ANSI X9.82-1 : 2006(R2013)
Current
The latest, up-to-date edition.
RANDOM NUMBER GENERATION - PART 1: OVERVIEW AND BASIC PRINCIPLES
26-07-2006
Foreword
Introduction
1 Scope
2 Conformance
3 Normative references
4 Terms and definitions
5 Symbols and Abbreviations
6 General Discussion
6.1 Overview of Document
6.2 The Need for Random Numbers
6.3 Examples of Cryptographic Use of Random Numbers
7 Overview of Random Bit Generators
7.1 Secure RBG
7.2 Idealized Coin Flipping - The Canonical RBG
7.2.1 Coin Flipping Preliminaries
7.2.2 Properties of Idealized Coin Flipping
7.2.3 Possible Problems with Actual Coin Flipping
7.2.4 von Neumann Unbiasing
7.3 Random Bit Generation Functional Model
7.3.1 Entropy Source
7.3.2 Algorithmic Processing
7.3.3 Interfacing with the RBG
7.4 Types of Random Bit Generators
7.4.1 Non-deterministic Random Bit Generator (NRBG)
7.4.2 Deterministic Random Bit Generator (DRBG)
7.4.3 The RBG Spectrum
7.4.4 Summary of an Approved RBG
8 Security Properties of a Random Bit Generator
8.1 General Discussion
8.2 Security Strengths
8.3 Entropy and Min-Entropy
8.4 Backtracking Resistance and Prediction Resistance
8.5 Indistinguishability Versus Unpredictability
8.6 Prediction Resistance and Backtracking Resistance
Considerations
8.7 Desired RBG Output Properties
8.8 Desired RBG Operational Properties
9 Converting Random Bits to/from Random Numbers
9.1 The Need for Conversion Routines
9.2 Converting Random Bits into a Random Number
9.2.1 The Simple Discard Method
9.2.2 The Complex Discard Method
9.2.3 The Simple Modular Method
9.2.4 The Complex Modular Method
9.3 Converting a Random Number into Random Bits
9.3.1 The No Skew (Variable Length Extraction) Method
9.3.2 The Negligible Skew (Fixed Length Extraction)
Method
Annex A (Informative) Security Considerations
A.1 Attack Model
A.2 RBG Security Analysis
A.3 Computationally-Indistinguishable Randomness Theorems
A.4 Min-Entropy as the Measure of Entropy
A.4.1 Why Shannon Entropy Is Not Appropriate
A.4.2 Why Guessing Entropy Is Not Appropriate
A.4.3 Min-Entropy Tutorial
Annex B (Informative) Bibliography
Defines techniques for the generation of random numbers that shall be used whenever ASC X9 Standards require the use of a random number or bitstring for cryptographic purposes.
Committee |
X9
|
DocumentType |
Standard
|
PublisherName |
American Bankers Association
|
Status |
Current
|
ANSI X9.98 : 2010(R2017) | FINANCIAL SERVICES - LATTICE-BASED POLYNOMIAL PUBLIC KEY ESTABLISHMENT ALGORITHM FOR THE FINANCIAL SERVICES INDUSTRY |
I.S. EN 62734:2015 | INDUSTRIAL NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - ISA 100.11A |
ANSI X9.44:2007 | FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY |
EN 62734:2015 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
10/30228327 DC : 0 | BS ISO/IEC 18031 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
IEEE 1609.2-2013 | IEEE Standard for Wireless Access in Vehicular Environments — Security Services for Applications and Management Messages |
BS ISO/IEC 18031 : 2011 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ANSI X9.119-1 : 2016 | RETAIL FINANCIAL SERVICES - REQUIREMENTS FOR PROTECTION OF SENSITIVE PAYMENT CARD DATA - PART 1: USING ENCRYPTION METHODS |
04/30040736 DC : DRAFT DEC 2004 | ISO/IEC 18031 - INFORMATION TECHNOLOGY - RANDOM NUMBER GENERATION |
CAN/CSA-ISO/IEC 18031:13 (R2017) | Information technology - Security techniques - Random bit generation (Adopted ISO/IEC 18031:2011, second edition, 2011-11-15) |
BS EN 62734:2015 | Industrial networks. Wireless communication network and communication profiles. ISA 100.11a |
CSA ISO/IEC 18031 : 2013 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
IEC 62734:2014 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
INCITS/ISO/IEC 18031 : 2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ANSI X9.82-4 : 2011(R2017) | RANDOM NUMBER GENERATION - PART 4: RANDOM BIT GENERATOR CONSTRUCTIONS |
ANSI X9.82-2 : 2015 | RANDOM NUMBER GENERATION - PART 2: ENTROPY SOURCES |
TS 119 312 : 1.2.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); CRYPTOGRAPHIC SUITES |
ANSI X9.82-3 : 2007(R2017) | RANDOM NUMBER GENERATION - PART 3: DETERMINISTIC RANDOM BIT GENERATORS |
ANSI X9.79-4 : 2013 | PUBLIC KEY INFRASTRUCTURE (PKI) - PART 4: ASYMMETRIC KEY MANAGEMENT |
ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
ANSI X9.80 : 2005(R2013) | PRIME NUMBER GENERATION, PRIMALITY TESTING, AND PRIMALITY CERTIFICATES |
FIPS PUB 140 : 0001 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
ANSI X9.82-2 : 2015 | RANDOM NUMBER GENERATION - PART 2: ENTROPY SOURCES |
ANSI X9.82-4 : 2011(R2017) | RANDOM NUMBER GENERATION - PART 4: RANDOM BIT GENERATOR CONSTRUCTIONS |
ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
ANSI X9.44:2007 | FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY |
ANSI X9.82-3 : 2007(R2017) | RANDOM NUMBER GENERATION - PART 3: DETERMINISTIC RANDOM BIT GENERATORS |
ANSI X9.63 : 2011 | FINANCIAL SERVICES - PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY, KEY AGREEMENT AND KEY TRANSPORT USING ELLIPTIC CURVE CRYPTOGRAPHY |
ANSI X9.30.2 : 1997 | PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1) |
ANSI X9.42 : 2003(R2013) | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY |
ANSI X9.31 : 1998 | DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.