Standards related to:

GM/T 0103-2021GM/T 0103-2021

GM

CRYPTOGRAPHY INDUSTRY STANDARD

OF THE PEOPLE’S REPUBLIC OF CHINA

ICS 35.030

CCS L 80

General framework of random number generator

ISSUED ON: OCTOBER 18, 2021

IMPLEMENTED ON: MAY 01, 2022

Issued by: National Cryptography Administration

Table of Contents

Foreword ... 3

1 Scope ... 4

2 Normative references ... 4

3 Terms and definitions ... 4

4 Overall framework of random number generator design ... 6

4.1 Overview ... 6

4.2 Entropy... 7

4.3 Entropy evaluation ... 8

4.4 Post-processing ... 8

4.5 Testing ... 9

Appendix A (Informative) Standard system framework of random number generator10

References ... 12

General framework of random number generator

1 Scope

This document is an overall upper standard for random number generator design; it

specifies the overall framework for random number generator design.

This document is applicable to the research, development, and testing of random

number generators. It can also promote the formulation of relevant standards for

random number generators.

2 Normative references

The contents of the following documents constitute the essential provisions of this

document through normative references in the text. Among them, for dated references,

only the version corresponding to the date is applicable to this document; for undated

references, the latest version (including all amendments) is applicable to this document.

GB/T 25069 Information security technology - Glossary

GB/T 32915 Information security technology - Binary sequence randomness

detection method

GM/T 0062 Random number test requirements for cryptographic modules

GM/T 0078-2020 The design guidelines for cryptographic random number

generation module

GM/T 0105 Design guide for software-based random number generators

GM/Z 4001 Cryptographic terminology

3 Terms and definitions

The terms and definitions as defined in GB/T 25069, GB/T 32915, GM/T 0062, GM/T

0078, GM/T 0105, GM/Z 4001, as well as the following terms and definitions, apply to

this document.

3.1

Entropy source

A component, device, or event that produces an output. When this output is captured

and processed in some way, a bitstring containing an entropy is produced.

[Source: GB/T 25069-2010, 2.1.31]

3.2

Thermal noise

Typically unwanted, but inherently generated spurious electrical signals (also known

as "white noise") in components (such as operational amplifiers, reverse-biased

diodes, or resistors).

Note: Usually every effort is made to minimize this phenomenon. However, the

unpredictability of this phenomenon can be exploited as a source of entropy, in random

bitstream generation.

[Source: GB/T 25069-2010, 2.2.4.8]

3.3

Chaotic oscillation

The complex and disordered oscillation state of a nonlinear system.

Note: Rooted in the local instability of the system, it manifests as initial value sensitivity

and inherent randomness.

3.4

Phase jitter

Rapid, short-term, random fluctuations in wave phase, which is caused by temporal

instabilities.

3.5

Quantum random process

A random phenomenon/process, which has intrinsic quantum randomness.

Note: Its random nature is explained and guaranteed by the principle of quantum mechanics.

The quantum stochastic process, which is used to generate random numbers, generally

includes single-photon path selection, the number of photons contained in an optical pulse,

the time interval between adjacent photons, vacuum fluctuations, laser phase noise,

amplified spontaneous emission noise.

3.6

Random number generator

A device or program for generating random binary sequences.

[Source: GB/T 32915-2016, 2.2]

3.7

Software-based RNG

The random number generator component in the software cryptographic module (or

the software component of the hybrid cryptographic module), which can be used

either as the software cryptographic module alone, or as a part of the software

cryptographic module (or the software part of the hybrid cryptographic module).

[Source: GM/T 0105-2021, 3.13]

3.8

Raw random number sequence

A sequence of discrete random values obtained through digitizing the outputs of

entropy source.

3.9

Random number sequence

A sequence of numbers, in which each term cannot be inferred, given the knowledge

of the other terms.

[Source: GB/T 25069-2010, 2.2.2.184]

4 Overall framework of random number generator design

4.1 Overview

The random number generator's design framework is as shown in Figure 1. The random

number generator usually includes entropy source, post-processing, testing. In the

design stage, entropy evaluation is performed on the entropy source or random source

sequence, whilst in the product testing and use phase, the validity test or randomness

test is performed on the random source sequence or random number sequence.

characteristics of uncertain events in the real world, such as measuring thermal

noise level values, etc. The theoretical stochastic model of physical entropy is

clear and reasonable; the rationality of the claimed stochastic model can be

verified, through the collected sample data. The entropy of the physical entropy

source output shall be theoretically estimated, meanwhile the estimated value

must be greater than a certain threshold, to ensure that the output has enough

entropy.

b) Non-physical entropy sources refer to non-deterministic entropy sources, that do

not belong to physical entropy sources, such as collecting mouse or keyboard

actions, etc. The non-physical entropy source is provided by the operating

environment, where the random number generator is located (such as the

operating system, external devices), so certain precautions shall be taken, to

reduce the possibility of the adversary cracking the non-physical entropy source

(such as the predicted output). The sufficiency and stability of the entropy output

by the non-physical entropy source can be demonstrated, by modeling or

experiments.

The entropy source is the source of the random number, which is generated by the

random number generator. When the entropy source fails, it needs to be quickly

detected by the random number generator, meanwhile corresponding processing shall

be done according to the testing output, such as generating an alarm signal.

4.3 Entropy evaluation

The entropy evaluation predicts and evaluates the random source sequence, through

theoretical modeling analysis, statistical testing and other methods, to obtain the

entropy estimate.

According to the different design principles of entropy sources, select the applicable

entropy evaluation method. The entropy evaluation method shall be reasonable and

effective; the estimated value shall be greater than a certain threshold, such as 0.997.

Entropy evaluation may not be implemented, inside the random number generator.

4.4 Post-processing

The post-processing module processes the random source sequence; generates a

random number sequence, that meets the statistical testing, through a post-processing

algorithm. The post-processing module is optional; in practice, it shall be decided to

select it or not, according to the statistical characteristics of the random source sequence.

There are many post-processing algorithms, such as cryptographic function post-

processing method based on block ciphers, hash functions, m-sequences, etc., as well

as the light post-processing method such as Von Neumann corrector, XOR chain, parity

grouping, m-LSB, etc. The design can be carried out, according to the characteristics of

...