Paper 2019/078

Testing the Randomness of Cryptographic Function Mappings

Alan Kaminsky


A cryptographic function with a fixed-length output, such as a block cipher, hash function, or message authentication code (MAC), should behave as a random mapping. The mapping's randomness can be evaluated with statistical tests. Statistical test suites typically used to evaluate cryptographic functions, such as the NIST test suite, are not well-suited for testing fixed-output-length cryptographic functions. Also, these test suites employ a frequentist approach, making it difficult to obtain an overall evaluation of the mapping's randomness. This paper describes CryptoStat, a test suite that overcomes the aforementioned deficiencies. CryptoStat is specifically designed to test the mappings of fixed-output-length cryptographic functions, and CryptoStat employs a Bayesian approach that quite naturally yields an overall evaluation of the mappings' randomness. Results of applying CryptoStat to reduced-round and full-round versions of the AES block ciphers and the SHA-1 and SHA-2 hash functions are reported; the results are analyzed to determine the algorithms' randomness margins.

Available format(s)
Publication info
Preprint. MINOR revision.
Statistical testsBayesian model selectionAES block cipherSHA-1 hash functionSHA-2 hash function
Contact author(s)
ark @ cs rit edu
2019-01-28: received
Short URL
Creative Commons Attribution


      author = {Alan Kaminsky},
      title = {Testing the Randomness of Cryptographic Function Mappings},
      howpublished = {Cryptology ePrint Archive, Paper 2019/078},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.