Evaluating Entropy for True Random Number Generators: Efficient, Robust and Provably Secure

  • Maciej SkorskiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10143)


Estimating entropy of randomness sources is a task of critical importance in the context of true random number generators, as feeding cryptographic applications with insufficient entropy is a serious real-world security risk. The challenge is to maximize accuracy and confidence under certain data models and resources constraints.

In this paper we analyze the performance of a simple collision-counting estimator, under the assumption that source outputs are independent but their distribution can change due to adversarial influences.

For n samples and confidence \(1-\epsilon \) we achieve the following features
  1. (a)

    Efficiency: reads the stream in one-pass and uses constant memory (forward-only mode)

  2. (b)

    Accuracy: estimates the amount of extractable bits with a relative error \(O(n^{-\frac{1}{2}}\log (1/\epsilon ))\) per sample, when the source outputs are i.i.d.

  3. (c)

    Robustness: the same error when the source outputs are independent but the distribution changes up to \(t = O(n^{\frac{1}{2}})\) times during runtime


We demonstrate that the estimator is accurate enough to adjust post-processing components dynamically, estimating entropy on the fly instead investigating it off-line. Our work thus continues the line of research on “testable random number generators” (originated by Bucii and Luzzi at CHES’05) combining it with the robustness against source changes (originated by Barak et al. at CHES’03).


Online entropy estimators Testable random number generators True random number generators in changing environments 


  1. [Ash90]
    Ash, R.B.: Information Theory. Dover Publications, New York (1990)zbMATHGoogle Scholar
  2. [BKMS09]
    Bouda, J., Krhovjak, J., Matyas, V., Svenda, P.: Towards true random number generation in mobile environments. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 179–189. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04766-4_13 CrossRefGoogle Scholar
  3. [BL05]
    Bucci, M., Luzzi, R.: Design of testable random bit generators. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 147–156. Springer, Heidelberg (2005). doi: 10.1007/11545262_11 CrossRefGoogle Scholar
  4. [BS]
    Bedekar, N., Shee, C.: A novel approach to true random number generation in wearable computing environments using MEMS sensors. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 530–546. Springer, Cham (2015). doi: 10.1007/978-3-319-16745-9_29 Google Scholar
  5. [BST03]
    Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45238-6_14 CrossRefGoogle Scholar
  6. [Cac97]
    Cachin, C.: Smooth entropy and Rényi entropy. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 193–208. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_14 CrossRefGoogle Scholar
  7. [Che52]
    Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23(4), 493–507 (1952)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [dRHG+99]
    de Raadt, T., Hallqvist, N., Grabowski, A., Keromytis, A.D., Provos, N.: Cryptography in OpenBSD: an overview. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 1999, p. 33. USENIX Association, Berkeley (1999)Google Scholar
  9. [GPR06]
    Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 371–385. IEEE Computer Society, Washington, DC (2006)Google Scholar
  10. [Haa]
    Haahr, M.: homepage. Online; Accessed 01 Jul 2016
  11. [HILL99]
    Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  12. [Hol06]
    Holenstein, T.: Pseudorandom generators from one-way functions: a simple construction for any hardness. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 443–461. Springer, Heidelberg (2006). doi: 10.1007/11681878_23 CrossRefGoogle Scholar
  13. [JK99]
    Jun, B., Kocher, P.: The intel random number generator, white paper prepared for Intel corporation (1999)Google Scholar
  14. [KKHD14]
    Kaplan, D., Kedmi, S., Hay, R., Dayan, A.: Attacking the linux prng on android: weaknesses in seeding of entropic pools and low boot-time entropy. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014). USENIX Association, San Diego (2014)Google Scholar
  15. [LPR11]
    Lauradoux, C., Ponge, J., Röck, A.: Online Entropy Estimation for Non-Binary Sources and Applications on iPhone. Rapport de recherche, Inria, June 2011Google Scholar
  16. [LRSV12]
    Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited. Cryptology ePrint Archive, Report 2012/251 (2012).
  17. [Mau92]
    Maurer, U.: A universal statistical test for random bit generators. J. Cryptology 5, 89–105 (1992)MathSciNetzbMATHGoogle Scholar
  18. [RW05]
    Renner, R., Wolf, S.: Simple and tight bounds for information reconciliation and privacy amplification. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 199–216. Springer, Heidelberg (2005). doi: 10.1007/11593447_11 CrossRefGoogle Scholar
  19. [Sha48]
    Shannon, C.E.: A mathematical theory of communication. Bell Syst. Techn. J. 27 (1948)Google Scholar
  20. [Sha11]
    Shaltiel, R.: An introduction to randomness extractors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 21–41. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22012-8_2 CrossRefGoogle Scholar
  21. [Sko16]
    Skórski, M.: Evaluating entropy sources for true random number generators by collision counting. In: Batten, L., Li, G. (eds.) ATIS 2016. CCIS, vol. 651, pp. 69–80. Springer, Singapore (2016). doi: 10.1007/978-981-10-2741-3_6 CrossRefGoogle Scholar
  22. [Sun09]
    Sunar, B.: True random number generators for cryptography. In: Koç, Ç.K. (ed.) Cryptographic Engineering, pp. 55–73. Springer, US (2009) (English)Google Scholar
  23. [TBK+]
    Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.:Google Scholar
  24. [vN51]
    von Neumann, J.: Various techniques used in connection with random digits. J. Res. Nat. Bur. Stand. 12, 36–38 (1951)Google Scholar
  25. [VSH11]
    Voris, J., Saxena, N., Halevi, T.: Accelerometers and randomness: perfect together. In: WiSec 2011, pp. 115–126. ACM (2011)Google Scholar
  26. [Wal]
    Walker, J.: Hotbits homepage. Accessed 01 Jul 2016Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University of WarsawWarsawPoland

Personalised recommendations