Abstract
An elliptic curve random number generator (ECRNG) has been approved in a NIST standard and proposed for ANSI and SECG draft standards. This paper proves that, if three conjectures are true, then the ECRNG is secure. The three conjectures are hardness of the elliptic curve decisional Diffie-Hellman problem and the hardness of two newer problems, the x-logarithm problem and the truncated point problem. The x-logarithm problem is shown to be hard if the decisional Diffie-Hellman problem is hard, although the reduction is not tight. The truncated point problem is shown to be solvable when the minimum amount of bits allowed in NIST standards are truncated, thereby making it insecure for applications such as stream ciphers. Nevertheless, it is argued that for nonce and key generation this distinguishability is harmless.
Chapter PDF
Similar content being viewed by others
References
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing 13, 850–864 (1984)
Kaliski, B.S.: A pseudo-random bit generator based on elliptic logarithms. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 84–103. Springer, Heidelberg (1987)
Barker, E., Kelsey, J.: Recommendation for Random Number Generation Using Deterministic Random Bit Generators. National Institute of Standards and Technology (2006), http://csrc.nist.gov/CryptoToolkit/RNG/SP800-90_June2006.pdf
Johnson, D.B.: X9.82 part 3 number theoretic DRBGs. Presentation at NIST RNG Workshop (2004), http://csrc.nist.gov/CryptoToolkit/RNG/Workshop/NumberTheoreticDRBG.pdf
Barker, E.: ANSI X9.82: Part 3 —2006, Random Number Generation, Part 3: Deterministic Random Bit Generators. American National Standards Institute (2006), Draft. http://www.x9.org/
Standards for Efficient Cryptography Group: SEC 1: Elliptic Curve for Cryptography. Draft 1.7 edn. (2006), http://www.secg.org/
Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) Algorithmic Number Theory. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998), http://crypto.stanford.edu/~dabo/abstracts/DDH.html
Mahassni, E.E., Shparlinksi, I.: On the uniformity of distribution of congruential generators over elliptic curves. In: SETA 2001. International Conference on Sequences and Their Applications, pp. 257–264. Springer, Heidelberg (2002)
Gürel, N.: Extracting bits from coordinates of a point of an elliptic curve. ePrint 2005/324, IACR (2005), http://eprint.iacr.org/
Schoenmakers, B., Sidorenko, A.: Cryptanalysis of the dual elliptic curve pseudorandom generator. ePrint 2006/190, IACR (2006), http://eprint.iacr.org/
Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: FOCS 1997, pp. 458–467. IEEE Computer Society Press, Los Alamitos (1997), http://www.wisdom.weizmann.ac.il/~reingold/publications/GDH.PS
Farashahi, R.R., Schoenmakers, B., Sidorenko, A.: Efficient pseudorandom generators based on the DDH assumption. ePrint 2006/321, IACR (2006), http://eprint.iacr.org/
Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton University Press, Princeton, NJ (1996)
Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)
Smart, N.P.: A note on the x-coordinate of points on an elliptic curve in characteristic two. Information Processing Letters 80(5), 261–263 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brown, D.R.L., Gjøsteen, K. (2007). A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator. In: Menezes, A. (eds) Advances in Cryptology - CRYPTO 2007. CRYPTO 2007. Lecture Notes in Computer Science, vol 4622. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74143-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-74143-5_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74142-8
Online ISBN: 978-3-540-74143-5
eBook Packages: Computer ScienceComputer Science (R0)