ImageVerifierCode 换一换
格式:PDF , 页数:55 ,大小:306.34KB ,
资源ID:431357      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-431357.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ASC X9 X9.82-1-2006 Random Number Generation Part 1 Overview and Basic Principles.pdf)为本站会员(eventdump275)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ASC X9 X9.82-1-2006 Random Number Generation Part 1 Overview and Basic Principles.pdf

1、 American National Standard for Financial Services ANSI X9.82: Part 12006 Random Number Generation Part 1: Overview and Basic Principles Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: July 26, 2006 American National Standards Institute American National S

2、tandards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written permission of the Accredited Standards Committee X9, In

3、c. For additional information please contact ASC X9, Inc., 1212 West Street, Suite 200, Annapolis, Maryland 21401.ASC X9, Inc. 2006 All rights reserved (R2013)ANS X9.82, Part 1-2006 Contents Foreword. iv Introduction vi 1 Scope 1 2 Conformance 2 3 Normative references. 2 4 Terms and definitions 2 5

4、Symbols and Abbreviations 10 6 General Discussion 11 6.1 Overview of Document . 11 6.2 The Need for Random Numbers. 12 6.3 Examples of Cryptographic Use of Random Numbers 13 7 Overview of Random Bit Generators 15 7.1 Secure RBG . 15 7.2 Idealized Coin Flipping The Canonical RBG 15 7.2.1 Coin Flippin

5、g Preliminaries. 15 7.2.2 Properties of Idealized Coin Flipping . 15 7.2.3 Possible Problems with Actual Coin Flipping . 16 7.2.4 von Neumann Unbiasing . 17 7.3 Random Bit Generation Functional Model 17 7.3.1 Entropy Source. 19 7.3.2 Algorithmic Processing . 19 7.3.3 Interfacing with the RBG . 20 7.

6、4 Types of Random Bit Generators 20 7.4.1 Non-deterministic Random Bit Generator (NRBG) 21 7.4.2 Deterministic Random Bit Generator (DRBG) 21 7.4.3 The RBG Spectrum 22 7.4.4 Summary of an Approved RBG. 23 8 Security Properties of a Random Bit Generator 23 8.1 General Discussion. 23 8.2 Security Stre

7、ngths 23 8.3 Entropy and Min-Entropy . 24 8.4 Backtracking Resistance and Prediction Resistance 25 8.5 Indistinguishability Versus Unpredictability. 26 8.6 Prediction Resistance and Backtracking Resistance Considerations . 27 8.7 Desired RBG Output Properties. 28 8.8 Desired RBG Operational Properti

8、es. 29 ASC X9, Inc. 2006 All rights reservedii ANS X9.82, Part 1-2006 9 Converting Random Bits to/from Random Numbers 30 9.1 The Need for Conversion Routines . 30 9.2 Converting Random Bits into a Random Number 30 9.2.1 The Simple Discard Method 31 9.2.2 The Complex Discard Method. 31 9.2.3 The Simp

9、le Modular Method 32 9.2.4 The Complex Modular Method 32 9.3 Converting a Random Number into Random Bits 33 9.3.1 The No Skew (Variable Length Extraction) Method. 33 9.3.2 The Negligible Skew (Fixed Length Extraction) Method. 34 Annex A (Informative) Security Considerations 36 A.1 Attack Model . 36

10、A.2 RBG Security Analysis. 36 A.3 Computationally-Indistinguishable Randomness Theorems 37 A.4 Min-Entropy as the Measure of Entropy . 38 A.4.1 Why Shannon Entropy Is Not Appropriate 39 A.4.2 Why Guessing Entropy Is Not Appropriate . 40 A.4.3 Min-Entropy Tutorial 41 Annex B (Informative) Bibliograph

11、y . 43 Figures Figure 1: Random Bit Generation Functional Model 18 Figure 2: Sequence of DRGB States 26ASC X9, Inc. 2006 All rights reserved iiiANS X9.82, Part 1-2006 Foreword The Accredited Standards Committee on Financial Services (ANSI X9) has developed several cryptographic standards to protect

12、financial information. Many of these standards require the use of Random Number Generators to generate random and unpredictable cryptographic keys and other critical security parameters. This Standard, Random Number Generation, defines techniques for the generation of random numbers that are used wh

13、en other ASC standards require the use of random numbers for cryptographic purposes. While the techniques specified in this Standard are designed to generate random numbers, the Standard does not guarantee that a particular implementation is secure. It is the responsibility of the financial institut

14、ion to put an overall process in place with the necessary controls to ensure that the process is securely implemented. Furthermore, the controls should include the application with appropriate validation tests in order to verify compliance with this Standard. Approval of an American National Standar

15、d requires verification by ASC that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ASC Board of Standards Review, substantial agreement has been reached by directly and mater

16、ially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely vol

17、untary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards a

18、nd will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be add

19、ressed to the secretariat or sponsor whose name appears on the title page of this Standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdr

20、aw this Standard no later than five years from the date of approval. ASC X9, Inc. 2006 All rights reservediv ANS X9.82, Part 1-2006 Published by Accredited Standards Committee X9 Incorporated Financial Industry standards 1212 West Street, Suite 200 Annapolis, MD 21401 USA X9 Online http:/www.x9.org

21、Copyright 2004 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Published in the United States of America. ASC X9, Inc. 2006 All rights reserved vANS X9.82,

22、Part 1-2006 Introduction NOTE The users attention is called to the possibility that compliance with this Standard may require use of an invention covered by patent rights. By publication of this Standard, no position is taken with respect to the validity of this claim or of any patent rights in conn

23、ection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the standards developer. Suggestions for the

24、 improvement or revision of this Standard are welcome. They should be sent to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc., Financial Industry Standards, 1212 West Street, Suite 200, Annapolis, MD 21401 USA. This Standard was processed and approved for submittal to ANSI by t

25、he Accredited Standards Committee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval. The X9 committee had the following members: James Shaffer, X9 Chairman Vincent DeSantis, X9 Vice-Chairman Cynthia Fuller,

26、Executive Director Organization Represented RepresentativeACI Worldwide Jim Shaffer American Bankers Association C. Diane Poole American Express Company John Allen American Financial Services Association Mark Zalewski Bank of America Daniel Welch Capital One Scott Sykes Certicom Corporation Daniel B

27、rown Citigroup, Inc. Mike Halpern Clarke American Checks, Inc. John W. McCleary Deluxe Corporation John Fitzpatrick Diebold, Inc. R. David Nein Discover Financial Services Katie Howser Federal Reserve Bank Dexter Holt First Data Corporation Connie Spurgeon Fiserv Skip Smith FSTC, Financial Services

28、Technology Consortium Daniel Schutzer Hewlett Packard Larry Hines Hypercom Scott Spiker ASC X9, Inc. 2006 All rights reservedvi ANS X9.82, Part 1-2006 iStream Imaging Ken Biel IBM Corporation Todd Arnold Identrus Mack Hicks Ingenico John Spence Intuit, Inc. Jana Hocker J.P. Morgan Chase a set of rul

29、es that, if followed, will give a prescribed result. 4.2 Algorithmic Processing (AP) A major component of the RBG functional model that performs deterministic cryptographic, data formatting, and health check functions. 4.3 Approved An X9 Approved resource is one that is either: specified as (or with

30、in) a current X9 standard, or listed in the X9 Registry. 4.4 Backtracking Resistance The assurance that the pre-compromise output sequence from an RBG remains indistinguishable from an ideal random sequence even to an adversary who compromises the RBG in the future, up to the claimed security streng

31、th of the RBG. For example, an RBG that allowed an adversary to “backtrack“ from the current state to compute prior outputs would not provide backtracking resistance. The complementary assurance is called Prediction Resistance. 4.5 Basic NRBG A Basic NRBG relies only upon the Entropy Source, entropy

32、 conditioning function and health tests for its security. Contrast with an Enhanced NRBG, which also relies on a DRBG. 4.6 Biased A random bitstring or number is biased over a sample space if one bitstring (or a number) is more likely than another bitstring (or number) to be chosen. Contrast with un

33、biased. 4.7 Bitstring A bitstring is an ordered sequence of 0s and 1s. The left-most bit is the most significant bit in the string. The right-most bit is the least significant bit of the string. 4.8 Block Cipher A symmetric key cryptographic algorithm that transforms a block of information at a time

34、 using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block. ANS X9.82, Part 1-2006 3ANS X9.82, Part 1-2006 4.9 Conditioning A method for removing bias. 4.10 Consuming Application An application that uses random numbers or ran

35、dom bits obtained from an Approved random number generator. 4.11 Cryptographic Hash Function A (mathematical) function that maps values from a large (possibly very large) domain into a smaller range, which satisfies the following properties: 1. (One-way) It is computationally infeasible to find any

36、input that maps to any pre-specified output; 2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output. 4.12 Cryptographic Key (Key) A parameter that determines the operation of a cryptographic function, such as 1. The transformation from p

37、lain text to cipher text and/or vice versa, 2. The generation of keying material, 3. A digital signature computation or validation, 4. The agreement upon a shared secret. 4.13 Cryptographically-strong A mechanism is said to be cryptographically strong when it has an assessed strength against an atta

38、ck by an adversary that provides at least one ASC X9 Approved security strength. 4.14 Cycle A single complete execution of a periodically repeated phenomenon; a periodically repeated sequence of events. 4.15 Deterministic Algorithm An algorithm that, given the same inputs, always produces the same o

39、utputs. ANS X9.92, Part 1-2006 4 ANS X9.82, Part 1-2006 4.16 Deterministic Processing Processing that can be performed by one or more deterministic algorithms. 4.17 Deterministic Random Bit Generator (DRBG) An RBG that uses a deterministic algorithm to produce a pseudorandom sequence of bits from a

40、secret initial value called a seed, along with other possible inputs. A DRBG is also called a Pseudorandom Number (or Bit) Generator. 4.18 DRBG Boundary A conceptual boundary that is used to explain the operations of a DRBG and its interaction with and relation to other processes. 4.19 Digital Signa

41、ture A cryptographic transformation of data, which, when associated with a data unit, may provide the services of: (a) Origin authentication, (b) Data integrity, and (c) Signer non-repudiation. 4.20 Enhanced NRBG An Enhanced NRBG relies on the Entropy Source and an Approved DRBG for its security; co

42、ntrast with a Basic NRBG. 4.21 Entropy The entropy of a random variable X is a mathematical measure of the amount of information provided by an observation of X. As such, entropy is always relative to an observer and his or her knowledge prior to an observation. See min-entropy. 4.22 Entropy Assessm

43、ent Component The component of an Entropy Source that produces a conservative estimate of the amount of entropy present in Entropy Source outputs. 4.23 Entropy Input Process The input to an RBG of a string of bits that contains a certain amount of entropy; that is, the entropy input is digitized and

44、 is assessed. For an NRBG, this is obtained from an ANS X9.82, Part 1-2006 5ANS X9.82, Part 1-2006 Entropy Source. For a DRBG, this is included in the seed material, some of which is (ultimately) obtained from an Entropy Source. 4.24 Entropy Rate The rate of production of bits containing an assessed

45、 amount of entropy from an Entropy Source divided by the total number of bits produced. This will be a value between zero (no entropy) and one (full entropy). 4.25 Entropy Source A major component of the RBG functional model that contains a source of randomness such as thermal noise or hard drive se

46、ek times, along with digitization, entropy assessment, optional conditioning, and health tests. 4.26 Equivalent Process Two processes are equivalent if, when the same values are input to each process, the same output is produced. 4.27 Full entropy Each bit of a bitstring with full entropy is unpredi

47、ctable (with a uniform distribution) and independent of every other bit of that bitstring. 4.28 Hash Function A (mathematical) function that maps values from a large (possibly very large) domain into a smaller range. See the definition for a cryptographic hash function for a special type of hash fun

48、ction. 4.29 Health Tests The parts of an RBG that monitor the RBG components to ensure they are continuing to function properly. 4.30 Ideal (Binary) Random Sequence A sequence of binary random numbers from an idealized Entropy Source with two possible output values, such that each output is unpredic

49、table, unbiased and independent. 4.31 Implementation An implementation of an RBG is a cryptographic device or portion of a cryptographic device that is a physical embodiment of the RBG design, for example, some code running on a computing platform. ANS X9.92, Part 1-2006 6 ANS X9.82, Part 1-2006 4.32 Implementation Testing Testing to help ensure that an implementation of a standard conforms to the specifications of that standard. See Validation Testing for a specific type of Implementation Testing. 4.33 Initialization Vector (IV) A number used as a starting point for the c

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1