/T 0005-2012 describes similar tests. These documents have not aged well. The weakest pseudorandom number generators will easily pass these tests, promoting false confidence in insecure systems. We strongly suggest that SP 800-22 be withdrawn by NIST; we consider it to be not just irrelevant but actively harmful. We illustrate this by discussing the 'reference generators' contained in the SP 800-22 document itself. None of these generators are suitable for modern cryptography, yet they pass the tests. For future development, we suggest focusing on stochastic modeling of entropy sources instead of model-free statistical tests. Random bit generators should also be reviewed for potential asymmetric backdoors via trapdoor one-way functions, and for security against quantum computing attacks.
AB - When it comes to cryptographic random number generation, poor understanding of the security requirements and 'mythical aura' of black-box statistical testing frequently leads it to be used as a substitute for cryptanalysis. To make things worse, a seemingly standard document, NIST SP 800-22, describes 15 statistical tests and suggests that they can be used to evaluate random and pseudorandom number generators in cryptographic applications. The Chi-nese standard GM/T 0005-2012 describes similar tests. These documents have not aged well. The weakest pseudorandom number generators will easily pass these tests, promoting false confidence in insecure systems. We strongly suggest that SP 800-22 be withdrawn by NIST; we consider it to be not just irrelevant but actively harmful. We illustrate this by discussing the 'reference generators' contained in the SP 800-22 document itself. None of these generators are suitable for modern cryptography, yet they pass the tests. For future development, we suggest focusing on stochastic modeling of entropy sources instead of model-free statistical tests. Random bit generators should also be reviewed for potential asymmetric backdoors via trapdoor one-way functions, and for security against quantum computing attacks.
KW - Entropy Sources
KW - GM/T 0005-2012
KW - SP 800-22
KW - Statistical Randomness Tests
KW - Stochastic Models
KW - TRNG
UR - http://www.scopus.com/inward/record.url?scp=85134163600&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW55150.2022.00011
DO - 10.1109/EuroSPW55150.2022.00011
M3 - Conference contribution
AN - SCOPUS:85134163600
T3 - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
SP - 31
EP - 37
BT - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
PB - IEEE
Y2 - 6 June 2022 through 10 June 2022
ER -