Cryptology ePrint Archive: Report 2015/600

Predictive Models for Min-Entropy Estimation

John Kelsey and Kerry A. McKay and Meltem Sonmez Turan

Abstract: Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then relies on the accuracy of the claimed amount of entropy provided by the source. If the entropy source provides less unpredictability than is expected, the security of the cryptographic mechanisms is undermined. For this reason, correctly estimating the amount of entropy available from a source is critical.

In this paper, we develop a set of tools for estimating entropy, based on mechanisms that attempt to predict the next sample in a sequence based on all previous samples. These mechanisms are called predictors. We develop a framework for using predictors to estimate entropy, and test them experimentally against both simulated and real noise sources. For comparison, we subject the entropy estimates defined in the August 2012 draft of NIST Special Publication 800-90B to the same tests, and compare their performance.

Category / Keywords: Entropy estimation, Min-entropy, Random number generation

Original Publication (in the same form): IACR-CHES-2015

Date: received 16 Jun 2015

Contact author: meltemsturan at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150621:165408 (All versions of this report)

Short URL: ia.cr/2015/600

Discussion forum: Show discussion | Start new discussion