ISO IEC 20543:2019 pdf download

ISO IEC 20543:2019 pdf download.Information technology — Security techniques — Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408
1 Scope
This document specifies a methodology for the evaluation of non-deterministic or deterministic random bit generators intended to be used for cryptographic applications. The provisions given in this document enable the vendor of an RBG to submit well-defined claims of security to an evaluation authority and shall enable an evaluator or a tester, for instance a validation authority, to evaluate, test, certify or reject these claims. This document is implementation-agnostic. Hence, it offers no specific guidance on design and implementation decisions for random bit generators. However, design and implementation issues influence the evaluation of an RBG in this document, for instance because it requires the use of a stochastic model of the random source and because any such model is supported by technical arguments pertaining to the design of the device at hand. Random bit generators as evaluated in this document aim to output bit strings that appear evenly distributed. Depending on the distribution of random numbers required by the consuming application, however, it is worth noting that additional steps can be necessary (and can well be critical to security) for the consuming application to transform the random bit strings produced by the RBG into random numbers of a distribution suitable to the application requirements. Such subsequent transformations are outside the scope of evaluations performed in this document.
3? Terms? and? definitions
For the purposes of this document, the following terms and definitions apply.3.1 backward secrecy assurance that previous RBG output values cannot be determined from knowledge of current or subsequent output values 3.2 bit stream continuous output of bits from a device or mechanism [SOURCE: ISO/IEC 18031:2011, 3.4] 3.3 black box idealized mechanism that accepts inputs and produces outputs, but is designed such that an observer cannot see inside the box or determine exactly what is happening inside that box Note 1 to entry: This term can be contrasted with glass box (3.13). [SOURCE: ISO/IEC 18031:2011, 3.6] 3.4 conformance-tester tester individual assigned to perform test activities in accordance with a given conformance testing standard and associated testing methodology EXAMPLE An example of such a standard is ISO/IEC 19790 and the testing methodology specified in ISO/IEC 24759. [SOURCE: ISO/IEC 19896-1:2018, 3.2, modified — The term “tester” has been added as an admitted term.] 3.5 deterministic random bit generator DRBG random bit generator that produces a random-appearing sequence of bits by applying a deterministic algorithm to a suitably random initial value called a seed and, possibly, some secondary inputs Note 1 to entry: Non-deterministic sources can also form part of these secondary inputs. Note 2 to entry: The security of a deterministic random bit generator rests primarily on the strength of its cryptographic algorithms and on the randomness contained in the seed value. In a deterministic random bit generator that is suitable for cryptographic use, at least forward and backward secrecy shall be assured without invoking secondary inputs to the RBG or reseeding.”3.6 enhanced backward secrecy assurance that the knowledge of the current internal state of a random bit generator does not allow an adversary to derive with practical computational effort knowledge about previous output values Note 1 to entry: The notion of enhanced backward secrecy is trivial for memoryless RBGs. Therefore, it is only a useful notion for deterministic and hybrid RBGs, the security of which rests at least in part on cryptographic properties of the state transition function and the output generation function of the random bit generator. 3.7 enhanced forward secrecy assurance that knowing the current internal state of the random bit generator does not yield practically relevant constraints on subsequent (future) output values Note 1 to entry: Deterministic random bit generators are unable to achieve enhanced forward secrecy. Unlike forward and backward secrecy as well as enhanced backward secrecy, enhanced forward secrecy rests entirely on the ability of a continuous reseeding process to supply as much entropy as is required to make the prediction of future outputs infeasible.