April 7-10, 2025 | Marriott Downtown at CF Toronto Eaton Centre, Canada

NIST SP800-90B certifiable software-based TRNG for Embedded Systems (E11a)

18 Sep 2024
11:00

NIST SP800-90B certifiable software-based TRNG for Embedded Systems (E11a)

Random number generators (RNGs) play a vital role in cryptography, facilitating key generation, digital signatures, and secure communications. The Hash Deterministic Random Bit Generator (Hash DRBG) stands out for its capability to generate predictable bit sequences from a cryptographic hash function and an initial random seed. While deterministic, Hash DRBG is engineered to be as unpredictable as possible, offering robust security based on the hash function’s hardness and the ability to reseed for maintaining unpredictability. Traditionally, hardware-based sources supplied the initial random seed, but now, NIST SP800-90B-compliant software-based seeds are also viable options. Software-based entropy generation presents several advantages over hardware-based sources, including cost-effectiveness, flexibility, and scalability. These solutions can leverage existing hardware, reducing costs, especially at scale, and are not bound to specific hardware, simplifying integration and maintenance across different systems. Moreover, software-based entropy can be easily scaled with the deployment of additional software instances, ideal for virtual environments or cloud infrastructures. It offers quicker deployment and remote update capabilities, mitigating physical tampering risks associated with hardware sources and ensuring compliance with standards like NIST SP800-90B. While generally less random than hardware sources due to its deterministic nature, software-based entropy is suitable for many high-security applications. The wolfEntropy library from the wolfSSL team exemplifies these advantages by deriving entropy from timing jitter variations, presenting a high-performance software entropy source, available since version 5.5.4.