Skip to main content
SpringerLink
Log in

Security Analysis of DRBG Using HMAC in NIST SP 800-90

  • Conference paper
Information Security Applications (WISA 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5379))

Included in the following conference series:

Abstract

HMAC_DRBG is a deterministic random bit generator using HMAC specified in NIST SP 800-90. The document claims that HMAC_DRBG is a pseudorandom bit generator if HMAC is a pseudorandom function. However, no proof is given in the document. This article provides a security analysis of HMAC_DRBG and confirms the claim.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute. Public key cryptography for the financial services industry: The elliptic curve digital signature algorithm (ECDSA). ANSI X9.62-1998 (1998)

    Google Scholar 

  2. American National Standards Institute. Digital signatures using reversible public key cryptography for the financial services industry (rDSA). ANSI X9.31-1998 (1998)

    Google Scholar 

  3. Barker, E., Kelsey, J.: Recommendation for random number generation using deterministic random bit generators (revised). NIST Special Publication 800-90 (2007)

    Google Scholar 

  4. Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006), http://eprint.iacr.org/

    Chapter  Google Scholar 

  5. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  6. Brown, D.R., Gjøsteen, K.: A security analysis of the NIST SP 800-90 elliptic curve random number generator. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 466–481. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Campagna, M.J.: Security bounds for the NIST codebook-based deterministic random bit generator. Cryptology ePrint Archive: Report 2006/379, http://eprint.iacr.org/

  8. Desai, A., Hevia, A., Yin, Y.L.: A practice-oriented treatment of pseudorandom number generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Kan, W.: Analysis of underlying assumptions in NIST DRBGs. Cryptology ePrint Archive: Report 2007/345, http://eprint.iacr.org/

  10. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic attacks on pseudorandom number generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. U.S. Department of Commerce/National Institute of Standards and Technology. Digital signature standard (DSS). Federal Information Processing Standards Publication 186-2 (+Change Notice) (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Engineering, University of Fukui, Japan

    Shoichi Hirose

Authors
  1. Shoichi Hirose
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Research Division, Electronics and Telecommunications Research Institute (ETRI), 161 Gajeong Dong, YuseongGu, 305-700, Daejeon, Korea

    Kyo-Il Chung

  2. The Attached Institute of Electronics and Telecommunications Research Institute (ETRI), 1 Yuseong-Post, 305-702, Daejeon, Korea

    Kiwook Sohn

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hirose, S. (2009). Security Analysis of DRBG Using HMAC in NIST SP 800-90. In: Chung, KI., Sohn, K., Yung, M. (eds) Information Security Applications. WISA 2008. Lecture Notes in Computer Science, vol 5379. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00306-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00306-6_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00305-9

  • Online ISBN: 978-3-642-00306-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation