[Cryptech Tech] FIPS 140-2 test program

[Stephan Mueller]

Am Dienstag, 15. Juli 2014, 09:32:42 schrieb Stephan Mueller:

Hi Stephan,

>Am Dienstag, 15. Juli 2014, 08:34:14 schrieb Joachim Strömbergson:
>
>Hi Joachim,
>
>>Aloha!
>>
>>Stephan Mueller wrote:
>>> This is no current FIPS 140-2 test suite for non-deterministic RNGs.
>>> The program is from 2001. If you are looking for a current entropy
>>> assessment discussion, have a look at SP800-90B and C.
>>> 
>>> But in any case, the ent tool gives you a "smoke" test indicator
>>> whether the statistics look good -- in particular the Chi-Square
>>> test. The dieharder test suite is a more comprehensive testset.
>>
>>The reason for posting about the tool is that it is the only open
>>implementation of FIPS 140-2 tests I have found to date. There are
>>several other tools to use, but there is also a general lack of good,
>>well maintained, open and easy to use tools (imho). I plan to build a
>>list of test suites and tools on the wiki. But if anybody have a list
>>or can build one instead it would be great.
>>
>>There are for example several instances in more or less dead state of
>>the Marsaglia diehard test. Then we have Dieharder that is a superset
>>of diehard and a few other sets.
>>
>>Ent as you say is fast and gives a smoke test.
>>
>>Haveged (the entropy source) contains a test that when we tested was
>>unable to detect a broken implementation.
>>
>>As you say, we have test specified in SP800-90, there are also
>>requirements in SP 800-21. Then there is FIPS 140-2, which is probably
>>the most often sited suites for HSMs and TRNGs. But finding real code
>>usable to test for FIPS 140-2 has at least for me been less then
>>satisfactory. Finally there is also tests and requirements in FIPS
>>186.
>For FIPS 140-2, there is no TRNG test suite any more. They had a test
>tool called sts, but I never managed to get it working.
>
>The German BSI has another set of statistical tests defined that need
>to be applied for entropy assessment. The tests are defined in
>AIS20/31 section 2.4.4.1. I have an implementation of these tests if
>you are interested.
>
>>Stepping away from NIST, SBI in germany has the AIS-31 tests for
>>physical based TRNGs as well as AIS-20 (if I remember correctly) for
>>testing CSPRNGs. Finally there are some ISO/IEC counterparts to FIPS
>>140-2, again if I remember correctly.
>>
>>A clarified list like this above and tools to allow Cryptech
>>implementers and users to test their implementations is one of the
>>most important things that we could produce (imho). Any contributions
>>in terms if text, links etc would be greatly appreciated.
>
>After I dealt extensively with the issue of entropy assessment (as
>outlined in [1]), I think the most extensive test is dieharder,
>followed by the Chi-Square test offered by ent. The least helpful test
>is the BSI test batch.

One followup: I am currently assessing my noise source with the Renyi 
Entropy of order 2. The calculation of the Renyi Entropy of order 2 
gives you the absolute statistical minimum entropy. Therefore, this 
calculation gives you the absolute minimum boundary for any entropy 
assessment.

If you are interested, I can share my test tool.
>
>[1] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html
>
>Ciao
>Stephan
>_______________________________________________
>Tech mailing list
>Tech at cryptech.is
>https://lists.cryptech.is/listinfo/tech


Ciao
Stephan