Jitter RNG
The CPU Jitter Random Number Generator provides a non-physical true random number generator that works equally in kernel and user land. The only prerequisite is the availability of a high-resolution timer that is available in modern CPUs.
It is the first software-based entropy source that is ready to provide:
-
with one configuration
-
an SP800-90B compliant entropy source, and
-
an AIS 20/31 NTG.1 compliant entropy source
at the same time after applying the SP800-90B configuration or the AIS 20/31 NTG.1 configuration and demonstrating the required entropy rate following the specified validation and test methodology.
Both NIST/CMVP and the German BSI confirmed that the Jitter RNG is eligible for the specified compliance claims. Note that the actual confirmation of such claims will only be applied for a particular instance of the Jitter RNG on a particular hardware after completing the testing provided with the Jitter RNG source code distribution.
GitHub Links
The source code of the following Jitter RNG components is publicly available:
-
Jitter RNG Userspace Library provides a shared library that a consuming application or other library can link to. The consumer is able to receive fresh entropy from the Jitter RNG library where the data is stored in a caller-provided buffer. This library is independent of and does not rely on the following implementation.
-
Jitter RNG Daemon is a Linux “rngd”. This rngd is a daemon that collects entropy and injects it by using an IOCTL into the Linux kernel via /dev/random. This daemon has a build-in copy of the Jitter RNG library and can be compiled standalone from the library and thus does not depend on the Jitter RNG library.
Validation-related Information
When using the Jitter RNG to complete an SP800-90B or NTG.1 validation, the following information is to be observed.
Version Information
The following version information is applicable for user space:
-
Latest version: 3.7.0
-
Active versions: >= 3.4.1
-
Deprecated versions: <= 3.4.0
The following version information is applicable for kernel space:
- Active versions: >= 3.4.0
Compliance Claim
The following compliance is claimed for the different versions when using with the applicable configuration:
| Jitter-RNG Version | SP800-90B Compliance | AIS 20/31 NTG.1 Compliance |
|---|---|---|
| >= 3.4.0 | compliant | not compliant |
| >= 3.7.0 | compliant | compliant |
Applied Conditioning Function
The following conditioning functions are implemented for the Jitter RNG:
| Jitter-RNG Version | Conditioning Function |
|---|---|
| >= 3.4.0 | SHA3-256 |
| >= 3.7.0 | Two serialized SHAKE-256 instances |
Documentation
The reference to the applicable documentation is given with the various releases.
The latest documentation applies to the current version.
The Jitter RNG v2.2.0 documentation documents the Jitter RNG copy found in older Linux kernels.
Request For Help
I am looking for CPUs that are not listed in appendix F of the documentation. If you happen to have such a CPU with a Unix-ish operating system and you want to help me to gather more evidence on the appropriateness of the CPU Jitter random number generator, please perform the following:
-
Get the current library source code, unpack it
-
cd <librarydir>/tests/raw_entropy/recording_userspace
-
execute invoke_testing.sh
-
Send the result of the execution found in the directory results_measurements to me
Archive with Test Results
The archive with all collected test data is available at this location.
Historic Releases
For older releases, see the Jitter RNG historic page.