THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and...
Transcript of THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and...
![Page 1: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/1.jpg)
SESSION ID:
THE NIST RANDOMNESS BEACON
ASEC-T07B
Rene Peralta
Computer Security Division National Institute of Standards and Technology.
![Page 2: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/2.jpg)
#RSAC
Outline of talk
What the Beacon is and isn’t.
Motivation and usage.
The bigger picture.
A verifiable source of random bits.
Summary.
2
![Page 3: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/3.jpg)
#RSAC
What this is not
This is not for generation of secret keys.
3
![Page 4: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/4.jpg)
#RSAC
What this is
Public randomness publish model
digitally signed and time-stamped
https://beacon.nist.gov/home
4
![Page 5: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/5.jpg)
#RSAC
Architecture
5
https interface (REST API) BEACON
ENGINE
ENTROPY
ENTROPY
firewall
repository
![Page 6: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/6.jpg)
#RSAC
Motivation
Public, time-bound randomness is a valuable resource
A standard for such a resource is needed so that others can set them up.
6
![Page 7: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/7.jpg)
#RSAC
Properties
Unpredictability
Autonomy
Consistency
“Forever” unforgeable public record
7
![Page 8: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/8.jpg)
#RSAC
Sample applications
Provably random sampling
Selective disclosures. This aligns with the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC)
8
![Page 9: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/9.jpg)
#RSAC
Selective Disclosure Scenario
Suppose authenticated and encrypted data about you exists somewhere
At a later time, a function of this data is required for a given transaction (e.g. F(DATA) = “over 21 or doctor authorization”)
A “discreet” proof that F holds can be constructed using the key and a string from the Beacon
9
DATA You have
![Page 10: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/10.jpg)
#RSAC
Can you trust it?
You don’t have to! can combine with other sources
can flip a few bits and hash it
a “cooked” number could only target one application
chained mode implies even an insider cannot undetectably change a previous output value
10
![Page 11: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/11.jpg)
#RSAC
Entropy
Currently using two independent commercial RNGs
We plan to implement a “verifiable source”. This is a collaborative project between NIST’s Information Technology and Physical Measurement laboratories.
11
![Page 12: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/12.jpg)
#RSAC
Verifiable quantum randomness source
12
Output uncorrelated with anything outside the apparatus.
Entanglement Source
Bell Test
![Page 13: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/13.jpg)
#RSAC
The bigger picture
We view this as a type of “trust anchor” for the Internet something that is hard to subvert for gain
a primitive that can be leveraged for many purposes
We hope it will encourage other such “anchors” e.g. bulletin boards, “after time x” timestamps…
my favorite one: a service that certifies that (0,0) is not among a set of bit commitments.
13
![Page 14: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/14.jpg)
#RSAC
Summary
We are enabling “verifiably random” sampling
The Beacon can simplify existing digital interactions and enable new ones
We hope people will find innovative ways of using it
We are working to develop the best randomness source in the world
Project page at http://www.nist.gov/itl/csd/ct/nist_beacon.cfm
14
![Page 15: THE NIST RANDOMNESS BEACON - RSA Conference · #RSAC Outline of talk What the Beacon is and isn’t. Motivation and usage. The bigger picture. A verifiable source of random bits.](https://reader031.fdocuments.net/reader031/viewer/2022022712/5c0357b509d3f2156d8c7215/html5/thumbnails/15.jpg)
THE NIST RANDOMNESS BEACON