=Paper=
{{Paper
|id=Vol-3925/short01
|storemode=property
|title=Balancing security and efficiency in deterministic random bit generators for post-quantum cryptography (short paper)
|pdfUrl=https://ceur-ws.org/Vol-3925/short01.pdf
|volume=Vol-3925
|authors=Maksim Iavich,Sergiy Gnatyuk,Tamari Kuchukhidze,Giorgi Iashvili
|dblpUrl=https://dblp.org/rec/conf/cmigin/IavichGKI24
}}
==Balancing security and efficiency in deterministic random bit generators for post-quantum cryptography (short paper)==
https://ceur-ws.org/Vol-3925/short01.pdf
Balancing security and efficiency in deterministic
random bit generators for post-quantum cryptography
Maksim Iavich1,†, Sergiy Gnatyuk2,3,∗,†, Tamari Kuchukhidze1,† and Giorgi Iashvili1,†
1
Caucasus University, Paata Saakadze Str., 1, Tbilisi, 0102, Georgia
2
National Aviation University, Liubomyra Huzara Ave., 1, Kyiv, 03058, Ukraine
3
State Scientific and Research Institute of Cybersecurity Technologies and Information Protection, Maksym Zalizniak Str., 3/6,
Kyiv, 03142, Ukraine
Abstract
The creation of secure random numbers is essential to cryptography since it guarantees key management,
encryption, and authentication. The pseudo randomness is provided by deterministic random bit generators
(DRBGs), among which Hash-DRBG, HMAC-DRBG, KHF-DRBG, AES-CTR DRBG, and TDEA-CTR DRBG
are important techniques specified in NIST standards. Their applicability for post quantum cryptography
(PQC), security characteristics, and architecture are all examined in this article. While Hash-DRBG and
KHF-DRBG provide a balance between efficiency and security, HMAC-DRBG and AES-CTR DRBG exhibit
robust resistance against state compromise. System needs determine whether deterministic random bit
generators (DRBG) is best, with computing cost, entropy management, and resistance to future
cryptographic attacks all being important considerations. Choosing the most secure and flexible
deterministic random bit generator will be crucial as cryptographic systems develop in order to maintain
long-term security in both conventional and post-quantum settings.
Keywords
quantum cryptography, post-quantum cryptography, random number, pseudo random number generator,
DRBG 1
1. Introduction
With the arrival of quantum encryption and post-quantum cryptography as defenses against the
exponential speed advantage of quantum computers, computing capabilities are being altered. The
difference between the speed at which quantum computing can tackle complicated issues and the
lengthy execution times of regular computers makes this shift critical. But as quantum computing
advances, questions are raised regarding the practicality of existing cryptographic techniques,
especially those that depend on RSA, which uses mathematical issues like integer factorization. Due
to their ability to solve complex mathematical problems quickly, large-scale quantum computers
outfitted with Shor's algorithm represent a serious threat to current public key cryptography
methods [1, 2].
Post-quantum cryptosystems are being developed to resist and defeat quantum assaults in
response to this looming issue. Since traditional asymmetric techniques like RSA may not be
sufficient to protect private information, the development of quantum technology demands the
ongoing search for robust post-quantum systems [3].
In order to foresee how quantum computing will affect cryptographic security, the National
Institute of Standards and Technology (NIST) is working to develop strong cryptographic algorithm
CH&CMiGIN’24: Third International Conference on Cyber Hygiene & Conflict Management in Global Information Networks,
January 24–27, 2024, Kyiv, Ukraine
∗
Corresponding author.
†
These authors contributed equally.
miavich@cu.edu.ge (M. Iavich); serhii.hnatiuk@npp.nau.edu.ua (S. Gnatyuk); tkuchukhidze@cu.edu.ge (T.
Kuchukhidze); giiashvili@cu.edu.ge (G. Iashvili)
0000-0002-3109-7971 (M. Iavich); 0000-0003-4992-0564 (S. Gnatyuk); 0000-0003-1997-465X (T. Kuchukhidze); 0000-
0002-1855-2669 (G. Iashvili)
© 2025 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
�standards that can withstand quantum computer attacks and safeguard private information in the
post-quantum computing era [4].
When it comes to encryption and security protocols, random bits are essential components of safe
cryptographic systems. In order to produce uniform random bits with complete entropy that are
independently dispersed and identically distributed, they should be made to be similar to an ideal
randomness source. It is difficult to accomplish this security objective, though, particularly in post-
quantum cryptography, which calls for a higher-quality and more accurate randomness source [5, 6].
Cryptographic systems are changing quickly due to quantum computing, especially those that
use traditional techniques that are susceptible to quantum assaults. As cryptography shifts to a post-
quantum paradigm, deterministic random bit generators (DRBGs) [7], which are crucial for safe key
generation, nonce creation, and digital signatures, require a reevaluation.
The DRBG uses a seed, which is a hidden beginning value, to generate a series of bits. Another
characteristic of a cryptographic DRBG is that, since the seed is unknown, the result is unexpected.
Other names for a DRBG include deterministic random number generator and pseudo-random
number generator (PRNG) [8]. With repeatability, dependability, and robust cryptographic security,
DRBGs provide an effective way to generate high-quality pseudorandom bits. Because of their
deterministic nature, they are also ideal for contexts with limited resources and embedded devices,
where true random number generators (TRNGs) would not be feasible.
Since quantum-safe alternatives are replacing conventional primitives like RSA or ECC in post-
quantum cryptography, DRBGs must adapt to produce secure randomness. Because of this shift,
DRBGs must be able to withstand quantum assaults on the algorithms they use in order to remain
dependable in a cryptography environment that is evolving quickly [9, 10].
The importance of DRBGs in cryptographic systems and how they have evolved to meet post-
quantum security standards are examined in this article. It demonstrates the integration of DRBGs
into post-quantum cryptography protocols and assesses the appropriateness of several DRBG types,
including hash-based and block cipher-based DRBGs, for quantum-resistant cryptography. Our goal
is to aid in the creation of safe cryptography systems for the post-quantum era by determining the
most reliable and workable methods.
2. Deterministic random bit generator (DRBG)
Generating safe and unexpected random numbers is crucial to current cryptography in order to
safeguard private data and maintain system integrity. The two basic approaches to designing random
bit generators are as follows: the first is non-deterministic, in which each bit of output is based on
an unpredictable physical process; the second computes bits deterministically by means of an
algorithm seeded with an initial value that provides enough entropy to ensure randomness. The
latter kind is known as deterministic random bit generators (DRBGs) or pseudo-random bit
generators [11]. PRBGs produce pseudo-random (as opposed to really random) bits because of their
determinism.
The method of creating random bits in DRBGs is split into two steps: a cryptographic algorithm
creates the output bits after an entropy source supplies an unexpected input string as a seed.
Cryptographic primitives such as stream ciphers, block ciphers, hash functions, and elliptic curves
are typically used as fundamental building blocks in real-world PRBGs. For example, Hash-DRBG,
HMAC-DRBG and other DRBGs are suggested by the updated NIST SP 800-90A standard [12] and
are based on authorized hash functions and block ciphers [13].
An input string with a guaranteed minimum entropy is used to seed a DRBG. It will produce
output bits that are computationally identical to ideal random bits if it is seeded correctly. Moreover,
output bits produced before to a compromise must be identical to ideal random bits ("backtracking
resistance" [14]) due to the possibility of a DRBG's internal state being compromised. Once enough
fresh entropy is supplied following a compromise, the DRBG needs to recover ("prediction
resistance") [15]. There has been criticism of the NIST SP 800-90A standard, particularly in relation
to the Dual_EC_DRBG algorithm's inclusion, which was shown to contain a backdoor [16].
�Additionally, the suggested DRBGs do not fit well into the typical security models of PRBGs since
they offer a wide range of alternate inputs and settings. Concerns have also been raised about the
inadequate formal study of these DRBGs and the absence of formal competition during the
standardization process.
DRBGs are typically built using other cryptographic primitives like stream ciphers, block ciphers,
or hash functions. For example, the bases for DRBGs are frequently AES, SHA-2, and SHA-3. The
ChaCha20 cipher is utilized for DRBG in Linux. The security, effectiveness, and appropriateness of
these DRBGs for post-quantum cryptography (PQC) are assessed. DRBGs may be roughly divided
into two types: block cipher-based DRBGs, which employ symmetric block ciphers like AES, and
hash-based DRBGs, which rely on cryptographic hash functions [17].
Secure procedures for deterministic random bit generation are defined by the NIST SP 800-90A
standard, which was initially published in June 2006 and updated in 2015 [18]. Significant changes
have been made to it, such as the elimination of the Dual_EC_DRBG algorithm because of security
issues. Due to possible backdoors that were purportedly created by the NSA and might enable
attackers to predict DRBG results, Dual_EC_DRBG had drawn criticism. The significance of public
review and transparent cryptography design was highlighted by that conflict.
Although there are a number of other DRBGs, not all of them are appropriate for PQC. Based on
modular arithmetic and quadratic residues, the Blum-Blum-Shub (BBS) generator squares an integer
modulo a product of two big primes to produce pseudorandom integers. Because it relies on integer
factorization, which is liable to quantum attacks, it is extremely slow and inappropriate for PQC even
if it is secure under conventional assumptions. Similar to this, the Dual_EC_DRBG generated
pseudorandom numbers using elliptic curve cryptography (ECC), but it was eliminated from NIST
standards because of flaws and inefficiency. ECC-based systems are not appropriate for PQC as, like
BBS, they are susceptible to Shor's algorithm.
Fortuna PRNG is a versatile pseudorandom number generator that employs the AES block cipher
for randomness and other entropy sources. Although it is not officially standardized, it is very
adaptable and impervious to governmental compromise. Depending on the block cipher being used,
its PQC applicability varies. When combined with AES-256, it can offer quantum resistance, although
it does not have explicit post-quantum security assurance [19].
ChaCha20-based DRBGs create pseudorandom numbers using the ChaCha20 stream cipher. They
are commonly used in contemporary cryptography frameworks and are renowned for their excellent
performance in software implementations. ChaCha20 was not created especially for quantum
resistance, and NIST has not standardized it as a DRBG. Although it is resistant to classical assaults,
the absence of formal analysis in the quantum setting results in a moderate PQC applicability
[20, 21].
We need to integrate quantum resistant DRBGs into post-quantum cryptography protocols and
assesses the appropriateness of several DRBG types, including hash-based and block cipher-based
DRBGs. Our goal is creating cryptography systems for the post-quantum cryptography by
determining the most reliable and workable methods.
3. Hash-based deterministic random bit generators
Since the production of keys is one of the most crucial aspects of defending a cryptographic system,
a random number generator is one of the most vital components. A pseudo random number
generator with characteristics that make it appropriate for use in cryptography systems for the
creation of keys is known as a cryptographically secure pseudorandom number generator
(CSPRNG) [22].
NIST SP 800-90A Rev.1 has a handful of these standards, including Hash_DRBG, HMAC_DRBG,
and CTR_DRBG. HMAC_DRBG and Hash_DRBG are both hash-based DRBGs. Every internal
Hash_DRBG process, including the instantiation, reseeding, and pseudorandom number generation
processes, uses a hash function. As a result, choosing the right hash function for the Hash_DRBG is
crucial. Only a few SHA families, including SHA1, SHA2 and SHA3 are available. According to earlier
�research, general assaults such brute force attacks, domain extender attacks, poisoned block attaches,
etc., can break SHA1 and earlier versions. So, it is very important to use quantum resistant hash
functions for our post quantum cryptography systems.
Hash-DRBG uses cryptographic hash methods like SHA-256 or SHA-3 to produce pseudo random
numbers. The approach is straightforward and ensures unpredictability by updating the internal
state after each output. Hash-DRBG produces pseudo random outputs by using cryptographic hash
methods like SHA-256 or SHA-3. It is suitable with lightweight cryptography systems because to its
efficiency and simplicity. It does not, however, have a keyed mechanism, making the internal state
susceptible to compromise. Although SHA-256 and SHA-3 are thought to be quantum-resistant, their
resilience is limited when compared to keyed DRBGs due to their dependence on hash function
strength alone. Furthermore, the main prerequisite for Hash-DRBG's security is pseudo randomness.
The pseudo random output is not directly weakened by collision resistance or preimage resistance,
despite the fact that these are desired characteristics.
The Hash-DRBG generation procedure consists of the following steps:
1. Revise the internal state:
= + 1. (1)
2. Calculate the output:
Returned_Bits = ( )‖ ( + 1)‖ … (2)
3. For the following iteration, update the internal state:
= + 1. (3)
where: : Internal state variable updated after each generation, : The hash function used
(e.g., SHA-256 or SHA-3).
This framework lowers the chance of compromise by updating the state with each output,
ensuring forward security. The stability of Hash-DRBG under appropriate initialization and
reseeding procedures is confirmed by security proofs, such as those presented by Woodage and
Shumow in 2019. Although Hash-DRBG is effective, it does not have a keyed mechanism, therefore
the strength of the hash function is the only factor affecting its security. When employing a quantum
resistant function such as SHA-3, it offers good applicability for PQC.
HMAC-DRBG uses a keyed hash function (HMAC) to improve the security of the DRBG process,
making it more resilient to backtracking and state compromise attacks. Hash-based Message
Authentication Codes (HMAC) are used by HMAC-DRBG to generate pseudo-random integers. For
increased security, it incorporates a keyed mechanism that is resistant to state compromise and
backtracking. The introduction of a second secret (key) in the HMAC procedure, which improves
security, is a significant distinction from Hash-DRBG. However, since recovering the key
undermines all outputs, resistance to key recovery assaults is essential. HMAC-DRBG is thought to
be particularly effective for PQC, while being computationally more costly.
The following is the HMAC-DRBG generation process:
1. Use HMAC to update the internal value:
= HMAC( , ). (4)
2. Determine the output by computing "Returned_Bits":
Returned_Bits − ‖HMAC( , + 1)‖ … (5)
3. Update the internal state:
= HMAC( , ). (6)
While is the value, is the internal key, and extra entropy is provided via optional input. This
guarantees resistance to internal state tampering and a strong pseudorandom output.
Because of its robust defense against key recovery attacks, HMAC-DRBG is regarded as extremely
safe and a great choice for post-quantum cryptography.
The Keyed Hash Function DRBG (KHF-DRBG) is comparable to HMAC-DRBG, but it applies the
key in a different way throughout the hashing process. KHF-DRBG offers a balance between security
�and efficiency by using a keyed hash function. When using more recent hash algorithms like SHA-
3, it maintains significant quantum resistance even though it lacks the advanced keyed mechanisms
of HMAC-DRBG. For systems that need to generate randomness in an efficient and safe manner, this
makes it a suitable option [23].
The structure of the generation process is as follows:
1. Utilizing the keyed hash function, update the internal state:
= ( ‖ ‖ input ). (7)
2. Create the output:
Returned_Bits − ( ‖ )‖ ( ‖ + 1)‖ … (8)
Although KHF-DRBG is effective and offers balanced security, its resilience to state compromise
is not as strong as that of HMAC-DRBG.
4. Block-based deterministic random bit generators
AES-CTR DRBG creates pseudo random numbers by using the AES block cipher in counter mode
(CTR). Grover's technique reduces the effective security of AES-256 to 128 bits while maintaining
good quantum resistance. In systems with hardware acceleration, it is quite effective, but for best
results, careful key management is needed. AES-CTR DRBG is a great option for post quantum
cryptography as it is widely trusted and extremely resilient to quantum attacks [24, 25].
The AES-CTR DRBG generation procedure is as follows:
1. The counter value should be encrypted:
Output = AES( , Counter ). (9)
2. Increment the counter:
Counter = Counter + 1. (10)
3. To get the pseudo random bits, concatenate the outputs:
Returned_Bits = Output ‖ Output ‖ … (11)
AES-CTR DRBG is a great option for post quantum cryptography with robust resilience to
quantum assaults since it leverages the well-established security of AES-256.
The TDEA-CTR DRBG employs the same counter-mode technique but substitutes Triple DES
(TDEA) for AES. Although it is compatible with older systems, it is susceptible to both quantum and
classical assaults because to its small 64-bit block size. Additionally, it performs worse than AES. For
post-quantum applications, TDEA-CTR DRBG is thus not advised.
The create procedure is as follows:
1. To encrypt the counter USEe TDEA:
Output = TDEA( , Counter ). (12)
2. Raise the counter:
Counter = Counter + 1. (13)
3. Concatenate outputs:
Returned_Bits = Output ‖ Output ‖ … (14)
Although TDEA-CTR DRBG ensures compatibility with older systems, its small 64-bit block size
makes it vulnerable to modern cryptographic techniques. It is not recommended for post-quantum
cryptography. There are inherent vulnerabilities in block cipher DRBGs due to their reliance on
pseudo random permutations. The unpredictability of outputs may be jeopardized since pseudo
random permutations, in contrast to random oracles, do not meet independence. Furthermore,
security is impacted by the output's length in relation to the block size, which typically makes block
cipher DRBGs less appropriate for cryptographic applications. Although resistance to key recovery
�attacks is a must, the basic drawbacks of pseudo random permutations still exist, even with secure
block ciphers like AES [26].
5. Comparison of DRBGs in post quantum cryptography
NIST SP 800-90A defines DRBG techniques that are claimed to be backtracking and prediction
resistant. Backtracking resistance makes ensuring that earlier outputs are safe even in the event that
the internal state is corrupted. Even if the internal state was known beforehand, prediction resistance
makes sure that the generator's outputs cannot be anticipated after reseeding with enough entropy.
These characteristics are essential to the security assurances that the standard offers [27].
The advantages, disadvantages, and Post Quantum Cryptography appropriateness of these five
DRBGs are compiled in Table 1.
Table 1
Comparison of DRBGs
DRBGs Type Strengths Weaknesses Post Quantum
Cryptography Suitability
HMAC- Robust security, Performance Excellent (Keyed structure
DRBG quantum-resistant overhead ensures state security)
Hash-DRBG High efficiency, simple Security assumptions, Moderate to Good (Strong
implementation no keyed protection hash function needed)
KHF-DRBG Balanced efficiency, Lacks HMAC-level Good (Efficient with
DRBG state protection modern hash functions)
AES-CTR Strong security, Implementation Excellent (AES-256 is
performance efficiency complexity quantum-resistant)
TDEA-CTR Legacy system Limited security, Poor (Not suitable for Post
compatibility performance Quantum Cryptography)
constraints
The design of DRBGs must rely on primitives that are safe even in the presence of quantum
adversaries in order to protect them against quantum threats. Selecting the best approach can be
aided by assessing the various DRBG types and their applicability for post-quantum cryptography.
These DRBGs use hash methods like SHA-256 or SHA-3 to produce random bits. They depend on
the underlying hashing function's cryptographic security. Newer hash functions like SHA-3 (based
on the Keccak algorithm) or quantum-resistant hash schemes can be utilized to offer higher security,
even if classical hash functions like SHA-256 may be susceptible to quantum assaults. Hash-based
DRBGs have several benefits, such as excellent performance, ease of use, and wide standardization.
Because hash functions can be readily improved or altered with little overhead, they are especially
well-suited for applications that need a balance between security and performance.
These DRBGs (AES-CTR, TDEA-CTR) generate random bits by using feedback modes of
symmetric block ciphers, including AES. DRBGs based on AES are specified by NIST SP 800-90A as
one of its standards. Grover's technique can decrease the effective security of AES by half the key
size, despite the fact that it is somewhat resistant to quantum attacks. AES-256 can offer a security
level equal to 128 bits in a quantum setting. Although block cipher-based DRBGs are more
extensively used and may be accelerated by hardware, their effective security against quantum
assaults is lower than that of other DRBG kinds. Systems that need legacy compatibility or have
hardware-optimized implementations are best suited for these DRBGs.
The cryptographic protocol, performance needs, and available resources are some of the variables
that influence the choice of DRBG. In light of the assessment:
• Hash-Based DRBGs provide a useful and adaptable solution, especially when SHA-3 or other
quantum-resistant hash functions are employed. For general-purpose applications, they are
perfect.
� • DRBGs based on block ciphers are appropriate for systems that require conformance to
current standards. AES-256 offers a respectable degree of quantum resistance, but it might
not be the most resilient choice in the long run.
6. Conclusions and future plans
Although they may appear to be a minor component of cryptography, random number generators
are among its most crucial elements. Without safe randomization, even the most robust
cryptographic systems might become susceptible due to predictable encryption keys. Because they
guarantee that cryptographic keys, signatures, and secure communications stay unexpected and safe
from assaults, deterministic random bit generators, or DRBGs, are crucial.
This article examined the use of five DRBG techniques for post-quantum cryptography: Hash-
DRBG, HMAC-DRBG, KHF-DRBG, AES-CTR DRBG, and TDEA-CTR DRBG. Although each has
advantages, HMAC-DRBG and AES-CTR DRBG are the most suitable options for this idea. Because
it employs a keyed technique to prevent attackers attempting to reconstruct its internal state,
HMAC-DRBG is very robust. Another great choice is AES-CTR DRBG, particularly when used AES-
256, because to its proven security and resilience to quantum assaults.
For systems that value efficiency, Hash-DRBG and KHF-DRBG are suitable substitutes;
nevertheless, they fall short of HMAC-DRBG in terms of security. However, TDEA-CTR DRBG is no
longer in use since it is more susceptible to contemporary assaults due to its lower 64-bit block size.
Threats are evolving along with technology. Many of the encryption techniques used today might
eventually be broken by quantum computers, so it's critical to plan ahead. A robust, secure DRBG is
an essential component of the post-quantum cryptography systems that cryptographers are now
developing. Selecting HMAC-DRBG or AES-CTR DRBG is the ideal strategy for enterprises and
developers creating safe systems to keep ahead of emerging security threats.
Acknowledgement
This work was supported by the Shota Rustaveli National Foundation of Georgia (YS-24-3272).
Declaration on Generative AI
The author(s) have not employed any Generative AI tools.
References
[1] D. R. L. Brown, Breaking RSA may be as difficult as factoring, Journal of Cryptology 29.1 (2016)
220–241.
[2] M. Sharma, et al., Leveraging the power of quantum computing for breaking RSA encryption,
Cyber-Physical Systems 7.2 (2021) 73–92.
[3] V. Kharchenko, I. Chyrka, Detection of airplanes on the ground using YOLO neural network,
in: Proceedings of 17th International Conference on Mathematical Methods in Electromagnetic
Theory (MMET), IEEE, Kyiv, Ukraine, 2018, pp. 294–297.
[4] G. Alagic, et al., Status report on the third round of the NIST post-quantum cryptography
standardization process, NIST Interagency/Internal Report, National Institute of Standards and
Technology, 2022. URL: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934458.
[5] M. Iavich, T. Kuchukhidze, R. Bocu, A Post-Quantum Digital Signature Using Verkle Trees and
Lattices. Symmetry 15(12) (2023) 2165.
[6] M. Iavich, T. Kuchukhidze, Digital Signature Design Using Verkle Tree, IVUS (2023) 83-91.
[7] W. Kan, Analysis of underlying assumptions in NIST DRBGs, Cryptology ePrint Archive (2007).
[8] J.S. Al-Azzeh, M. Al Hadidi, R.S. Odarchenko, S. Gnatyuk, Z. Shevchuk, Z. Hu, Analysis of self-
similar traffic models in computer networks, International Review on Modelling and
Simulations 10(5) (2017) 328–336. doi: 10.15866/iremos.v10i5.12009.
�[9] L. Crocetti, S. Di Matteo, P. Nannipieri, L. Fanucci, S. Saponara, Design and test of an integrated
random number generator with all-digital entropy source, Entropy 24(2) (2022) 139.
[10] L. Chen, et al., Report on post-quantum cryptography. Vol. 12. Gaithersburg, MD, USA: US
Department of Commerce, National Institute of Standards and Technology, 2016.
[11] H. Davis, M. D. Green, N. Heninger, K. Ryan, A. Suhl, On the possibility of a backdoor in the
Micali-Schnorr generator, in: Proceedings of IACR International Conference on Public-Key
Cryptography, Springer Nature, Cham, Switzerland, 2024, pp. 352–386.
[12] E. Barker, J. Kelsey, Nist special publication 800-90a: Recommendation for random number
generation using deterministic random bit generators (2012).
[13] National Institute of Standards and Technology. Recommendation for random number
generation using deterministic random bit generators (NIST SP 800-90A Rev. 1). U.S.
Department of Commerce, 2015. URL: https://doi.org/10.6028/NIST.SP.800-90Ar1.
[14] E. Barker, J. Kelsey, K. McKay, A. Roginsky, M. Sönmez Turan, Recommendation for random bit
generator (rbg) constructions (3rd draft) (No. NIST Special Publication (SP) 800-90C (Draft)).
National Institute of Standards and Technology (2022).
[15] M. J. Fischer, M. Paterson, E. Syta, On backtracking resistance in pseudorandom bit generation.
Technical Report TR-1466, 2012. URL: http://cs.yale.edu/publications/techreports/tr1466.pdf.
[16] V. Tkachuk, Y. Yechkalo, S. Semerikov, M. Kislova, Y. Hladyr, Using mobile ICT for online
learning during COVID-19 lockdown, Communications in Computer and Information Science,
1308 (2021) 46–67. doi: 10.1007/978-3-030-77592-6_3.
[17] Y. Dodis, et al., A formal treatment of backdoored pseudorandom generators, in: Proceedings of
Advances in Cryptology--EUROCRYPT 2015: 34th Annual International Conference on the
Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 2015, Proceedings, Part
I 34, Springer, Berlin, 2015, pp. 101–126.
[18] J. Woodage, D. Shumow, An analysis of NIST SP 800-90A, in: Proceedings of Advances in
Cryptology–EUROCRYPT 2019: 38th Annual International Conference on the Theory and
Applications of Cryptographic Techniques, Part II, Springer, Berlin, 2019, pp. 151–180.
[19] National Institute of Standards and Technology. Recommendation for random number
generation using deterministic random bit generators (NIST SP 800-90A Rev. 1). U.S.
Department of Commerce, 2015. URL: https://doi.org/10.6028/NIST.SP.800-90Ar1.
[20] N. Ferguson, B. Schneier, T. Kohno, Cryptography engineering: design principles and practical
applications, John Wiley & Sons, NY, 2011.
[21] Y. Nir, A. Langley, RFC 8439: ChaCha20 and Poly1305 for IETF Protocols, 2018.
[22] P. Kietzmann, T. C. Schmidt, M. Wählisch, A guideline on pseudorandom number generation
(PRNG) in the IoT, ACM Computing Surveys 54(6) (2021) 1–38.
[23] J. Kelsey, Five drbg algorithms based on hash functions and block ciphers, in: Presentation at
NIST Random Number Generation Workshop (2004).
[24] V. T. Hoang, Y. Shen, Security Analysis of NIST CTR-DRBG, in: Proceedings of Annual
International Cryptology Conference, Springer, Cham, 2020, pp. 218–247.
[25] S. Gnatyuk, T. Zhmurko, P. Falat, Efficiency Increasing Method for Quantum Secure Direct
Communication Protocols, in: Proceedings of the 2015 IEEE 8th International Conference on
Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications
(IDAACS’2015), IEEE, Warsaw, Poland, 2015, Vol. 1, рр. 468–472.
[26] M. Iavich, S. Gnatyuk, E. Jintcharadze, Yu. Polishchuk, R. Odarchenko, Hybrid Encryption Model
of AES and ElGamal Cryptosystems for Flight Control Systems, in: Proceedings of the 2018 IEEE
5th International Conference on Methods and Systems of Navigation and Motion Control, 2018,
IEEE, Kyiv, Ukraine, pp. 229–233.
[27] M. Iavich, T. Kuchukhidze, S. Gnatyuk, A. Fesenko, Novel certification method for quantum
random number generators, International Journal of Computer Network and Information
Security 13(3) (2021) 28–38.
�