{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T15:37:26Z","timestamp":1777390646611,"version":"3.51.4"},"reference-count":27,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T00:00:00Z","timestamp":1738195200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T00:00:00Z","timestamp":1738195200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004175","name":"Middle East Technical University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004175","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cryptogr. Commun."],"published-print":{"date-parts":[[2026,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Random numbers play a crucial role in cryptography since the security of cryptographic protocols relies on the assumption of the availability of uniformly distributed and unpredictable random numbers to generate secret keys, nonce, salt, etc. However, real-world random number generators sometimes fail and produce outputs with low entropy, leading to security vulnerabilities. The NIST Special Publication (SP) 800-90 series provides guidelines and recommendations for generating random numbers for cryptographic applications and describes 10 black-box entropy estimation methods. This paper evaluates the effectiveness and limitations of the SP 800-90 methods by exploring the accuracy of these estimators using simulated random numbers with known entropy, investigating the correlation between entropy estimates, and studying the impacts of deterministic transformations on the estimators.<\/jats:p>","DOI":"10.1007\/s12095-025-00778-7","type":"journal-article","created":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T01:15:16Z","timestamp":1738199716000},"page":"63-81","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Observations on NIST SP 800-90B entropy estimators"],"prefix":"10.1007","volume":"18","author":[{"given":"Melis","family":"Aslan","sequence":"first","affiliation":[]},{"given":"Ali","family":"Do\u011fanaksoy","sequence":"additional","affiliation":[]},{"given":"Z\u00fclf\u00fckar","family":"Sayg\u0131","sequence":"additional","affiliation":[]},{"given":"Meltem","family":"S\u00f6nmez Turan","sequence":"additional","affiliation":[]},{"given":"Fatih","family":"Sulak","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,30]]},"reference":[{"key":"778_CR1","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your ps and qs: detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Conference on Security Symposium. Security\u201912, p. 35. USENIX Association, USA (2012)"},{"key":"778_CR2","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-642-42045-0_18","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"DJ Bernstein","year":"2013","unstructured":"Bernstein, D.J., Chang, Y., Cheng, C., Chou, L., Heninger, N., Lange, T., Someren, N.: Factoring rsa keys from certified smart cards: Coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology - ASIACRYPT 2013, pp. 341\u2013360. Springer, Berlin, Heidelberg (2013)"},{"key":"778_CR3","doi-asserted-by":"publisher","unstructured":"Barker, E.B., Kelsey, J.M.: SP 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators. Technical report, National Institute of Standards and Technology (June 2015). https:\/\/doi.org\/10.6028\/NIST.SP.800-90Ar1","DOI":"10.6028\/NIST.SP.800-90Ar1"},{"key":"778_CR4","doi-asserted-by":"publisher","unstructured":"S\u00f6nmez\u00a0Turan, M., Barker, E.B., Kelsey, J.M., McKay, K.A., Baish, M.L., Boyle, M.: SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation. Technical report, National Institute of Standards and Technology (January 2018https:\/\/doi.org\/10.6028\/NIST.SP.800-90B","DOI":"10.6028\/NIST.SP.800-90B"},{"key":"778_CR5","doi-asserted-by":"publisher","unstructured":"Barker, E.B., Kelsey, J.M., McKay, K.A., Roginsky, A., S\u00f6nmez\u00a0Turan, M.: SP 800 90C Recommendation for Random Bit Generator (RBG) Constructions (3rd Draft). Technical report, National Institute of Standards and Technology (September 2022https:\/\/doi.org\/10.6028\/NIST.SP.800-90C.3pd","DOI":"10.6028\/NIST.SP.800-90C.3pd"},{"key":"778_CR6","doi-asserted-by":"publisher","unstructured":"Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, N., Dray, J., Vo, S., Bassham, L.: SP 800-22 Rev. 1a A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical report, National Institute of Standards and Technology (2010). https:\/\/doi.org\/10.6028\/NIST.SP.800-22r1a","DOI":"10.6028\/NIST.SP.800-22r1a"},{"key":"778_CR7","unstructured":"ISO Central Secretary: ISO\/IEC 19790:2012 Information technology \u2013 Security techniques \u2013 Security requirements for cryptographic modules. Standard ISO\/IEC 19790:2012, International Organization for Standardization, Geneva, CH (2012). https:\/\/www.iso.org\/standard\/52906.html"},{"key":"778_CR8","unstructured":"ISO Central Secretary: ISO\/IEC 15408-1:2009 Information technology \u2013 Security techniques \u2013 Evaluation criteria for IT security \u2013 Part 1: Introduction and general model. Standard ISO\/IEC 15408-1:2009, International Organization for Standardization, Geneva, CH (2015). https:\/\/www.iso.org\/standard\/50341.html"},{"key":"778_CR9","unstructured":"ISO Central Secretary: ISO\/IEC 18031:2011 Information technology \u2013 Security techniques \u2013 Random bit generation. Standard ISO\/IEC 18031:2011, International Organization for Standardization, Geneva, CH (2011). https:\/\/www.iso.org\/standard\/54945.html"},{"key":"778_CR10","unstructured":"ISO Central Secretary: Information technology \u2013 Security techniques \u2013 Test and analysis methods for random bit generators within ISO\/IEC 19790 and ISO\/IEC 15408. Standard ISO\/IEC 20543:2019, International Organization for Standardization, Geneva, CH (2019). https:\/\/www.iso.org\/standard\/68296.html"},{"key":"778_CR11","unstructured":"AIS 20: Funktionalit\u00e4tsklassen und Evaluationsmethodologie f\u00fcr deterministische Zufallszahlengeneratoren (Version 3). Report, Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI) (May 2013). https:\/\/www.bsi.bund.de\/dok\/6618284"},{"key":"778_CR12","unstructured":"AIS 31: Funktionalit\u00e4tsklassen und Evaluationsmethodologie f\u00fcr physikalische Zufallszahlengeneratoren (Version 3). Report, Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI) (May 2013). https:\/\/www.bsi.bund.de\/dok\/6618252"},{"key":"778_CR13","unstructured":"Peter, M., Schindler, W.: A Proposal for Functionality Classes for Random Number Generators (Version 2.35, DRAFT) . Report, Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI) (September 2022). https:\/\/www.bsi.bund.de\/dok\/ais-20-31-appx-2022"},{"key":"778_CR14","doi-asserted-by":"crossref","unstructured":"L\u2019Ecuyer, P., Simard, R.: Testu01: A C library for empirical testing of random number generators (2007)","DOI":"10.1145\/1268776.1268777"},{"key":"778_CR15","unstructured":"Marsaglia., G.: The marsaglia random number cdrom including the diehard battery of tests of randomness (1996)"},{"key":"778_CR16","unstructured":"Brown, R.G.: Dieharder: A random number test suite (2013)"},{"key":"778_CR17","doi-asserted-by":"crossref","unstructured":"Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, M.L.S., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudo random number generators for cryptographic applications (2001)","DOI":"10.6028\/NIST.SP.800-22"},{"issue":"3","key":"778_CR18","doi-asserted-by":"publisher","first-page":"151","DOI":"10.46586\/tosc.v2017.i3.151-168","volume":"2017","author":"S Zhu","year":"2017","unstructured":"Zhu, S., Ma, Y., Chen, T., Lin, J.: JiwuJing: Analysis and improvement of entropy estimatorsin nist sp 800\u201390b for non-iid entropysources. IACR Transactions on Symmetric Cryptology. 2017(3), 151\u2013168 (2017)","journal-title":"IACR Transactions on Symmetric Cryptology."},{"key":"778_CR19","doi-asserted-by":"publisher","first-page":"3013","DOI":"10.1109\/TIFS.2021.3070424","volume":"16","author":"Y Kim","year":"2021","unstructured":"Kim, Y., Guyot, C., Kim, Y.: On the efficient estimation of min-entropy. IEEE Trans. Inf. Forensics Secur. 16, 3013\u20133025 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"778_CR20","unstructured":"Hill, J.E.: SP 800-90B Refinements: Validation Process, Estimator Confidence Intervals, and Assessment Stability. ICMC (2020)"},{"key":"778_CR21","unstructured":"Turan, M.S., Doganaksoy, A., Boztas, S.: On independence and sensitivity of statistical randomness tests. In International Conference on Sequences and Their Applications (SETA). (2008)"},{"key":"778_CR22","unstructured":"Pearson, K., National\u00a0Eugenics, G.L.: \u201cNote on Regression and Inheritance in the Case of Two Parents\u201d. Proceedings of the Royal Society. Royal Society, (1895). https:\/\/books.google.com\/books?id=xst6GwAACAAJ"},{"key":"778_CR23","doi-asserted-by":"publisher","first-page":"88","DOI":"10.2307\/1412159","volume":"15","author":"C Spearman","year":"1904","unstructured":"Spearman, C.: The proof and measurement of association between two things. Am. J. Psychol. 15, 88\u2013103 (1904)","journal-title":"Am. J. Psychol."},{"issue":"1","key":"778_CR24","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1111\/j.2517-6161.1995.tb02031.x","volume":"57","author":"Y Benjamini","year":"1995","unstructured":"Benjamini, Y., Hochberg, Y.: Controlling the false discovery rate: a practical and powerful approach to multiple testing. J. Roy. Stat. Soc.: Ser. B (Methodol.) 57(1), 289\u2013300 (1995)","journal-title":"J. Roy. Stat. Soc.: Ser. B (Methodol.)"},{"key":"778_CR25","unstructured":"Dworkin, M., Mouha, N., Turan, M.S.: Advanced Encryption Standard (AES). Federal Inf. Process. Stds. (NIST FIPS) 197, National Institute of Standards and Technology, Gaithersburg, MD. (2001 (updated 2023))"},{"key":"778_CR26","doi-asserted-by":"publisher","first-page":"3305","DOI":"10.1109\/TIFS.2023.3280745","volume":"18","author":"J Woo","year":"2023","unstructured":"Woo, J., Yoo, C., Kim, Y., Cassuto, Y., Kim, Y.: Generalized lrs estimator for min-entropy estimation. IEEE Trans. Inf. Forensics Secur. 18, 3305\u20133317 (2023). https:\/\/doi.org\/10.1109\/TIFS.2023.3280745","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"778_CR27","unstructured":"Kelsey, J., McKay, K.A., Turan, M.S.: Predictive models for min-entropy estimation. Cryptology ePrint Archive. Report 2015\/600 (2015). Accessed: 2025-01-11"}],"updated-by":[{"DOI":"10.1007\/s12095-025-00789-4","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T00:00:00Z","timestamp":1743724800000}}],"container-title":["Cryptography and Communications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12095-025-00778-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12095-025-00778-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12095-025-00778-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T09:20:10Z","timestamp":1772011210000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12095-025-00778-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,30]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1]]}},"alternative-id":["778"],"URL":"https:\/\/doi.org\/10.1007\/s12095-025-00778-7","relation":{},"ISSN":["1936-2447","1936-2455"],"issn-type":[{"value":"1936-2447","type":"print"},{"value":"1936-2455","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,30]]},"assertion":[{"value":"29 September 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 January 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 January 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 March 2025","order":5,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Update","order":6,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The original online version of this article was revised: The authors discovers that Table 5 has errors and should be replaced.","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 April 2025","order":8,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":9,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":10,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s12095-025-00789-4","URL":"https:\/\/doi.org\/10.1007\/s12095-025-00789-4","order":11,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}