Cryptographic Postprocessing Algorithms for Physical and Non-Physical RNGs (N30b)
Physical random number generators and non-physical true random number generators often apply cryptographic postprocessing algorithms. Cryptographic postprocessing algorithms may be costly in terms of execution time and space needed for their implementation but they also have undeniable benefits. They smear a possibly existing bias and short-term dependencies, and stateful cryptographic postprocessing algorithms provide an additional (computational) security anchor. By data compression the entropy per bit can be increased. This talk focuses on the quantification of the impact of cryptographic algorithms on the min entropy. Roughly speaking, there are two main scenarios:\na) The output bits of a physical RNG or a non-physical true RNG shall have large min entropy per bit (e.g., full entropy).\nb) The internal state of a deterministic RNG or of the cryptographic postprocessing algorithm of a true RNG is (re-)seeded.\nIn the second case, the bits of the internal state may not need to have large min entropy per bit if the internal state is large. This talk introduces the topic and explains how AIS 20/31 and SP 800-90 deal with these issues.