lrng icon indicating copy to clipboard operation
lrng copied to clipboard
Published 1 month ago verified publisher icon smuellerDD

Use NTRNG min entropy for AIS 20 / 31 version 3.0

Open bukka opened this issue 1 year ago • 2 comments

The current entropy is set for the draft value 220 which was changed in the version 3.0 (2024) to 240 bits.

I'm not sure if it makes sense to keep option for draft 220. I default to just change it to 240 as 220 was just in the draft. But if you think it makes sense to keep it, I can add this option.

bukka avatar Oct 30 '24 15:10 bukka

I should note that there is an extra requirement in 2024 version:

(NTG.1.6) The internal random numbers shall have statistical inconspicuousness.

I kind of assumed here that this should be also valid but not sure how can this be best validated.

bukka avatar Oct 30 '24 21:10 bukka

Am Mittwoch, 30. Oktober 2024, 16:59:46 Mitteleuropäische Normalzeit schrieb Jakub Zelenka:

Hi Jakub,

The current entropy is set for the draft value 220 which was changed in the version 3.0 (2024) to 240 bits.

Bummer - I am working closely with BSI especially on the topic of NTG.1 and the switch from 220 to 240 escaped me.

I'm not sure if it makes sense to keep option for draft 220. I default to just change it to 240 as 220 was just in the draft. But if you think it makes sense to keep it, I can add this option. You can view, comment on, or merge this pull request online at:

You are right, sticking to a draft makes no sense. 240 it is then.

Give me another one or two days before I can review the patch.

https://github.com/smuellerDD/lrng/pull/38

-- Commit Summary --

  • Use NTRNG min entropy for AIS 20 / 31 version 3.0

-- File Changes --

M Kconfig (12)
M lrng_definitions.h (2)
M lrng_es_mgr.c (5)

-- Patch Links --

https://github.com/smuellerDD/lrng/pull/38.patch https://github.com/smuellerDD/lrng/pull/38.diff

Ciao Stephan

smuellerDD avatar Oct 31 '24 10:10 smuellerDD

Am Mittwoch, 30. Oktober 2024, 22:55:45 Mitteleuropäische Normalzeit schrieb Jakub Zelenka:

Hi Jakub,

I should note that there is an extra requirement in 2024 version:

(NTG.1.6) The internal random numbers shall have statistical inconspicuousness. I kind of assumed here that this should be also valid but not sure how can this be best validated.

The use of the a DRBG along with a cryptographic hash for conditioning ensures that the internal random numbers of (a) the entropy source (noise source + conditioner) and the internal random numbers of the DRBG are still akin to a perfect random number generator. Thus, I think this requirement is addressed.

The only part that is not compliant to this random number is the input to the conditioner: the raw noise as it does not follow an IID pattern.

Ciao Stephan

smuellerDD avatar Nov 15 '24 07:11 smuellerDD

Applied, thanks

smuellerDD avatar Nov 15 '24 07:11 smuellerDD

Hi Stephan. Thanks I noticed that some of the changes were changed back later but possibly causing issues so created https://github.com/smuellerDD/lrng/pull/39

bukka avatar Nov 15 '24 14:11 bukka

Am Freitag, 15. November 2024, 15:54:08 Mitteleuropäische Normalzeit schrieb Jakub Zelenka:

Hi Jakub,

Hi Stephan. Thanks I noticed that some of the changes were changed back later but possibly causing issues so created https://github.com/smuellerDD/lrng/pull/39

Sorry, I messed up the patch to lrng_es_mgr.c - there was another patch to it pending which I accidentally interixed.

Thanks a lot for the updated patch.

Ciao Stephan

smuellerDD avatar Nov 15 '24 15:11 smuellerDD