标准摘要
[中文适用范围]: 包括各类信息安全产品和系统中涉及随机数生成的组件和模块。标准中详细描述了测试环境的构建、测试参数的设定、测试结果的评估方法,以及对随机位生成器的统计特性进行分析的具体步骤。此外,还涉及测试过程中所需的数据采集、处理和验证方式,以确保测试结果的准确性和可重复性。该标准为相关产品的开发、测试和认证提供了技术依据和操作指南。 ***此介绍可能不准确,请注意参考原文。 [外文原描述]: This document specifies a methodology for the evaluation of non-deterministic or deterministic random bit generators intended to be used for cryptographic applications. The provisions given in this document enable the vendor of an RBG to submit well-defined claims of security to an evaluation authority and shall enable an evaluator or a tester, for instance a validation authority, to evaluate, test, certify or reject these claims. This document is implementation-agnostic. Hence, it offers no specific guidance on design and implementation decisions for random bit generators. However, design and implementation issues influence the evaluation of an RBG in this document, for instance because it requires the use of a stochastic model of the random source and because any such model is supported by technical arguments pertaining to the design of the device at hand. Random bit generators as evaluated in this document aim to output bit strings that appear evenly distributed. Depending on the distribution of random numbers required by the consuming application, however, it is worth noting that additional steps can be necessary (and can well be critical to security) for the consuming application to transform the random bit strings produced by the RBG into random numbers of a distribution suitable to the application requirements. Such subsequent transformations are outside the scope of evaluations performed in this document.
英文名称Information technology - Security techniques - Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408