CRYPTEREC Cryptography Research and Evaluation Committees
JAPANESE
About CRYPTREC
Organization of CRYPTREC
History of CRYPTREC
CRYPTREC Report
Technical Report
e-Government Recommended Ciphers List
Specifications of e-Government Recommended Ciphers
Guide to Related Organizations
TOPICS

On Random Bit Generation Algorithm Dual_EC_DRBG
Nov 6, 2013
The Ministry of Internal Affairs and Communications
The Ministry of Economy, Trade and Industry
National Institute of Information and Communications Technology
Information-technology Promotion Agency, Japan
National Institute of Standards and Technology (NIST) of USA published the following statement on September 2013, in response to the security concern on the random bit generation algorithm Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generation) included in NIST Special Publication (SP) 800-90/90A and ANS X9.82.
http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf

Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation: NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.

Re-issuing SP 800-90A as a draft for public comment: Effective immediately, NIST Special Publication 800-90A is being re-issued as a draft for public comment for a period ending November 6, 2013. Any concerns or recommendations for improvement regarding the Recommendation for Random Number Generation Using Deterministic Random Bit Generators are solicited
(http://csrc.nist.gov/publications/PubsDrafts.html). NIST will review, analyze, and adjudicate all comments received during this 60 day period.

Reopening the Public Comment Period for SP 800-90B and 800-90C: NIST is reopening the drafts of SP 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation, and SP 800-90C, Recommendation for Random Bit Generator (RBG) Constructions, for additional review, even though the documents have not been changed since their public review last year. The public comment period for these drafts will also close on November 6, 2013.

Dual_EC_DRBG is not included in neither the e-Government Ciphers List published in 2003 nor the CRYPTREC Ciphers List published in 2013. However, we will continue monitoring and provision of information on this matter.
If you have any opinion, comment, or inquiry about this topic, please contact us at the following address.

CRYPTREC Secretariat
E-mail :
About this Site Privacy Policy
If you have any comment or inquiry, send it to the following mail address.
Copyright (c) 2011 CRYPTREC.ALL Rights Reserved.