ESV, 90C and Me (N31c)
This talk examines the CPU Jitter Random Number Generator as an entropy source for cryptographic applications from a vendor perspective. The discussion begins with vendors questions about CPU jitter-based entropy generation and the background with key use cases including secure key generation for TLS/SSL protocols, initialization vectors for symmetric encryption, and seed values for pseudorandom number generators in embedded systems and IoT devices. The talk provides a walkthrough of the Entropy Source Validation (ESV) process as mandated by NIST SP 800-90B and the recently published NIST SP 800-90C from a CST lab perspective describing testing requirements and methods essential for FIPS 140-3 and Common Criteria submissions. Additionally, the talk explores Post-Quantum Cryptography (PQC) implications for entropy requirements as NIST finalizes standardized algorithms. This includes examining how lattice-based, hash-based, and code-based cryptographic schemes will impact entropy consumption patterns, the increased randomness requirements for larger key sizes, and the need for enhanced entropy source validation to support quantum-resistant cryptographic implementations. Special attention is given to ensuring CPU jitter-based entropy sources can meet the heightened security demands and performance requirements of post-quantum cryptographic systems.