A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator

  • Daniel R. L. Brown
  • Kristian Gjøsteen
Conference paper

DOI: 10.1007/978-3-540-74143-5_26

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4622)
Cite this paper as:
Brown D.R.L., Gjøsteen K. (2007) A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator. In: Menezes A. (eds) Advances in Cryptology - CRYPTO 2007. CRYPTO 2007. Lecture Notes in Computer Science, vol 4622. Springer, Berlin, Heidelberg


An elliptic curve random number generator (ECRNG) has been approved in a NIST standard and proposed for ANSI and SECG draft standards. This paper proves that, if three conjectures are true, then the ECRNG is secure. The three conjectures are hardness of the elliptic curve decisional Diffie-Hellman problem and the hardness of two newer problems, the x-logarithm problem and the truncated point problem. The x-logarithm problem is shown to be hard if the decisional Diffie-Hellman problem is hard, although the reduction is not tight. The truncated point problem is shown to be solvable when the minimum amount of bits allowed in NIST standards are truncated, thereby making it insecure for applications such as stream ciphers. Nevertheless, it is argued that for nonce and key generation this distinguishability is harmless.


Random Number Generation Elliptic Curve Cryptography 

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Daniel R. L. Brown
    • 1
  • Kristian Gjøsteen
    • 2
  1. 1.Certicom Research 
  2. 2.Department of Mathematical Sciences, Norwegian, University of Science and Technology, NO-7491 TrondheimNorway

Personalised recommendations