An exploration of a DRBG based on the NIST 800-90 specification.
Note This repository is only for personal investigation into the DRBG space. It's just an experiment to see how close to the standard's psuedo code I can get. So things like naming might look awkward and strange. Please feel free to read and learn with me but don't use this in any production setting. I wouldn't.
I intend to implement the pseudo algorithms in such a way that they will be immediately recognisable to the reader of the code familiar with the standard. Basically I'm just curious as to how well pseudo code in standards translates to real code. A consequence is that the code should work. But I'm not fussed if it actually accomplishes the objectives of the standard.
The following is my interpretation of the architecture of the drbg mechanism as described in 800-90A r1.
- Arrows represent primary data flow.
- Light blue boxes represent mechanism functions.
- Light blue cylinders show mechanism storage.
800-90A r1 primarily covers the drbg mechanism itself. It does refer to the other two associated standards. This is the standard I'm most interested in.
800-90B concerns itself with the entropy source. I'm not too interested in this as implementations vary wildly.
800-90C public draft 3 details various crypto algorithms and details that could be used in random number generation. I'll probably just stick to something from 800-90A r1.
The following references are links to the standards followed by links to commentary on the standards that are useful for their comprehension.
- NIST 800-90A r1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
- NIST 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation
- NIST 800-90C public draft 3 Recommendation for Random Bit Generator (RBG) Constructions
- NIST 800-57 Part 1 Revision 5 Recommendation for Key Management: Part 1 – General
- Cryptographic Standards and Guidelines Examples with Intermediate Values: Random Number Generation
- NIST IR 8427 Discussion on the Full Entropy Assumption of the SP 800-90 Series
- An Analysis of the NIST SP 800-90A Standard
- A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator
- An interesting article on alternatives to DRBG.
- A great read on random number generation; Practical Cryptography for Developers: Pseudo-Random Numbers - Examples
- How all random number generators should be, IMHO